Steve Kennedy
2 years ago
committed by
Steve Kennedy
Steve Kennedy
92 changed files with 3563 additions and 424 deletions
Split View
Diff Options
-
+127 -0.github/workflows/release-and-package.yml
-
+29 -27.github/workflows/run-tests-pebble.yml
-
+7 -5.github/workflows/run-tests-staging-acmedns.yml
-
+3 -11.github/workflows/run-tests-staging-duckdns.yml
-
+3 -11.github/workflows/run-tests-staging-dynu.yml
-
+6 -4.github/workflows/shellcheck.yml
-
+2 -0.gitignore
-
+964 -0README
-
+547 -31README.md
-
+38 -0RELEASE.md
-
+48 -0common.shrc
-
+11 -0debbuild.patch
-
+8 -4dns_scripts/Cloudflare-README.md
-
+22 -12dns_scripts/dns_add_acmedns
-
+1 -1dns_scripts/dns_add_azure
-
+1 -1dns_scripts/dns_add_del_aliyun.sh
-
+7 -0dns_scripts/dns_add_dnsmasq
-
+1 -1dns_scripts/dns_add_dnspod
-
+1 -1dns_scripts/dns_add_duckdns
-
+1 -1dns_scripts/dns_add_godaddy
-
+50 -0dns_scripts/dns_add_hetzner
-
+86 -0dns_scripts/dns_add_hostway
-
+1 -1dns_scripts/dns_add_ionos
-
+44 -0dns_scripts/dns_add_ispconfig
-
+1 -1dns_scripts/dns_add_joker
-
+27 -16dns_scripts/dns_add_linode
-
+1 -1dns_scripts/dns_add_manual
-
+30 -0dns_scripts/dns_add_ns1
-
+1 -1dns_scripts/dns_add_nsupdate
-
+1 -1dns_scripts/dns_add_ovh
-
+1 -1dns_scripts/dns_add_pdns-mysql
-
+30 -0dns_scripts/dns_add_vultr
-
+39 -0dns_scripts/dns_add_windows_dns_server
-
+8 -35dns_scripts/dns_del_acmedns
-
+7 -0dns_scripts/dns_del_dnsmasq
-
+1 -1dns_scripts/dns_del_dnspod
-
+1 -1dns_scripts/dns_del_duckdns
-
+1 -1dns_scripts/dns_del_godaddy
-
+57 -0dns_scripts/dns_del_hetzner
-
+66 -0dns_scripts/dns_del_hostway
-
+1 -1dns_scripts/dns_del_ionos
-
+44 -0dns_scripts/dns_del_ispconfig
-
+1 -1dns_scripts/dns_del_joker
-
+29 -21dns_scripts/dns_del_linode
-
+1 -1dns_scripts/dns_del_manual
-
+26 -0dns_scripts/dns_del_ns1
-
+1 -1dns_scripts/dns_del_nsupdate
-
+1 -1dns_scripts/dns_del_ovh
-
+1 -1dns_scripts/dns_del_pdns-mysql
-
+26 -0dns_scripts/dns_del_vultr
-
+39 -0dns_scripts/dns_del_windows_dns_server
-
+15 -17dns_scripts/dns_godaddy
-
+140 -0dns_scripts/ispconfig_soap.php
-
+191 -100getssl
-
+3 -0getssl.crontab
-
+9 -0getssl.logrotate
-
+59 -0getssl.spec
-
+1 -1other_scripts/cpanel_cert_upload
-
+95 -0other_scripts/iis_install_certeficate.ps1
-
+49 -0test/0-test-usage.bats
-
+18 -6test/11-test--install.bats
-
+0 -33test/32-test-upgrade.bats
-
+214 -8test/34-ftp-passive.bats
-
+167 -0test/34-ftp-ports.bats
-
+1 -1test/40-cname-dns01-nslookup.bats
-
+32 -0test/41-show-account-id.bats
-
+1 -1test/Dockerfile-alpine
-
+1 -1test/Dockerfile-bash4-0
-
+1 -1test/Dockerfile-bash4-2
-
+1 -1test/Dockerfile-bash5-0
-
+1 -1test/Dockerfile-centos7
-
+1 -2test/Dockerfile-centos7-duckdns
-
+1 -2test/Dockerfile-centos7-dynu
-
+5 -1test/Dockerfile-centos8
-
+1 -1test/Dockerfile-debian
-
+1 -1test/Dockerfile-rockylinux8
-
+1 -1test/Dockerfile-ubuntu
-
+1 -1test/Dockerfile-ubuntu-acmedns
-
+1 -2test/Dockerfile-ubuntu-duckdns
-
+1 -2test/Dockerfile-ubuntu-dynu
-
+1 -1test/Dockerfile-ubuntu14
-
+1 -1test/Dockerfile-ubuntu16
-
+1 -1test/Dockerfile-ubuntu18
-
+5 -5test/README-Testing.md
-
+9 -4test/restart-ftpd
-
+3 -3test/restart-nginx
-
+8 -1test/run-test.cmd
-
+9 -0test/test-config/alpine-supervisord.conf
-
+44 -7test/test_helper.bash
-
+5 -5test/u1-test-get_auth_dns-dig.bats
-
+5 -5test/u2-test-get_auth_dns-drill.bats
-
+10 -10test/u7-test-get_auth_dns-nslookup.bats
+ 127
- 0
.github/workflows/release-and-package.yml
View File
| @ -0,0 +1,127 @@ | |||
| # ========================== | |||
| # Can test locally using act (https://github.com/nektos/act) | |||
| # ========================== | |||
| # ./bin/act -s GITHUB_TOKEN=<fine-grained-token> --directory runner --workflows "../.github/workflows/" -e ../payloads.json --no-skip-checkout -j deploy | |||
| # | |||
| # where payloads.json is: | |||
| # { | |||
| # "inputs": { | |||
| # "tags": "2.47" | |||
| # } | |||
| # } | |||
| # | |||
| # ========================== | |||
| # Can debug remotely on github actions instance by uncommenting the 'tmate' section below | |||
| # ========================== | |||
| name: Deploy getssl | |||
| on: | |||
| workflow_dispatch: | |||
| inputs: | |||
| tags: | |||
| description: 'Tag to deploy, e.g. 2.47' | |||
| required: true | |||
| type: string | |||
| jobs: | |||
| deploy: | |||
| runs-on: ubuntu-latest | |||
| steps: | |||
| - name: prepare | |||
| # Keep the outputs persistent outside the docker container to use for the other steps | |||
| run: | | |||
| mkdir -p ${{ github.workspace }}/bin | |||
| mkdir -p ${{ github.workspace }}/debbuild/BUILD | |||
| mkdir -p ${{ github.workspace }}/debbuild/DEBS/all | |||
| mkdir -p ${{ github.workspace }}/debbuild/SDEBS | |||
| mkdir -p ${{ github.workspace }}/debbuild/SOURCES | |||
| mkdir -p ${{ github.workspace }}/debbuild/SPECS | |||
| mkdir -p ${{ github.workspace }}/rpmbuild/SOURCES | |||
| mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/noarch | |||
| mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/SRPMS | |||
| - name: Checkout | |||
| uses: actions/checkout@v3 | |||
| with: | |||
| path: source | |||
| - name: Get version number | |||
| id: get_version | |||
| run: | | |||
| echo "VERSION=$(bash ${{ github.workspace }}/source/getssl --version)" >> $GITHUB_OUTPUT | |||
| - name: Get release | |||
| id: get_release | |||
| run: | | |||
| echo "RELEASE=$(grep Release source/getssl.spec | awk '{ print $2 }')" >> $GITHUB_OUTPUT | |||
| - name: Check version matches tag | |||
| run: | | |||
| if [ "${{ steps.get_version.outputs.VERSION }}" != "getssl V${{ github.event.inputs.tags }}" ]; then | |||
| echo "Version number in getssl (${{ steps.get_version.outputs.VERSION }}) does not match tag (getssl V${{ github.event.inputs.tags }})" | |||
| exit 1 | |||
| fi | |||
| - name: build .deb package | |||
| id: build_deb | |||
| run: | | |||
| sudo apt-get update -qq | |||
| sudo apt-get install --no-install-recommends -qq -y build-essential devscripts debhelper pax liblocale-gettext-perl wget | |||
| wget https://github.com/debbuild/debbuild/releases/download/22.02.1/debbuild_22.02.1-0ubuntu20.04_all.deb | |||
| sudo dpkg --install debbuild_22.02.1-0ubuntu20.04_all.deb | |||
| # Line 1959 has an extra ")" bracket | |||
| sudo chmod +w /usr/bin/debbuild | |||
| sudo patch /usr/bin/debbuild < ${GITHUB_WORKSPACE}/source/debbuild.patch | |||
| tar --absolute-names -czf ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz ${GITHUB_WORKSPACE}/source/* --transform "s,${GITHUB_WORKSPACE}/source,getssl-${{ github.event.inputs.tags }}," | |||
| tar --absolute-names -cf ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz --transform "s,${GITHUB_WORKSPACE},SOURCES," | |||
| tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,' | |||
| tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.spec --transform 's,^,SPECS/,' | |||
| ln -s ${GITHUB_WORKSPACE}/debbuild ${HOME}/debbuild | |||
| /usr/bin/debbuild -vv --install ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb | |||
| /usr/bin/debbuild -vv -ba ${GITHUB_WORKSPACE}/debbuild/SPECS/getssl.spec | |||
| echo "getssl_deb=${GITHUB_WORKSPACE}/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}_all.deb" >> $GITHUB_OUTPUT | |||
| # *** Uncomment this to debug remotely *** | |||
| # - name: Setup tmate session | |||
| # if: ${{ failure() }} | |||
| # uses: mxschmitt/action-tmate@v3 | |||
| - name: build .rpm package | |||
| id: build_rpm | |||
| if: ${{ success() }} | |||
| uses: addnab/docker-run-action@v3 | |||
| with: | |||
| image: rockylinux:8 | |||
| options: -v ${{ github.workspace }}:/root -e GITHUB_REF=${{ github.ref }} | |||
| run: | | |||
| yum install -y rpm-build make | |||
| tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/source/* --transform "s/root\/source\//getssl-${{ github.event.inputs.tags }}\//" | |||
| cp /root/source/getssl.crontab /root/rpmbuild/SOURCES | |||
| cp /root/source/getssl.logrotate /root/rpmbuild/SOURCES | |||
| rpmbuild -ba /root/source/getssl.spec | |||
| - name: output .rpm packages | |||
| id: output_rpm | |||
| if: ${{ success() }} | |||
| run: | | |||
| echo "getssl_rpm=${GITHUB_WORKSPACE}/rpmbuild/RPMS/noarch/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.noarch.rpm" >> $GITHUB_OUTPUT | |||
| echo "getssl_srpm=${GITHUB_WORKSPACE}/rpmbuild/SRPMS/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.src.rpm" >> $GITHUB_OUTPUT | |||
| - name: create_release | |||
| id: create_release | |||
| if: ${{ success() }} | |||
| uses: ncipollo/release-action@v1 | |||
| env: | |||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |||
| with: | |||
| tag: ${{ github.event.inputs.tags }} | |||
| name: Draft Release ${{ github.event.inputs.tags }} | |||
| generateReleaseNotes: true | |||
| draft: true | |||
| prerelease: false | |||
| artifacts: | | |||
| ${{ steps.build_deb.outputs.getssl_deb }} | |||
| ${{ steps.output_rpm.outputs.getssl_rpm }} | |||
| ${{ steps.output_rpm.outputs.getssl_srpm }} | |||
+ 29
- 27
.github/workflows/run-tests-pebble.yml
View File
+ 7
- 5
.github/workflows/run-tests-staging-acmedns.yml
View File
+ 3
- 11
.github/workflows/run-tests-staging-duckdns.yml
View File
+ 3
- 11
.github/workflows/run-tests-staging-dynu.yml
View File
+ 6
- 4
.github/workflows/shellcheck.yml
View File
+ 2
- 0
.gitignore
View File
+ 964
- 0
README
View File
| @ -0,0 +1,964 @@ | |||
| GETSSL | |||
| [Run all tests] [shellcheck] | |||
| Obtain SSL certificates from the letsencrypt.org ACME server. Suitable | |||
| for automating the process on remote servers. | |||
| Table of Contents | |||
| - Upgrade broken in v2.43 | |||
| - Features | |||
| - Overview | |||
| - Quick Start Guide | |||
| - Manual Installation | |||
| - Getting started | |||
| - Detailed guide to getting started with more examples | |||
| - Wildcard certificates | |||
| - ISPConfig | |||
| - Automating updates | |||
| - Structure | |||
| - Server-Types | |||
| - Revoke a certificate | |||
| - Elliptic curve keys | |||
| - Preferred Chain | |||
| - Include Root certificate in full chain | |||
| - Windows Server and IIS Support | |||
| - Building getssl as an RPM Package (Redhat/CentOS/SuSe/Oracle/AWS) | |||
| - Building getssl as a Debian Package (Debian/Ubuntu) | |||
| - Issues / problems / help | |||
| Upgrade broken in v2.43 | |||
| The automatic upgrade in v2.43 is broken as the url is incorrect. If you | |||
| have this version installed you’ll need to manually upgrade using: | |||
| curl --silent --user-agent getssl/manual https://raw.githubusercontent.com/srvrco/getssl/latest/getssl --output getssl | |||
