set revocation server default to acme-v01.api.letsencrypt.org

9 years ago · b5fe91e33d
--- a/+ 15
+++ b/+ 15
@ -128,14 +128,16 @@
 # 2016-10-20 set secure permissions when generating account key (1.62)
 # 2016-10-20 set permsissions to 700 for getssl script during upgrade (1.63)
 # 2016-10-20 add option to revoke a certificate (1.64)
 # 2016-10-21 set revocation server default to acme-v01.api.letsencrypt.org (1.65)
 # ----------------------------------------------------------------------------------------

 PROGNAME=${0##*/}
 VERSION="1.64"
 VERSION="1.65"

 # defaults
 CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
 CA="https://acme-staging.api.letsencrypt.org"
 DEFAULT_REVOKE_CA="https://acme-v01.api.letsencrypt.org"
 ACCOUNT_KEY_LENGTH=4096
 WORKING_DIR=~/.getssl
 DOMAIN_KEY_LENGTH=4096
@ -501,7 +503,7 @@ help_message() { # print out the help message
 	  -h, --help      Display this help message and exit
 	  -q, --quiet     Quiet mode (only outputs on error, success of new cert, or getssl was upgraded)
 	  -Q, --mute      Like -q, but mutes notification about successful upgrade
 	  -r, --revoke cert key  Revoke a certificate ( the cert and key are required)
 	  -r, --revoke cert key  [CA_server] Revoke a certificate ( the cert and key are required)
 	  -u, --upgrade   Upgrade getssl if a more recent version is available
 	  -U, --nocheck   Do not check if a more recent version is available
 	  -w working_dir  Working directory
@ -608,9 +610,9 @@ revoke_certificate() { #revoke a certificate
  pub_exp64=$(openssl rsa -in "${REVOKE_KEY}" -noout -text | grep publicExponent | grep -oE "0x[a-f0-9]+" | cut -d'x' -f2 | hex2bin | urlbase64)
  pub_mod64=$(openssl rsa -in "${REVOKE_KEY}" -noout -modulus | cut -d'=' -f2 | hex2bin | urlbase64)
  TEMP_DIR=$(mktemp -d)
  debug "revoking $certfile"
  debug "revoking from $REVOKE_CA"
  rcertdata=$(openssl x509 -in "$REVOKE_CERT" -inform PEM -outform DER | urlbase64)
  send_signed_request "$CA/acme/revoke-cert" "{\"resource\": \"revoke-cert\", \"certificate\": \"$rcertdata\"}"
  send_signed_request "$REVOKE_CA/acme/revoke-cert" "{\"resource\": \"revoke-cert\", \"certificate\": \"$rcertdata\"}"
  if [[ $code -eq "200" ]]; then
    info "certificate revoked"
  else
@ -861,7 +863,9 @@ while [[ -n $1 ]]; do
     shift
     REVOKE_CERT="$1"
     shift
     REVOKE_KEY="$1" ;;
     REVOKE_KEY="$1"
     shift
     REVOKE_CA="$1" ;;
    -u | --upgrade)
     _UPGRADE=1 ;;
    -U | --nocheck)
@ -902,6 +906,12 @@ fi

 # Revoke a certificate
 if [[ $_REVOKE -eq 1 ]]; then
  if [[ -z $REVOKE_CA ]]; then
    REVOKE_CA=$DEFAULT_REVOKE_CA
  elif [[ "$REVOKE_CA" == "-d" ]]; then
    _USE_DEBUG=1
    REVOKE_CA=$DEFAULT_REVOKE_CA
  fi
  revoke_certificate
  graceful_exit
 fi