| Features | |||
| - BASH - It runs on virtually all unix machines, including BSD, most | |||
| Linux distributions, macOS. | |||
| - GET CERTIFICATES FOR REMOTE SERVERS - The tokens used to provide | |||
| validation of domain ownership, and the certificates themselves can | |||
| be automatically copied to remote servers (via ssh, sftp or ftp for | |||
| tokens). The script doesn’t need to run on the server itself. This | |||
| can be useful if you don’t have access to run such scripts on the | |||
| server itself, e.g. if it’s a shared server. | |||
| - RUNS AS A DAILY CRON - so certificates will be automatically renewed | |||
| when required. | |||
| - AUTOMATIC CERTIFICATE RENEWALS | |||
| - CHECKS CERTIFICATES ARE CORRECTLY LOADED - After installation of a | |||
| new certificate it will test the port specified ( see Server-Types | |||
| for options ) that the certificate is actually being used correctly. | |||
| - AUTOMATICALLY UPDATES - The script can automatically update itself | |||
| with bug fixes etc if required. | |||
| - EXTENSIVELY CONFIGURABLE - With a simple configuration file for each | |||
| certificate it is possible to configure it exactly for your needs, | |||
| whether a simple single domain or multiple domains across multiple | |||
| servers on the same certificate. | |||
| - SUPPORTS HTTP AND DNS CHALLENGES - Full ACME implementation | |||
| - SIMPLE AND EASY TO USE | |||
| - DETAILED DEBUG INFO - Whilst it shouldn’t be needed, detailed debug | |||
| information is available. | |||
| - RELOAD SERVICES - After a new certificate is obtained then the | |||
| relevant services (e.g. apache/nginx/postfix) can be reloaded. | |||
| - ACME V1 AND V2 - Supports both ACME versions 1 and 2 (note ACMEv1 is | |||
| deprecated and clients will automatically use v2) | |||
| Overview | |||
| GetSSL was written in standard bash ( so it can be run on a server, a | |||
| desktop computer, or even a virtualbox) and add the checks, and | |||
| certificates to a remote server ( providing you have a ssh with key, | |||
| sftp or ftp access to the remote server). | |||
| ```getssl -h getssl ver. 2.36 Obtain SSL certificates from the | |||
| letsencrypt.org ACME server | |||
| Usage: getssl [-h|–help] [-d|–debug] [-c|–create] [-f|–force] [-a|–all] | |||
| [-q|–quiet] [-Q|–mute] [-u|–upgrade] [-X|–experimental tag] | |||
| [-U|–nocheck] [-r|–revoke cert key] [-w working_dir] [–preferred-chain | |||
| chain] domain | |||
| Options: -a, –all Check all certificates -d, –debug Output debug | |||
| information -c, –create Create default config files -f, –force Force | |||
| renewal of cert (overrides expiry checks) -h, –help Display this help | |||
| message and exit -i, –install Install certificates and reload service | |||
| -q, –quiet Quiet mode (only outputs on error, success of new cert, or | |||
| getssl was upgraded) -Q, –mute Like -q, but also mute notification about | |||
| successful upgrade -r, –revoke “cert” “key” [CA_server] Revoke a | |||
| certificate (the cert and key are required) -u, –upgrade Upgrade getssl | |||
| if a more recent version is available - can be used with or without | |||
| domain(s) -X –experimental tag Allow upgrade to a specified version of | |||
| getssl -U, –nocheck Do not check if a more recent version is available | |||
| -v –version Display current version of getssl -w working_dir “Working | |||
| directory” –preferred-chain “chain” Use an alternate chain for the | |||
| certificate ``` | |||
| Quick Start Guide | |||
| You can download precompiled RPM packages and Debian (DEB) packages from | |||
| the release page for this project, or you can manually build and install | |||
| the program from the git sources. | |||
| If you want to manually install the program from scratch with the git | |||
| sources rather than use the pre-compiled RPMS and DEB packages, or if | |||
| your target platform does not support Linux RPM or DEB packages, then | |||
| please skip to the section Manual Installation for instructions on | |||
| installing the getssl program manually. | |||
| Packages are provided in binary and source versions, and can be | |||
| downloaded and installed directly or rebuilt. Package types are Red Hat | |||
| Package Manager (RPM) packages and Debian (DEB) packages for binary | |||
| installation and Source RPM packages (SRPMS) and Debbuild SDEB packages | |||
| for source code installation. | |||
| RPM and DEB packages for each release include a binary architecture | |||
| specific package and a source package which can be downloaded and | |||
| built/rebuilt and which contains the source code. | |||
| For example, the release v2.47 contains the following packages in the | |||
| release section: | |||
| RPM BASED PACKAGES (REDHAT, CENTOS, SUSE, ORACLE LINUX, AWS LINUX) | |||
| - getssl-2.47-1.src.rpm (source) | |||
| - getssl-2.47-1.noarch.rpm (binary) | |||
| DEBIAN BASED PACKAGES (DEBIAN, UBUNTU) | |||
| - getssl-2.47-1.sdeb (source) | |||
| - getssl_2.47-1_all.deb (binary) | |||
| INSTALLING BINARY PACKAGES | |||
| To install the binary package with the rpm package manager for RedHat, | |||
| CentOS, SuSe, Oracle Linux, or AWS Linux distributions: | |||
| rpm -i getssl-2.47-1.noarch.rpm | |||
| To deinstall the RPM binary package: | |||
| rpm -e getssl | |||
| To install the binary package with the Debian dpkg package manager for | |||
| Debian and Ubuntu Linux distributions: | |||
| dpkg -i getssl_2.47-1_all.deb | |||
| To deinstall the Debian dpkg binary package: | |||
| dpkg -r getssl | |||
| INSTALLING SOURCE PACKAGES | |||
| To install the source package with the rpm package manager for RedHat, | |||
| CentOS, SuSe, Oracle Linux, or AWS Linux distributions: | |||
| rpm -i getssl-2.47-1.src.rpm | |||
| _(Note: rpm installs the source code files in /root/rpmbuild/ as top | |||
| directory for RedHat, CentOS, Oracle Linux, and AWS Linux platforms. | |||
| SuSe platforms install the source code files in /usr/src/packages/)_ | |||
| To install the source package with the Debbuild package tool for Debian | |||
| or Ubuntu Linux distributions: | |||
| debbuild -i getssl-2.47-1.sdeb | |||
| _(Note: Debbuild installs the source code files in /root/debbuild/ as | |||
| top directory)_ | |||
| One item of note is that SDEB packages are actually just tar.gz archives | |||
| renamed with an .sdeb file extension with the files organized into a | |||
| SPECS and SOURCES directory tree structure. Subsequently, an SDEB can | |||
| also be extracted and installed with the TAR -XVF COMMAND or the files | |||
| listed with the TAR -TVF COMMAND: | |||
| [root@localhost getssl]$ tar -tvf /root/debbuild/SDEBS/getssl-2.47-1.sdeb | |||
| -rw-r--r-- root/root 1772110 2022-10-12 20:42 SOURCES/getssl-2.47.tar.gz | |||
| -rw-r--r-- root/root 192 2022-08-02 15:02 SOURCES/getssl.crontab | |||
| -rw-r--r-- root/root 126 2022-08-02 15:02 SOURCES/getssl.logrotate | |||
| -rw-r--r-- root/root 1537 2022-08-02 15:02 SPECS/getssl.spec | |||
| [root@localhost getssl]$ | |||
| For building or rebuilding RPMS or DEB Packages after you have installed | |||
| the associated source packages on your platform, refer to the following: | |||
| - Building getssl as an RPM Package (Redhat/CentOS/SuSe/Oracle/AWS) | |||
| - Building getssl as a Debian Package (Debian/Ubuntu) | |||
| Manual Installation | |||
| Since the script is only one file, you can use the following command for | |||
| a quick installation of GetSSL only: | |||
| curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > getssl ; chmod 700 getssl | |||
| This will copy the getssl Bash script to the current location and change | |||
| the permissions to make it executable for you. | |||
| For a more comprehensive installation (e.g. install also helper scripts) | |||
| use the provided Makefile with each release tarball. Use the install | |||
| target. | |||
| You’ll find the latest version in the git repository: | |||
| git clone https://github.com/srvrco/getssl.git | |||
| For Arch Linux there are packages in the AUR, see here and there. | |||
| If you use puppet, there is a GetSSL Puppet module by dthielking | |||
| Getting started | |||
| Once you have obtained the script (see Installation above), the next | |||
| step is to use | |||
| ./getssl -c yourdomain.com | |||
| where yourdomain.com is the primary domain name that you want to create | |||
| a certificate for. This will create the following folders and files. | |||
| ~/.getssl | |||
| ~/.getssl/getssl.cfg | |||
| ~/.getssl/yourdomain.com | |||
| ~/.getssl/yourdomain.com/getssl.cfg | |||
| You can then edit ~/.getssl/getssl.cfg to set the values you want as the | |||
| default for the majority of your certificates. | |||
| Then edit ~/.getssl/yourdomain.com/getssl.cfg to have the values you | |||
| want for this specific domain (make sure to uncomment and specify | |||
| correct ACL option, since it is required). | |||
| You can then just run: | |||
| getssl yourdomain.com | |||
| and it should run, providing output like: | |||
| Registering account | |||
| Verify each domain | |||
| Verifying yourdomain.com | |||
| Verified yourdomain.com | |||
| Verifying www.yourdomain.com | |||
| Verified www.yourdomain.com | |||
| Verification completed, obtaining certificate. | |||
| Certificate saved in /home/user/.getssl/yourdomain.com/yourdomain.com.crt | |||
| The intermediate CA cert is in /home/user/.getssl/yourdomain.com/chain.crt | |||
| copying domain certificate to ssh:server5:/home/yourdomain/ssl/domain.crt | |||
| copying private key to ssh:server5:/home/yourdomain/ssl/domain.key | |||
| copying CA certificate to ssh:server5:/home/yourdomain/ssl/chain.crt | |||
| reloading SSL services | |||
| THIS WILL (BY DEFAULT) USE THE STAGING SERVER, SO SHOULD GIVE YOU A | |||
| CERTIFICATE THAT ISN’T TRUSTED ( FAKE LET’S ENCRYPT). Change the server | |||
| in your config file to get a fully valid certificate. | |||
| NOTE: Verification is done via port 80 (http), port 443 (https) or dns. | |||
| The certificate can be used (and checked with getssl) on alternate | |||
| ports. | |||
| Detailed guide to getting started with more examples | |||
| Guide to getting a certificate for example.com and www.example.com | |||
| Wildcard certificates | |||
| getssl supports creating wildcard certificates, i.e. __.example.com_ | |||
| which allows a single certificate to be used for any domain under | |||
| _example.com_, e.g. _www.example.com_, _mail.example.com*. These must be | |||
| validated using the dns-01 method. | |||
| A _partial_ example getssl.cfg file is: | |||
| VALIDATE_VIA_DNS=true | |||
| export CPANEL_USERNAME='' | |||
| export CPANEL_URL='https://www.cpanel.host:2083' | |||
| export CPANEL_APITOKEN='1ABC2DEF3GHI4JKL5MNO6PQR7STU8VWX9YZA' | |||
| DNS_ADD_COMMAND=/home/root/getssl/dns_scripts/dns_add_cpanel | |||
| DNS_DEL_COMMAND=/home/root/getssl/dns_scripts/dns_del_cpanel | |||
| ISPConfig | |||
| There is a need to create a remote user in ISPConfig to enable the | |||
| remote API access. | |||
| You need to go to System -> Remote Users and then enable the features | |||
| for the remote user such as DNS zone functions. | |||
| PHP is required to exeucte soap functions in file ispconfig_soap.php. | |||
| DNS_ADD_COMMAND="/home/root/getssl/dns_scripts/dns_add_ispconfig" | |||
| DNS_DEL_COMMAND="/home/root/getssl/dns_scripts/dns_del_ispconfig" | |||
| export ISPCONFIG_REMOTE_USER_NAME="ussename" | |||
| export ISPCONFIG_REMOTE_USER_PASSWORD="password" | |||
| export ISPCONFIG_SOAP_LOCATION="https://localhost:8080/remote/index.php" | |||
| export ISPCONFIG_SOAP_URL="https://localhost:8080/remote/" | |||
| Create the wildcard certificate (need to use quotes to prevent | |||
| globbing): | |||
| getssl "*.example.domain" | |||
| You can renew the certificate using getssl -a to renew all configured | |||
| certificates. | |||
| You can also specify additional domains in the SANS line, e.g. | |||
| SANS="www.test.example.com". This cannot contain any of the domains | |||
| which would be covered by the wildcard certificate. | |||
| Automating updates | |||
| I use the following CRON job | |||
| 23 5 * * * /root/scripts/getssl -u -a -q | |||
| The cron will automatically update getssl and renew any certificates, | |||
| only giving output if there are issues / errors. | |||
| - The -u flag updates getssl if there is a more recent version | |||
| available. | |||
| - The -a flag automatically renews any certificates that are due for | |||
| renewal. | |||
| - The -q flag is “quiet” so that it only outputs and emails me if | |||
| there was an error / issue. | |||
| Structure | |||
| The design aim was to provide flexibility in running the code. The | |||
| default working directory is ~/.getssl (which can be modified via the | |||
| command line). | |||
| Within the WORKING DIRECTORY is a config file getssl.cfg which is a | |||
| simple bash file containing variables, an example of which is: | |||
| # Uncomment and modify any variables you need | |||
| # The staging server is best for testing (hence set as default) | |||
| CA="https://acme-staging-v02.api.letsencrypt.org" | |||
| # This server issues full certificates, however has rate limits | |||
| #CA="https://acme-v02.api.letsencrypt.org" | |||
| AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" | |||
| # Set an email address associated with your account - generally set at account level rather than domain. | |||
| ACCOUNT_EMAIL="me@example.com" | |||
| ACCOUNT_KEY_LENGTH=4096 | |||
| ACCOUNT_KEY="/home/user/.getssl/account.key" | |||
| PRIVATE_KEY_ALG="rsa" | |||
| # The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits. | |||
| RENEW_ALLOW="30" | |||
| # openssl config file. The default should work in most cases. | |||
| SSLCONF="/usr/lib/ssl/openssl.cnf" | |||
| then, within the WORKING DIRECTORY there will be a folder for each | |||
| certificate (based on its domain name). Within that folder will be a | |||
| config file (again called getssl.cfg). An example of which is: | |||
| # Uncomment and modify any variables you need | |||
| # see https://github.com/srvrco/getssl/wiki/Config-variables for details | |||
| # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs | |||
| # | |||
| # The staging server is best for testing | |||
| #CA="https://acme-staging-v02.api.letsencrypt.org" | |||
| # This server issues full certificates, however has rate limits | |||
| #CA="https://acme-v02.api.letsencrypt.org" | |||
| #AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" | |||
| PRIVATE_KEY_ALG="rsa" | |||
| # Additional domains - this could be multiple domains / subdomains in a comma separated list | |||
| SANS="www.example.org" | |||
| # Acme Challenge Location. The first line for the domain, the following ones for each additional domain. | |||
| # If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. | |||
| # An ssh key will be needed to provide you with access to the remote server. | |||
| # Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. | |||
| # If left blank, the username on the local server will be used to authenticate against the remote server. | |||
| # If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location | |||
| # These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" | |||
| # where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. | |||
| #ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||
| # 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||
| # 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||
| # 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge') | |||
| # Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL | |||
| DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt" | |||
| DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key" | |||
| #CA_CERT_LOCATION="/etc/ssl/chain.crt" | |||
| #DOMAIN_CHAIN_LOCATION="" this is the domain cert and CA cert | |||
| #DOMAIN_PEM_LOCATION="" this is the domain_key. domain cert and CA cert | |||
| # The command needed to reload apache / nginx or whatever you use. | |||
| # Several (ssh) commands may be given using a bash array: | |||
| # RELOAD_CMD=('ssh:sshuserid@server5:systemctl reload httpd' 'logger getssl for server5 efficient.') | |||
| RELOAD_CMD="service apache2 reload" | |||
| # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, | |||
| # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which | |||
| # will be checked for certificate expiry and also will be checked after | |||
| # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true | |||
| #SERVER_TYPE="https" | |||
| #CHECK_REMOTE="true" | |||
| If a location for a file starts with ssh: it is assumed the next part of | |||
| the file is the hostname, followed by a colon, and then the path. Files | |||
| will be securely copied using scp, and it assumes that you have a key on | |||
| the server (for passwordless access). You can set the user, port etc for | |||
| the server in your .ssh/config file. | |||
| If an ACL starts with ftp: or sftp: it as assumed that the line is in | |||
| the format “ftp:UserID:Password:servername:/path/to/acme-challenge”. | |||
| sftp requires sshpass. Note: FTP can be used for copying tokens only and | |||
| can NOT be used for uploading private key or certificates as it’s not a | |||
| secure method of transfer. | |||
| ssh can also be used for the reload command if using on remote servers. | |||
| Multiple locations can be defined for a file by separating the locations | |||
| with a semi-colon. | |||
| A typical config file for example.com and www.example.com on the same | |||
| server would be: | |||
| # uncomment and modify any variables you need | |||
| # The staging server is best for testing | |||
| CA="https://acme-staging-v02.api.letsencrypt.org" | |||
| # This server issues full certificates, however has rate limits | |||
| #CA="https://acme-v02.api.letsencrypt.org" | |||
| # additional domains - this could be multiple domains / subdomains in a comma separated list | |||
| SANS="www.example.com" | |||
| #Acme Challenge Location. The first line for the domain, the following ones for each additional domain | |||
| ACL=('/var/www/example.com/web/.well-known/acme-challenge') | |||
| USE_SINGLE_ACL="true" | |||
| DOMAIN_CERT_LOCATION="/etc/ssl/example.com.crt" | |||
| DOMAIN_KEY_LOCATION="/etc/ssl/example.com.key" | |||
| CA_CERT_LOCATION="/etc/ssl/example.com.bundle" | |||
| RELOAD_CMD="service apache2 reload" | |||
| Server-Types | |||
| OpenSSL has built-in support for getting the certificate from a number | |||
| of SSL services these are available in getssl to check if the | |||
| certificate is installed correctly | |||
| Server-Type Port Extra | |||
| ------------------ ------ -------------- | |||
| https 443 | |||
| ftp 21 FTP Explicit | |||
| ftpi 990 FTP Implicit | |||
| imap 143 StartTLS | |||
| imaps 993 | |||
| pop3 110 StartTLS | |||
| pop3s 995 | |||
| smtp 25 StartTLS | |||
| smtps_deprecated 465 | |||
| smtps 587 StartTLS | |||
| smtp_submission 587 StartTLS | |||
| xmpp 5222 StartTLS | |||
| xmpps 5269 | |||
| ldaps 636 | |||
| port number | |||
| Revoke a certificate | |||
| In general revoking a certificate is not required. | |||
| Usage: getssl -r path/to/cert path/to/key [CA_server] | |||
| You need to specify both the certificate you want to revoke, and the | |||
| account or private domain key which was used to sign / obtain the | |||
| original certificate. The CA_server is an optional parameter and | |||
| defaults to Let’s Encrypt (“https://acme-v02.api.letsencrypt.org”) as | |||
| that is currently the only Certificate Authority using the ACME | |||
| protocol. | |||
| Elliptic curve keys | |||
| You can use Elliptic curve keys for both the account key and the domain | |||
| key (different of course, don’t use the same key for both). prime256v1 | |||
| (NIST P-256) and secp384r1 (NIST P-384) are both fully supported. | |||
| secp521r1 (NIST P-521) is included in the code, but not currently | |||
| supported by Let’s Encrypt). | |||
| Preferred Chain | |||
| If a CA offers multiple chains then it is possible to select which chain | |||
| is used by using the PREFERRED_CHAIN variable in getssl.cfg or | |||
| specifying --preferred-chain in the call to getssl | |||
| This uses wildcard matching so requesting “X1” returns the first | |||
| certificate returned by the CA which contains the text “X1”, Note you | |||
| may need to escape any characters which special characters, e.g. | |||
| PREFERRED_CHAIN="\(STAGING\) Doctored Durian Root CA X3" | |||
| - Staging options are: “(STAGING) Doctored Durian Root CA X3” and | |||
| “(STAGING) Pretend Pear X1” | |||
| - Production options are: “ISRG Root X1” and “ISRG Root X2” | |||
| Include Root certificate in full chain | |||
| Some servers, including those that use Java keystores, will not accept a | |||
| server certificate if it cannot valid the full chain of signers. | |||
| Specifically, Nutanix Prism (Element and Central) will not accept the | |||
| fullchain.crt until the root CA’s certificate has been appended to it | |||
| manually. | |||
| If your application requires the full chain, i.e. including the root | |||
| certificate of the CA, then this can be included in the fullchain.crt | |||
| file by adding the following line to getssl.cfg | |||
| FULL_CHAIN_INCLUDE_ROOT="true" | |||
| Windows Server and IIS Support | |||
| SYSTEM AND SOFTWARE REQUIREMENTS: | |||
| - Windows Server with DNS and IIS services | |||
| - One of | |||
| - WSL Windows Sub for Linux | |||
| - Ubuntu or any other distro | |||
| - gettssl can be installed inside WSL or using /mnt/ path to | |||
| windows | |||
| - Bash - gettssl should be installed in Windows | |||
| - Git Bash - https://git-scm.com/downloads | |||
| - Rtools4.0 - https://cran.r-project.org/bin/windows/Rtools/ | |||
| WSL | |||
| - Installing and configuring WSL 2 | |||
| - Add remove Windows features and choose “Windows for sub Linux” | |||
| - Install a distro like Ubuntu or any other Linux platform | |||
| - If newly added to the system a reboot is required to | |||
| continue | |||
| - wsl –install -d ubuntu | |||
| - Any user will work | |||
| - Copying files to WSL | |||
| - From Windows open Windows Explorer and browse to | |||
| \\wsl$\Ubuntu\home\user\ and then place the getssl files | |||
| and folders .getssl and getssl into users home directory | |||
| \\wsl$\Ubuntu\home\user\.getssl . or in Windows | |||
| - Open cmd in Widnows and type | |||
| wsl -d Ubuntu /bin/bash /home/UserName/getssl/getssl domain.eu && exit | |||
| - Using a specific distro if not set as default in WSL then | |||
| use the wsl -d distro command | |||
| NOTES: | |||
| - While configuring WSL please do check the /etc/hosts file if the | |||
| IP of the domain is correct since it overrides the DNS server. | |||
| - Make sure running version 2. | |||
| GIT BASH - MINGW64_NT | |||
| - Install git GIT Bash | |||
| - "C:\Program Files\Git\bin\bash.exe" --login -i -- path_to/getssl/getssl domain.eu | |||
| RTOOLS BASH - MSYS_NT | |||
| - Make sure that the path of \rtools42\usr\bin in Windows system | |||
| environment variables is right before c:\windows\system32\ so that | |||
| getssl will use the Rtools applications instead of Windows | |||
| applications such as sort.exe that crashes or speify full path to | |||
| sort. | |||
| - \rtools42\usr\bin\bash.exe \Users\Administrator\getssl\getssl domain.eu 2>&1 1>out.txt | |||
| UPDATING DNS TXT RECORDS | |||
| - Using PowerShell to add and delete _acme-challenge records | |||
| - dns_add_windows_dnsserver | |||
| - dns_del_windows_dnsserver | |||
| NOTES: The script supports optional second level TLDs. | |||
| sub.domain.co.uk You can update the reqexp .(co|com).uk to fit your | |||
| needs. | |||
| IIS INTERNET INFORMATION SERVICE | |||
| - Under folder other_scripts you can find a PowerSheell script | |||
| iis_install_certeficate.ps1 which generates PFX certificate to be | |||
| installed in IIS and binds the domains to the PFX certificate. | |||
| - WSL | |||
| - RELOAD_CMD=("powershell.exe -ExecutionPolicy Bypass -File "\\\\wsl$\\Ubuntu\\home\\user\\getssl\\other_scripts\\iis_install_certeficate.ps1" "domain.eu" "IIS SiteName" "\\\\wsl$\\Ubuntu\\home\\user\\ssl\\" "path_to_ssl_dir" ) | |||
| - GIT and Rtools4 Bash | |||
| - RELOAD_CMD=("powershell.exe /c/Users/Administrator/getssl/other_scripts/iis_install_certeficate.ps1 domain.eu domain path_to_ssl_dir") | |||
| Building as an RPM Package | |||
| In order to build getssl as an RPM, the program must be compressed into | |||
| a tar.gz file and the tar.gz file named to match the versioning | |||
| information contained in the associated .spec file. | |||
| Spec files are special files which contain instructions on how to build | |||
| a particular package from a source code archive. On Red Hat, CentOS, | |||
| Oracle Linux, and AWS Linux systems, RPMS are built in the | |||
| /root/rpmbuild/ top directory. SuSe systems build RPMS in the | |||
| /usr/src/packages/ as top directory. These “top directories” will | |||
| contain BUILD, BUILDROOT, SPECS, RPMS, SRPMS, and SOURCES | |||
| subdirectories. | |||
| The SPECS directory contains the *.spec files used to build RPMS and | |||
| SRPMS packages. The SOURCES subdirectory will contain the soure code | |||
| archive file referred to in the *.spec file used to build the RPM | |||
| package. | |||
| See the Quick Start Guide on instructions for installing the source rpm | |||
| which installs both the .spec file and source archive file (tar.gz) into | |||
| the rpm build top directory (i.e. /root/rpmbuild/). You should have | |||
| previously installed the src.rpm file before attempting to build the | |||
| rpm. You can also manually install the .spec file into the <top | |||
| directory>/SPECS/ directory and the source code tarball in the <top | |||
| directory/SOURCES/ directory, then attempt to build the rpm package. | |||
| To build getssl using the rpm tool, change directories (cd) into the | |||
| /root/rpmbuild/SPECS/ directory (/usr/src/packages/SPECS/ for SuSe) and | |||
| enter the following command: | |||
| rpmbuild -ba getssl.spec <enter> | |||
| The program should output the following if the build is successful and | |||
| verify that the program wrote both the RPMS and SRPMS packages: | |||
| Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.BYQw0V | |||
| + umask 022 | |||
| + cd /root/rpmbuild/BUILD | |||
| + cd /root/rpmbuild/BUILD | |||
| + rm -rf getssl-2.47 | |||
| + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/getssl-2.47.tar.gz | |||
| + /usr/bin/tar -xof - | |||
| + STATUS=0 | |||
| + '[' 0 -ne 0 ']' | |||
| + cd getssl-2.47 | |||
| + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . | |||
| + exit 0 | |||
| Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.xpA456 | |||
| + umask 022 | |||
| + cd /root/rpmbuild/BUILD | |||
| + cd getssl-2.47 | |||
| + exit 0 | |||
| Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.zQs24R | |||
| + umask 022 | |||
| + cd /root/rpmbuild/BUILD | |||
| + '[' /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 '!=' / ']' | |||
| + rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| ++ dirname /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| + mkdir -p /root/rpmbuild/BUILDROOT | |||
| + mkdir /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| + cd getssl-2.47 | |||
| + '[' -n /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 -a /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 '!=' / ']' | |||
| + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin | |||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts | |||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts | |||
| + /usr/bin/make DESTDIR=/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 install | |||
| mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| install -Dvm755 getssl /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin/getssl | |||
| 'getssl' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin/getssl' | |||
| install -dvm755 /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl | |||
| for dir in *_scripts; do install -dv /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/$dir; install -pv $dir/* /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/$dir/; done | |||
| 'dns_scripts/Azure-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/Azure-README.txt' | |||
| 'dns_scripts/Cloudflare-README.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/Cloudflare-README.md' | |||
| 'dns_scripts/DNS_IONOS.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/DNS_IONOS.md' | |||
| 'dns_scripts/DNS_ROUTE53.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' | |||
| 'dns_scripts/GoDaddy-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' | |||
| 'dns_scripts/dns_add_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_acmedns' | |||
| 'dns_scripts/dns_add_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_azure' | |||
| 'dns_scripts/dns_add_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' | |||
| 'dns_scripts/dns_add_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_clouddns' | |||
| 'dns_scripts/dns_add_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cloudflare' | |||
| 'dns_scripts/dns_add_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cpanel' | |||
| 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' | |||
| 'dns_scripts/dns_add_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dnspod' | |||
| 'dns_scripts/dns_add_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_duckdns' | |||
| 'dns_scripts/dns_add_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dynu' | |||
| 'dns_scripts/dns_add_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_godaddy' | |||
| 'dns_scripts/dns_add_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_hostway' | |||
| 'dns_scripts/dns_add_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ionos' | |||
| 'dns_scripts/dns_add_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ispconfig' | |||
| 'dns_scripts/dns_add_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_joker' | |||
| 'dns_scripts/dns_add_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_lexicon' | |||
| 'dns_scripts/dns_add_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_linode' | |||
| 'dns_scripts/dns_add_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_manual' | |||
| 'dns_scripts/dns_add_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_nsupdate' | |||
| 'dns_scripts/dns_add_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ovh' | |||
| 'dns_scripts/dns_add_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' | |||
| 'dns_scripts/dns_add_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_vultr' | |||
| 'dns_scripts/dns_add_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' | |||
| 'dns_scripts/dns_del_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_acmedns' | |||
| 'dns_scripts/dns_del_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_azure' | |||
| 'dns_scripts/dns_del_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' | |||
| 'dns_scripts/dns_del_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_clouddns' | |||
| 'dns_scripts/dns_del_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cloudflare' | |||
| 'dns_scripts/dns_del_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cpanel' | |||
| 'dns_scripts/dns_del_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dnspod' | |||
| 'dns_scripts/dns_del_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_duckdns' | |||
| 'dns_scripts/dns_del_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dynu' | |||
| 'dns_scripts/dns_del_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_godaddy' | |||
| 'dns_scripts/dns_del_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_hostway' | |||
| 'dns_scripts/dns_del_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ionos' | |||
| 'dns_scripts/dns_del_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ispconfig' | |||
| 'dns_scripts/dns_del_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_joker' | |||
| 'dns_scripts/dns_del_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_lexicon' | |||
| 'dns_scripts/dns_del_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_linode' | |||
| 'dns_scripts/dns_del_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_manual' | |||
| 'dns_scripts/dns_del_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_nsupdate' | |||
| 'dns_scripts/dns_del_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ovh' | |||
| 'dns_scripts/dns_del_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' | |||
| 'dns_scripts/dns_del_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_vultr' | |||
| 'dns_scripts/dns_del_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' | |||
| 'dns_scripts/dns_freedns.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_freedns.sh' | |||
| 'dns_scripts/dns_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_godaddy' | |||
| 'dns_scripts/dns_route53.py' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_route53.py' | |||
| 'dns_scripts/ispconfig_soap.php' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/ispconfig_soap.php' | |||
| 'other_scripts/cpanel_cert_upload' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts/cpanel_cert_upload' | |||
| 'other_scripts/iis_install_certeficate.ps1' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' | |||
| + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.crontab /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/etc/cron.d/getssl | |||
| + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.logrotate /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/etc/logrotate.d/getssl | |||
| + /usr/lib/rpm/check-buildroot | |||
| + /usr/lib/rpm/redhat/brp-ldconfig | |||
| /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory | |||
| + /usr/lib/rpm/brp-compress | |||
| + /usr/lib/rpm/brp-strip /usr/bin/strip | |||
| + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump | |||
| + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip | |||
| + /usr/lib/rpm/brp-python-bytecompile '' 1 | |||
| + /usr/lib/rpm/brp-python-hardlink | |||
| + /usr/bin/true | |||
| Processing files: getssl-2.47-1.noarch | |||
| Provides: getssl = 2.47-1 | |||
| Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh | |||
| Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 | |||
| Requires(pre): /bin/sh | |||
| Requires(post): /bin/sh | |||
| Requires(preun): /bin/sh | |||
| Requires(postun): /bin/sh | |||
| Requires: /bin/bash /usr/bin/env | |||
| Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| Wrote: /root/rpmbuild/SRPMS/getssl-2.47-1.src.rpm | |||
| Wrote: /root/rpmbuild/RPMS/noarch/getssl-2.47-1.noarch.rpm | |||
| Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.hgma8Q | |||
| + umask 022 | |||
| + cd /root/rpmbuild/BUILD | |||
| + cd getssl-2.47 | |||
| + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||
| + exit 0 | |||
| Building as a Debian Package | |||
| In order to build getssl as a Debian package, the program must be | |||
| compressed into a tar.gz file and the tar.gz file named to match the | |||
| versioning information contained in the associated .spec file. Spec | |||
| files are special files which contain instructions on how to build a | |||
| particular package from a source code archive. | |||
| Debian Packages can be built using a utility called “debbuild” and use a | |||
| top directory structure which is similar to that used by the RPM tool | |||
| but using /root/debbuild/ as the “top directory”. These “top | |||
| directories” will contain BUILD, BUILDROOT, SPECS, DEBS, SDEBS, and | |||
| SOURCES subdirectories and follows a similar layout that is used for RPM | |||
| files. | |||
| The SPECS directory contains the *.spec files used to build DEB and SDEB | |||
| packages. The SOURCES subdirectory will contain the soure code archive | |||
| file referred to in the *.spec file used to build the DEB and SDEB | |||
| packages. | |||
| See the Quick Start Guide on instructions for installing the source SDEB | |||
| which installs both the .spec file and source archive file (tar.gz) into | |||
| the debbuild top directory (i.e. /root/debbuild/). You should have | |||
| previously installed the SDEB file before attempting to build the DEB | |||
| package. You can also manually install the .spec file into the <top | |||
| directory>/SPECS/ directory and the source code tarball in the <top | |||
| directory/SOURCES/ directory, then attempt to build the DEB package. | |||
| To build getssl using debbuild, change directories (cd) into the | |||
| /root/debbuild/SPECS/ directory and enter the following command: | |||
| debbuild -vv -ba getssl.spec <enter> | |||
| The program should output the following if the build is successful and | |||
| verify that the program wrote both the DEB and SDEB packages: | |||
| This is debbuild, version 22.02.1\ndebconfigdir:/usr/lib/debbuild\nsysconfdir:/etc\n | |||
| Lua: No Lua module loaded | |||
| Executing (%prep): /bin/sh -e /var/tmp/deb-tmp.prep.92007 | |||
| + umask 022 | |||
| + cd /root/debbuild/BUILD | |||
| + /bin/rm -rf getssl-2.47 | |||
| + /bin/gzip -dc /root/debbuild/SOURCES/getssl-2.47.tar.gz | |||
| + /bin/tar -xf - | |||
| + STATUS=0 | |||
| + '[' 0 -ne 0 ']' | |||
| + cd getssl-2.47 | |||
| + /bin/chmod -Rf a+rX,u+w,go-w . | |||
| + exit 0 | |||
| Executing (%build): /bin/sh -e /var/tmp/deb-tmp.build.40956 | |||
| + umask 022 | |||
| + cd /root/debbuild/BUILD | |||
| + cd getssl-2.47 | |||
| + exit 0 | |||
| Executing (%install): /bin/sh -e /var/tmp/deb-tmp.install.36647 | |||
| + umask 022 | |||
| + cd /root/debbuild/BUILD | |||
| + cd getssl-2.47 | |||
| + '[' -n /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 -a /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 '!=' / ']' | |||
| + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin | |||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts | |||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts | |||
| + /usr/bin/make DESTDIR=/root/debbuild/BUILDROOT/getssl-2.47-1.amd64 install | |||
| mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||
| install -Dvm755 getssl /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin/getssl | |||
| 'getssl' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin/getssl' | |||
| install -dvm755 /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl | |||
| for dir in *_scripts; do install -dv /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/$dir; install -pv $dir/* /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/$dir/; done | |||
| 'dns_scripts/Azure-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/Azure-README.txt' | |||
| 'dns_scripts/Cloudflare-README.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/Cloudflare-README.md' | |||
| 'dns_scripts/DNS_IONOS.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/DNS_IONOS.md' | |||
| 'dns_scripts/DNS_ROUTE53.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' | |||
| 'dns_scripts/GoDaddy-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' | |||
| 'dns_scripts/dns_add_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_acmedns' | |||
| 'dns_scripts/dns_add_azure' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_azure' | |||
| 'dns_scripts/dns_add_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' | |||
| 'dns_scripts/dns_add_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_clouddns' | |||
| 'dns_scripts/dns_add_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_cloudflare' | |||
| 'dns_scripts/dns_add_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_cpanel' | |||
| 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' | |||
| 'dns_scripts/dns_add_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_dnspod' | |||
| 'dns_scripts/dns_add_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_duckdns' | |||
| 'dns_scripts/dns_add_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_dynu' | |||
| 'dns_scripts/dns_add_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_godaddy' | |||
| 'dns_scripts/dns_add_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_hostway' | |||
| 'dns_scripts/dns_add_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ionos' | |||
| 'dns_scripts/dns_add_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ispconfig' | |||
| 'dns_scripts/dns_add_joker' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_joker' | |||
| 'dns_scripts/dns_add_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_lexicon' | |||
| 'dns_scripts/dns_add_linode' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_linode' | |||
| 'dns_scripts/dns_add_manual' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_manual' | |||
| 'dns_scripts/dns_add_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_nsupdate' | |||
| 'dns_scripts/dns_add_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ovh' | |||
| 'dns_scripts/dns_add_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' | |||
| 'dns_scripts/dns_add_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_vultr' | |||
| 'dns_scripts/dns_add_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' | |||
| 'dns_scripts/dns_del_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_acmedns' | |||
| 'dns_scripts/dns_del_azure' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_azure' | |||
| 'dns_scripts/dns_del_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' | |||
| 'dns_scripts/dns_del_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_clouddns' | |||
| 'dns_scripts/dns_del_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_cloudflare' | |||
| 'dns_scripts/dns_del_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_cpanel' | |||
| 'dns_scripts/dns_del_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_dnspod' | |||
| 'dns_scripts/dns_del_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_duckdns' | |||
| 'dns_scripts/dns_del_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_dynu' | |||
| 'dns_scripts/dns_del_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_godaddy' | |||
| 'dns_scripts/dns_del_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_hostway' | |||
| 'dns_scripts/dns_del_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ionos' | |||
| 'dns_scripts/dns_del_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ispconfig' | |||
| 'dns_scripts/dns_del_joker' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_joker' | |||
| 'dns_scripts/dns_del_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_lexicon' | |||
| 'dns_scripts/dns_del_linode' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_linode' | |||
| 'dns_scripts/dns_del_manual' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_manual' | |||
| 'dns_scripts/dns_del_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_nsupdate' | |||
| 'dns_scripts/dns_del_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ovh' | |||
| 'dns_scripts/dns_del_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' | |||
| 'dns_scripts/dns_del_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_vultr' | |||
| 'dns_scripts/dns_del_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' | |||
| 'dns_scripts/dns_freedns.sh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_freedns.sh' | |||
| 'dns_scripts/dns_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_godaddy' | |||
| 'dns_scripts/dns_route53.py' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_route53.py' | |||
| 'dns_scripts/ispconfig_soap.php' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/ispconfig_soap.php' | |||
| 'other_scripts/cpanel_cert_upload' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts/cpanel_cert_upload' | |||
| 'other_scripts/iis_install_certeficate.ps1' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' | |||
| + install -Dpm 644 /root/debbuild/SOURCES/getssl.crontab /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/etc/cron.d/getssl | |||
| + install -Dpm 644 /root/debbuild/SOURCES/getssl.logrotate /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/etc/logrotate.d/getssl | |||
| + exit 0 | |||
| Checking library requirements... | |||
| Executing (package-creation): /bin/sh -e /var/tmp/deb-tmp.pkg.6107 for getssl | |||
| + umask 022 | |||
| + cd /root/debbuild/BUILD | |||
| + /usr/bin/fakeroot -- /usr/bin/dpkg-deb -b /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/main /root/debbuild/DEBS/all/getssl_2.47-1_all.deb | |||
| dpkg-deb: warning: parsing file '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/main/DEBIAN/control' near line 10 package 'getssl': | |||
| missing 'Maintainer' field | |||
| dpkg-deb: warning: ignoring 1 warning about the control file(s) | |||
| dpkg-deb: building package 'getssl' in '/root/debbuild/DEBS/all/getssl_2.47-1_all.deb'. | |||
| + exit 0 | |||
| Executing (%clean): /bin/sh -e /var/tmp/deb-tmp.clean.52780 | |||
| + umask 022 | |||
| + cd /root/debbuild/BUILD | |||
| + '[' /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 '!=' / ']' | |||
| + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||
| + exit 0 | |||
| Wrote source package getssl-2.47-1.sdeb in /root/debbuild/SDEBS. | |||
| Wrote binary package getssl_2.47-1_all.deb in /root/debbuild/DEBS/all | |||
| Issues / problems / help | |||
| If you have any issues, please log them at | |||
| https://github.com/srvrco/getssl/issues | |||
| There are additional help pages on the wiki | |||
| If you have any suggestions for improvements then pull requests are | |||
| welcomed, or raise an issue. | |||
+ 547
- 31
README.md
View File
+ 38
- 0
RELEASE.md
View File
| @ -0,0 +1,38 @@ | |||
| # How to do a release of getssl | |||
| ## Update the version and tag the release | |||
| 1. git pull | |||
| 2. git branch -c release_2_nn | |||
| 3. git switch release_2_nn | |||
| 4. update VERSION in `getssl` and `getssl.spec` | |||
| 5. git commit -m"Update version to v2.nn" | |||
| 6. git tag -a v2.nn | |||
| 7. git push origin release_2_nn | |||
| 8. git push --tags | |||
| ## Manually start the github release-and-package action | |||
| 1. Build the .deb and .rpm packages | |||
| 2. create a draft release containing the packages and the release note | |||
| 3. **IMPORTANT** make sure that the release references tag **v**N.NN otherwise getssl -u fails! | |||
| ## Can test the .deb file using the following steps | |||
| 1. Change the status from draft to pre-release | |||
| 2. Test that the package can be installed using a cloud instance | |||
| 1. Start an Ubuntu ec2 instance from AWS Console (or Azure or Google Cloud) | |||
| 2. Or use the instant-ec2.sh script from my Github gist to start an Ubuntu ec2 instance | |||
| 1. `git clone git@gist.github.com:12c297e0645920c413273c9d15edbc68.git instant-ec2` | |||
| 2. `./instant-ec2/instant-ec2.sh` | |||
| 3. download the deb package | |||
| `wget https://github.com/srvrco/getssl/releases/download/v2.nn/getssl_2.nn-1_all.deb` | |||
| 4. install the deb package | |||
| `dpkg -i getssl_2.nn-1_all.deb` | |||
| 5. Check it's installed correctly | |||
| `getssl --version` | |||
| ## Update the latest tag post-release | |||
| 1. git tag -f -a latest | |||
| 2. git push --force --tags | |||
+ 48
- 0
common.shrc
View File
| @ -0,0 +1,48 @@ | |||
| # Simple cURL wrapper to manage nicely error handling: | |||
| # | |||
| # * In case of success, just read body from stdout | |||
| # * In case of HTTP error (status >= 400), first stderr contains "HTTP status: XXX", then body | |||
| # * In case of other error, just print cURL error on stderr | |||
| # | |||
| # This function requires a temporary file. It's created under ${TEMP_DIR} if defined and not empty. | |||
| # Otherwise, it relies on `mktemp` defaults. | |||
| # | |||
| curl.do() { | |||
| local rc=0 | |||
| local mktemp_opts=( '--suffix=.curl' ) | |||
| [[ -z "${TEMP_DIR}" ]] || mktemp_opts+=( "--tempdir=${TEMP_DIR}" ) | |||
| local curl_body_file='' | |||
| curl_body_file="$(mktemp "${mktemp_opts[@]}")" || { | |||
| rc=$? | |||
| echo "Unable to create temporary file for cURL output" | |||
| return $rc | |||
| } >&2 | |||
| local curl_opts=( | |||
| --output "${curl_body_file}" | |||
| --write-out '%{http_code}' | |||
| --silent | |||
| --show-error | |||
| "$@" | |||
| ) | |||
| local http_code='' | |||
| http_code="$(curl "${curl_opts[@]}")" || rc=$? | |||
| (( http_code < 400 )) || { | |||
| (( rc == 0 )) || rc=1 | |||
| echo "HTTP status: ${http_code}" | |||
| } >&2 | |||
| if [[ $rc == 0 ]]; then | |||
| cat "${curl_body_file}" || rc=$? | |||
| else | |||
| cat "${curl_body_file}" >&2 | |||
| fi | |||
| rm -rf "${curl_body_file}" || { | |||
| (( rc == 0 )) || rc=1 | |||
| echo "Unable to clear temporary file '${curl_body_file}'" | |||
| } >&2 | |||
| return $rc | |||
| } | |||
+ 11
- 0
debbuild.patch
View File
| @ -0,0 +1,11 @@ | |||
| --- /usr/bin/debbuild 2022-11-11 15:34:22.529876000 +0000 | |||
| +++ /usr/bin/debbuild.fix 2022-11-11 15:34:53.137410000 +0000 | |||
| @@ -1956,7 +1956,7 @@ | |||
| my $srcpkg = shift; | |||
| die _('Can\'t install ').$srcpkg."\n" unless $srcpkg =~ /\.sdeb$/; | |||
| $srcpkg = abs_path($srcpkg); | |||
| - system(expandmacros("cd %{_topdir}; %{__pax} -r -f $srcpkg)")) == 0 and | |||
| + system(expandmacros("cd %{_topdir}; %{__pax} -r -f $srcpkg")) == 0 and | |||
| $finalmessages .= _('Extracted source package ').$srcpkg. | |||
| _(" to %{_topdir}.\n"); | |||
| } # end install_sdeb() | |||
+ 8
- 4
dns_scripts/Cloudflare-README.md
View File
+ 22
- 12
dns_scripts/dns_add_acmedns
View File
+ 1
- 1
dns_scripts/dns_add_azure
View File
+ 1
- 1
dns_scripts/dns_add_del_aliyun.sh
View File
+ 7
- 0
dns_scripts/dns_add_dnsmasq
View File
| @ -0,0 +1,7 @@ | |||
| #!/usr/bin/env bash | |||
| # Make sure you enable in the /etc/dnsmasq.conf this line conf-dir=/etc/dnsmasq.d/,*.conf | |||
| echo "txt-record=_acme-challenge.\${1},\$2" > /etc/dnsmasq.d/acme-challenge.conf | |||
| systemctl restart dnsmasq | |||
+ 1
- 1
dns_scripts/dns_add_dnspod
View File
+ 1
- 1
dns_scripts/dns_add_duckdns
View File
+ 1
- 1
dns_scripts/dns_add_godaddy
View File
+ 50
- 0
dns_scripts/dns_add_hetzner
View File
| @ -0,0 +1,50 @@ | |||
| #!/usr/bin/env bash | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| api_url="https://dns.hetzner.com/api/v1" | |||
| api_key=${HETZNER_KEY:-''} | |||
| zone_id=${HETZNER_ZONE_ID:-''} | |||
| zone_name=${HETZNER_ZONE_NAME:-''} | |||
| # Verify that required parameters are set | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$HETZNER_KEY" ]]; then | |||
| echo "HETZNER_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$HETZNER_ZONE_ID" && -z "$HETZNER_ZONE_NAME" ]] ; then | |||
| echo "HETZNER_ZONE_ID and HETZNER_ZONE_NAME variables not set" | |||
| exit 1 | |||
| fi | |||
| # Get Zone ID if not set | |||
| if [[ -z "$HETZNER_ZONE_ID" ]] ; then | |||
| zone_id=$(curl --silent -X GET "$api_url/zones?name=$zone_name" -H 'Auth-API-Token: '"$api_key"'' | jq -r '.zones[0].id') | |||
| if [[ "$zone_id" == "null" ]] ; then | |||
| echo "Zone ID not found" | |||
| exit 1 | |||
| fi | |||
| fi | |||
| txtname="_acme-challenge.$fulldomain." | |||
| # Create TXT record | |||
| response=$(curl --silent -X POST "$api_url/records" \ | |||
| -H 'Content-Type: application/json' \ | |||
| -H "Auth-API-Token: $api_key" \ | |||
| -d '{"value": "'"$token"'","ttl": 60,"type": "TXT","name": "'"$txtname"'","zone_id": "'"$zone_id"'"}' \ | |||
| -o /dev/null -w '%{http_code}') | |||
| if [[ "$response" != "200" ]] ; then | |||
| echo "Record not created" | |||
| echo "Response code: $response" | |||
| exit 1 | |||
| fi | |||
+ 86
- 0
dns_scripts/dns_add_hostway
View File
| @ -0,0 +1,86 @@ | |||
| #!/usr/bin/env bash | |||
| # Need to add your API key below or set as env variable | |||
| apikey="$HOSTWAY_API_KEY" | |||
| # This script adds a token to dynu.com DNS for the ACME challenge | |||
| # usage dns_add_dynu "domain name" "token" | |||
| # return codes are; | |||
| # 0 - success | |||
| # 1 - error in input | |||
| # 2 - error within internal processing | |||
| # 3 - error in result ( domain not found in dynu.com etc) | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| API='https://api.hostway.com/dns' | |||
| # Check initial parameters | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| curl_params=( -H "accept: application/json" -H "Authorization: Basic $apikey" -H 'Content-Type: application/json charset=utf-8') | |||
| # Get domain id | |||
| # curl -X GET "https://api.hostway.com/dns/domain/" | |||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}") | |||
| # Match domain id | |||
| re="\"serial\":\s?([^}]*)" | |||
| if [[ "$resp" =~ $re ]]; then | |||
| domain_id="${BASH_REMATCH[1]}" | |||
| fi | |||
| if [[ -z "$domain_id" ]]; then | |||
| echo 'Domain name not found on your Hostway account' | |||
| exit 3 | |||
| fi | |||
| # Check for existing _acme-challenge TXT record | |||
| # curl -X GET "https://api.hostway.com/dns/domain/records?filterType=TXT&page=1&pageSize=100" | |||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}/records?filterType=TXT") | |||
| re="\"id\":\s?([^}]*)" | |||
| if [[ "$resp" =~ $re ]]; then | |||
| record_id="${BASH_REMATCH[1]}" | |||
| fi | |||
| if [[ -z "$record_id" ]]; then | |||
| # Add new TXT challenge record | |||
| # curl -X POST https://api.hostway.com/dns/{domain}/records/{record_id} -d "{\"name\":\"_acme-challenge.{domain}\",\"type\":\"TXT\",\"ttl\":\"300\",\"data\":\"Test2\"}" | |||
| # Response is empty when successful | |||
| echo "Adding record for ${fulldomain}" | |||
| resp=$(curl --silent \ | |||
| "${curl_params[@]}" \ | |||
| -X POST "${API}/${fulldomain}/records" \ | |||
| --data "{\"name\":\"_acme-challenge.${fulldomain}\",\"type\":\"TXT\",\"ttl\":\"300\",\"data\":\"$token\"}") | |||
| else | |||
| # Update existing record | |||
| # curl -X PUT https://api.hostway.com/dns/{domain}/records/{record_id} -d "{\"name\":\"_acme-challenge.{domain}\", \"data\":\"Test2\"}" | |||
| echo "Updating record for ${fulldomain}" | |||
| resp=$(curl --silent \ | |||
| "${curl_params[@]}" \ | |||
| -X PUT "${API}/${fulldomain}/records/${record_id}" \ | |||
| --data "{\"name\":\"_acme-challenge.${fulldomain}\", \"data\":\"$token\"}") | |||
| fi | |||
| # Check if response data matches token | |||
| re="\"data\":\s?\"([^,]*)\"" | |||
| if [[ "$resp" =~ $re ]]; then | |||
| if [[ ${BASH_REMATCH[1]} == "$token" ]]; then | |||
| token_match="$token ${BASH_REMATCH[1]}" | |||
| fi | |||
| fi | |||
| # If adding record failed (exception:) then print error message | |||
| if [[ -z "$token_match" && "$resp" != "" ]]; then | |||
| echo "Error: DNS challenge not added: unknown error - ${resp}" | |||
| exit 3 | |||
| else | |||
| echo "Record added successfully for ${fulldomain}" | |||
| fi | |||
+ 1
- 1
dns_scripts/dns_add_ionos
View File
+ 44
- 0
dns_scripts/dns_add_ispconfig
View File
| @ -0,0 +1,44 @@ | |||
| #!/usr/bin/env bash | |||
| # Need to add your API key below or set as env variable | |||
| CURR_PATH="`dirname \"$0\"`" | |||
| ispconfig_user="$ISPCONFIG_REMOTE_USER_NAME" | |||
| ispconfig_pass="$ISPCONFIG_REMOTE_USER_PASSWORD" | |||
| soap_location="$ISPCONFIG_SOAP_LOCATION" | |||
| soap_uri="$ISPCONFIG_SOAP_URL" | |||
| # This script adds a token to ispconfig database DNS for the ACME challenge | |||
| # usage dns_add_ispconfig "domain name" "token" | |||
| # return codes are; | |||
| # 0 - success | |||
| # 1 - error in input | |||
| # 2 - error within internal processing | |||
| # 3 - error in result ( domain not found in dynu.com etc) | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| # Check initial parameters | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| response=$(php $CURR_PATH/ispconfig_soap.php \ | |||
| --action="add" \ | |||
| --domain="$fulldomain" \ | |||
| --token="$token" \ | |||
| --ispconfig_user="$ispconfig_user" \ | |||
| --ispconfig_pass="$ispconfig_pass" \ | |||
| --soap_location="$soap_location" \ | |||
| --soap_uri="$soap_uri") | |||
| echo $response | |||
| exit 0 | |||
+ 1
- 1
dns_scripts/dns_add_joker
View File
+ 27
- 16
dns_scripts/dns_add_linode
View File
+ 1
- 1
dns_scripts/dns_add_manual
View File
+ 30
- 0
dns_scripts/dns_add_ns1
View File
| @ -0,0 +1,30 @@ | |||
| #! /usr/bin/env bash | |||
| # NS1 Add DNS Record | |||
| if [[ -z "$NS1_API_KEY" ]]; then | |||
| echo "NS1_API_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| api_url="https://api.nsone.net/v1/" | |||
| api_key=${NS1_API_KEY:-''} | |||
| domain="$1" | |||
| challenge="$2" | |||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||
| subdomain="_acme-challenge.${domain%}" | |||
| function create { | |||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X DELETE \ | |||
| --header "X-NSONE-Key: $api_key" | |||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X PUT \ | |||
| --header "X-NSONE-Key: $api_key" \ | |||
| --header "Content-Type: application/json" \ | |||
| --data "{ \"zone\": \"${root}\", \"domain\": \"${subdomain}\", \"type\": \"TXT\", \"answers\": [ { \"answer\": [ \"${challenge}\" ] } ] }" | |||
| } | |||
| create $root $subdomain | |||
+ 1
- 1
dns_scripts/dns_add_nsupdate
View File
+ 1
- 1
dns_scripts/dns_add_ovh
View File
+ 1
- 1
dns_scripts/dns_add_pdns-mysql
View File
+ 30
- 0
dns_scripts/dns_add_vultr
View File
| @ -0,0 +1,30 @@ | |||
| #! /usr/bin/env bash | |||
| # Vultr Add DNS Record | |||
| api_url="https://api.vultr.com/v2" | |||
| api_key=${VULTR_API_KEY:-''} | |||
| domain="$1" | |||
| challenge="$2" | |||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||
| subdomain="_acme-challenge.${domain%.$root}" | |||
| if [[ -z "$VULTR_API_KEY" ]]; then | |||
| echo "VULTR_API_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| function create { | |||
| curl "${api_url}/domains/$1/records" -s -o /dev/null -X POST -H "Authorization: Bearer ${VULTR_API_KEY}" -H "Content-Type: application/json" \ | |||
| --data "{ | |||
| \"name\" : \"$2\", | |||
| \"type\" : \"TXT\", | |||
| \"data\" : \"${challenge}\", | |||
| \"ttl\" : 300, | |||
| \"priority\" : 0 | |||
| }" | |||
| } | |||
| create $root $subdomain | |||
+ 39
- 0
dns_scripts/dns_add_windows_dns_server
View File
| @ -0,0 +1,39 @@ | |||
| #!/usr/bin/env bash | |||
| # Windows DNS server using powershell - dnscmd is going to be deprecated | |||
| # Using Windows Sublinux for executing windows commands | |||
| # dnscmd command will be depricated use powershell instead | |||
| regexp='[A-z0-9]+(\.(co|com))?\.\w+$' | |||
| fulldomain=${1} | |||
| # Get root domain api.[domain|.co|.uk] | |||
| rootdomain=$(echo "${fulldomain}" | grep -Eo "${regexp}") | |||
| # Exlude root domain [api].domain.com | |||
| subdomain=$(result=$(echo "${fulldomain}" | grep -Po '(.*)(?=\.[A-z0-9]+(\.(co|com))?\.\w+$)') && if [[ ${#result} -gt 0 ]]; then echo ".${result}"; else echo ""; fi) | |||
| token=${2} | |||
| nloop=1 | |||
| retries=15 # Sometimes it fails | |||
| while [[ ${nloop} -le ${retries} ]]; do | |||
| # Add TXT record | |||
| echo "Tries ${nloop} out of ${retries}" | |||
| echo "Adding acme challenge record for ${fulldomain} with token ${token}" | |||
| cmd=(powershell.exe Add-DnsServerResourceRecord -DescriptiveText \'"${token}"\' -Name \'"_acme-challenge${subdomain}"\' -Txt -ZoneName \'"${rootdomain}"\' -TimeToLive 0:0:0:1) | |||
| echo "${cmd[@]}" | |||
| result_stderr=$({ "${cmd[@]}" ;} 2>&1) | |||
| if [[ ${#result_stderr} -eq 0 ]]; then | |||
| break | |||
| else | |||
| echo "${result_stderr}" | |||
| fi | |||
| nloop=$((nloop+1)) | |||
| echo "Sleeping 5 seconds" | |||
| sleep 5 | |||
| done | |||
+ 8
- 35
dns_scripts/dns_del_acmedns
View File
+ 7
- 0
dns_scripts/dns_del_dnsmasq
View File
| @ -0,0 +1,7 @@ | |||
| #!/usr/bin/env bash | |||
| # Make sure you enable in the /etc/dnsmasq.conf this line conf-dir=/etc/dnsmasq.d/,*.conf | |||
| echo "" > /etc/dnsmasq.d/acme-challenge.conf | |||
| systemctl restart dnsmasq | |||
+ 1
- 1
dns_scripts/dns_del_dnspod
View File
+ 1
- 1
dns_scripts/dns_del_duckdns
View File
+ 1
- 1
dns_scripts/dns_del_godaddy
View File
+ 57
- 0
dns_scripts/dns_del_hetzner
View File
| @ -0,0 +1,57 @@ | |||
| #!/usr/bin/env bash | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| api_url="https://dns.hetzner.com/api/v1" | |||
| api_key=${HETZNER_KEY:-''} | |||
| zone_id=${HETZNER_ZONE_ID:-''} | |||
| zone_name=${HETZNER_ZONE_NAME:-''} | |||
| # Verify that required parameters are set | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$HETZNER_KEY" ]]; then | |||
| echo "HETZNER_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$HETZNER_ZONE_ID" && -z "$HETZNER_ZONE_NAME" ]] ; then | |||
| echo "HETZNER_ZONE_ID and HETZNER_ZONE_NAME variables not set" | |||
| exit 1 | |||
| fi | |||
| # Get Zone ID if not set | |||
| if [[ -z "$HETZNER_ZONE_ID" ]] ; then | |||
| zone_id=$(curl --silent -X GET "$api_url/zones?name=$zone_name" -H 'Auth-API-Token: '"$api_key"'' | jq -r '.zones[0].id') | |||
| if [[ "$zone_id" == "null" ]] ; then | |||
| echo "Zone by name not found" | |||
| exit 1 | |||
| fi | |||
| fi | |||
| # domain_root=$(echo "$fulldomain" | awk -F\. '{print $(NF-1) FS $NF FS}') | |||
| # domain=${fulldomain%.$domain_root} | |||
| txtname="_acme-challenge.$fulldomain." | |||
| record_id=$(curl --silent -X GET "$api_url/records?zone_id=$zone_id" -H "Auth-API-Token: $api_key" | jq -r '.records[] | select(.name=="'"$txtname"'") | .id') | |||
| if [[ "$record_id" == "null" ]] ; then | |||
| echo "Record not found" | |||
| exit 1 | |||
| fi | |||
| # Create TXT record | |||
| response=$(curl --silent -X DELETE "$api_url/records/$record_id" -H "Auth-API-Token: $api_key" -o /dev/null -w '%{http_code}') | |||
| if [[ "$response" != "200" ]] ; then | |||
| echo "Record not deleted" | |||
| echo "Response code: $response" | |||
| exit 1 | |||
| fi | |||
+ 66
- 0
dns_scripts/dns_del_hostway
View File
| @ -0,0 +1,66 @@ | |||
| #!/usr/bin/env bash | |||
| # Need to add your API key below or set as env variable | |||
| apikey="$HOSTWAY_API_KEY" | |||
| # This script adds a token to dynu.com DNS for the ACME challenge | |||
| # usage dns_add_dynu "domain name" "token" | |||
| # return codes are; | |||
| # 0 - success | |||
| # 1 - error in input | |||
| # 2 - error within internal processing | |||
| # 3 - error in result ( domain not found in dynu.com etc) | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| API='https://api.hostway.com/dns' | |||
| # Check initial parameters | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| curl_params=( -H "accept: application/json" -H "Authorization: Basic $apikey" -H 'Content-Type: application/json charset=utf-8') | |||
| # Get domain id | |||
| # curl -X GET "https://api.hostway.com/dns/domain/" | |||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}") | |||
| # Match domain id | |||
| re="\"serial\":\s?([^}]*)" | |||
| if [[ "$resp" =~ $re ]]; then | |||
| domain_id="${BASH_REMATCH[1]}" | |||
| fi | |||
| if [[ -z "$domain_id" ]]; then | |||
| echo 'Domain name not found on your Hostway account' | |||
| exit 3 | |||
| fi | |||
| # Check for existing _acme-challenge TXT record | |||
| # curl -X GET "https://api.hostway.com/dns/domain/records?filterType=TXT&page=1&pageSize=100" | |||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}/records?filterType=TXT") | |||
| #re="\"id\":\s?([^}]*)" | |||
| re="(?<=_acme(.*)\"id\":\s?)[0-9]+(?=\})" | |||
| if [[ "$resp" =~ $re ]]; then | |||
| record_id="${BASH_REMATCH[1]}" | |||
| fi | |||
| if [[ -z "$record_id" ]]; then | |||
| echo "Not able to find a record to delete" | |||
| else | |||
| # Delete existing record | |||
| # curl -X DELETE https://api.hostway.com/dns/{domain}/records/{record_id} | |||
| resp=$(curl --silent \ | |||
| "${curl_params[@]}" \ | |||
| -X DELETE "${API}/${fulldomain}/records/${record_id}") | |||
| if [[ "$resp" == "" ]]; then | |||
| echo "Record deleted successfully for ${fulldomain}" | |||
| fi | |||
| fi | |||
+ 1
- 1
dns_scripts/dns_del_ionos
View File
+ 44
- 0
dns_scripts/dns_del_ispconfig
View File
| @ -0,0 +1,44 @@ | |||
| #!/usr/bin/env bash | |||
| # Need to add your API key below or set as env variable | |||
| CURR_PATH="`dirname \"$0\"`" | |||
| ispconfig_user="$ISPCONFIG_REMOTE_USER_NAME" | |||
| ispconfig_pass="$ISPCONFIG_REMOTE_USER_PASSWORD" | |||
| soap_location="$ISPCONFIG_SOAP_LOCATION" | |||
| soap_uri="$ISPCONFIG_SOAP_URL" | |||
| # This script adds a token to ispconfig database DNS for the ACME challenge | |||
| # usage dns_add_ispconfig "domain name" "token" | |||
| # return codes are; | |||
| # 0 - success | |||
| # 1 - error in input | |||
| # 2 - error within internal processing | |||
| # 3 - error in result ( domain not found in dynu.com etc) | |||
| fulldomain="${1}" | |||
| token="${2}" | |||
| # Check initial parameters | |||
| if [[ -z "$fulldomain" ]]; then | |||
| echo "DNS script requires full domain name as first parameter" | |||
| exit 1 | |||
| fi | |||
| if [[ -z "$token" ]]; then | |||
| echo "DNS script requires challenge token as second parameter" | |||
| exit 1 | |||
| fi | |||
| response=$(php $CURR_PATH/ispconfig_soap.php \ | |||
| --action="del" \ | |||
| --domain="$fulldomain" \ | |||
| --token="$token" \ | |||
| --ispconfig_user="$ispconfig_user" \ | |||
| --ispconfig_pass="$ispconfig_pass" \ | |||
| --soap_location="$soap_location" \ | |||
| --soap_uri="$soap_uri") | |||
| echo $response | |||
| exit 0 | |||
+ 1
- 1
dns_scripts/dns_del_joker
View File
+ 29
- 21
dns_scripts/dns_del_linode
View File
+ 1
- 1
dns_scripts/dns_del_manual
View File
+ 26
- 0
dns_scripts/dns_del_ns1
View File
| @ -0,0 +1,26 @@ | |||
| #! /usr/bin/env bash | |||
| # NS1 Add DNS Record | |||
| if [[ -z "$NS1_API_KEY" ]]; then | |||
| echo "NS1_API_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| api_url="https://api.nsone.net/v1/" | |||
| api_key=${NS1_API_KEY:-''} | |||
| domain="$1" | |||
| challenge="$2" | |||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||
| subdomain="_acme-challenge.${domain%}" | |||
| function delete { | |||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X DELETE \ | |||
| --header "X-NSONE-Key: $api_key" | |||
| } | |||
| delete $root $subdomain | |||
+ 1
- 1
dns_scripts/dns_del_nsupdate
View File
+ 1
- 1
dns_scripts/dns_del_ovh
View File
+ 1
- 1
dns_scripts/dns_del_pdns-mysql
View File
+ 26
- 0
dns_scripts/dns_del_vultr
View File
| @ -0,0 +1,26 @@ | |||
| #! /usr/bin/env bash | |||
| # Vultr Delete DNS Record | |||
| # This script requires jq to be installed on the machine running it | |||
| api_url="https://api.vultr.com/v2" | |||
| api_key=${VULTR_API_KEY:-''} | |||
| domain="$1" | |||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||
| subdomain="_acme-challenge.${domain%.$root}" | |||
| if [[ -z "$VULTR_API_KEY" ]]; then | |||
| echo "VULTR_API_KEY variable not set" | |||
| exit 1 | |||
| fi | |||
| function delete { | |||
| recordID=$(curl "${api_url}/domains/$1/records" --silent -X GET -H "Authorization: Bearer ${VULTR_API_KEY}" | jq -r ".records[] | select(.name==\"$2\").id") | |||
| curl "${api_url}/domains/$1/records/$recordID" -X DELETE -H "Authorization: Bearer ${VULTR_API_KEY}" | |||
| } | |||
| delete $root $subdomain | |||
+ 39
- 0
dns_scripts/dns_del_windows_dns_server
View File
| @ -0,0 +1,39 @@ | |||
| #!/usr/bin/env bash | |||
| # Windows DNS server using powershell - dnscmd is going to be deprecated | |||
| # Using Windows Sublinux for executing windows commands | |||
| # dnscmd command will be depricated use powershell instead | |||
| regexp='[A-z0-9]+(\.(co|com))?\.\w+$' | |||
| fulldomain=${1} | |||
| # Get root domain api.[domain|.co|.uk] | |||
| rootdomain=$(echo "${fulldomain}" | grep -Eo "${regexp}") | |||
| # Exlude root domain [api].domain.com | |||
| subdomain=$(result=$(echo "${fulldomain}" | grep -Po '(.*)(?=\.[A-z0-9]+(\.(co|com))?\.\w+$)') && if [[ ${#result} -gt 0 ]]; then echo ".${result}"; else echo ""; fi) | |||
| token=${2} | |||
| nloop=1 | |||
| retries=15 # Sometimes it fails | |||
| while [[ ${nloop} -le ${retries} ]]; do | |||
| # Delete TXT record | |||
| echo "Tries ${nloop} out of ${retries}" | |||
| echo "Deleting acme challenge record for ${fulldomain} with token ${token}" | |||
| cmd=(powershell.exe Remove-DnsServerResourceRecord -RRType TXT -Name \'"_acme-challenge${subdomain}"\' -ZoneName \'"${rootdomain}"\' -RecordData \'"${token}"\' -Force) | |||
| echo "${cmd[@]}" | |||
| result_stderr=$({ "${cmd[@]}" ;} 2>&1) | |||
| if [[ ${#result_stderr} -eq 0 ]]; then | |||
| break | |||
| else | |||
| echo "${result_stderr}" | |||
| fi | |||
| nloop=$((nloop+1)) | |||
| echo "Sleeping 5 seconds" | |||
| sleep 5 | |||
| done | |||
+ 15
- 17
dns_scripts/dns_godaddy
View File
+ 140
- 0
dns_scripts/ispconfig_soap.php
View File
| @ -0,0 +1,140 @@ | |||
| <?php | |||
| $args = getopt("", array("action:", "domain:", "token:", "ispconfig_user:", "ispconfig_pass:", "soap_location:", "soap_uri:")); | |||
| $action = $args["action"]; | |||
| $fulldomain = $args["domain"]; | |||
| $token = $args["token"]; | |||
| $soap_location = $args["soap_location"]; | |||
| $soap_uri = $args["soap_uri"]; | |||
| $username = $args["ispconfig_user"]; | |||
| $password = $args["ispconfig_pass"]; | |||
| $client = new SoapClient( | |||
| null, | |||
| array( | |||
| 'location' => $soap_location, | |||
| 'uri' => $soap_uri, | |||
| 'trace' => 1, | |||
| 'exceptions' => 1, | |||
| 'stream_context' => stream_context_create( | |||
| array( | |||
| 'ssl' => | |||
| array( | |||
| 'verify_peer' => false, | |||
| 'verify_peer_name' => false | |||
| ) | |||
| ) | |||
| ) | |||
| ) | |||
| ); | |||
| try { | |||
| if ($session_id = $client->login($username, $password)) { | |||
| //echo 'Logged in successfully. Session ID:' . $session_id . '<br />'; | |||
| } | |||
| // Get all zone | |||
| $zones = $client->dns_zone_get($session_id, -1); | |||
| $zone_id = 0; | |||
| $client_id = 0; | |||
| $server_id = 0; | |||
| foreach ($zones as $zone) { | |||
| // Find zone that needs to update | |||
| if (preg_match("/" . $zone["origin"] . "/", $fulldomain . ".")) { | |||
| $zone_id = $zone["id"]; | |||
| $sys_userid = $zone["sys_userid"]; | |||
| $server_id = $zone["server_id"]; | |||
| } | |||
| } | |||
| //Get client id | |||
| $client_id = $client->client_get_id($session_id, $sys_userid); | |||
| if ($client_id == 0) { | |||
| exit; | |||
| } | |||
| // Get all domain records of type txt | |||
| // Bug it retrieves all domain records | |||
| $dns_records = $client->dns_txt_get($session_id, -1); | |||
| $dns_record_id = 0; | |||
| foreach ($dns_records as $dns_record) { | |||
| if ($dns_record["zone"] == $zone_id && $dns_record["type"] == "TXT" && $dns_record["name"] == "_acme-challenge.{$fulldomain}.") { | |||
| $dns_record_id = $dns_record["id"]; | |||
| } | |||
| } | |||
| // Add if zero else update | |||
| $date = new DateTime(); | |||
| switch ($action) { | |||
| case "add": | |||
| if ($dns_record_id == 0) { | |||
| $dns_record = array( | |||
| "server_id" => $server_id, | |||
| "zone" => $zone_id, | |||
| "name" => "_acme-challenge.{$fulldomain}.", | |||
| "type" => "txt", | |||
| "data" => $token, | |||
| "aux" => 111, | |||
| "ttl" => 300, | |||
| "active" => 'y', | |||
| "stamp" => date_format($date, 'Y-m-d H:i:s'), | |||
| "serial" => date_format($date, 'Ymds') | |||
| ); | |||
| $result = $client->dns_txt_add($session_id, $client_id, $dns_record); | |||
| echo "Created record for domain {$fulldomain} with token $token\n"; | |||
| } else { | |||
| $dns_record["data"] = $token; | |||
| $dns_record["stamp"] = date_format($date, 'Y-m-d H:i:s'); | |||
| $dns_record["serial"] = date_format($date, 'YmdH'); | |||
| $result = $client->dns_txt_update($session_id, $client_id, $dns_record_id, $dns_record); | |||
| echo "Updated the record for domain {$fulldomain} with token $token\n"; | |||
| } | |||
| break; | |||
| case "del": | |||
| if ($dns_record_id > 0) { | |||
| $result = $client->dns_txt_delete($session_id, $dns_record_id); | |||
| if ($result) { | |||
| echo "The record was deleted from domain {$fulldomain} successfully\n"; | |||
| } else { | |||
| echo "Failed to delete the record for domain {$fulldomain}\n"; | |||
| } | |||
| } else { | |||
| echo "The record was not found for deletion\n"; | |||
| } | |||
| break; | |||
| default: | |||
| echo "No action was specified as parameter\n"; | |||
| break; | |||
| } | |||
| if ($client->logout($session_id)) { | |||
| //echo 'Logged out.<br />'; | |||
| } | |||
| } catch (SoapFault $e) { | |||
| echo $client->__getLastResponse(); | |||
| die('SOAP Error: ' . $e->getMessage()); | |||
| } | |||
+ 191
- 100
getssl
View File
+ 3
- 0
getssl.crontab
View File
| @ -0,0 +1,3 @@ | |||
| # 0 18 1 */1 * means run at 18:00 on day-of-month 1 in every month | |||
| # uncomment the line below to activate cron getssl service | |||
| # 0 18 1 */1 * root /usr/bin/getssl -u -a &>> /var/log/getssl.log | |||
+ 9
- 0
getssl.logrotate
View File
| @ -0,0 +1,9 @@ | |||
| /var/log/getssl.log { | |||
| monthly | |||
| rotate 10 | |||
| copytruncate | |||
| delaycompress | |||
| compress | |||
| notifempty | |||
| missingok | |||
| } | |||
+ 59
- 0
getssl.spec
View File
| @ -0,0 +1,59 @@ | |||
| %define _build_id_links none | |||
| %define debug_package %{nil} | |||
| # set this to true or the rpmbuild will fail with errors due to shebang defines | |||
| # in some of the dns scripts for python | |||
| %global __brp_mangle_shebangs /usr/bin/true | |||
| Summary: getssl ACME Scripts for managing Let's Encrypt certificates | |||
| License: GPL | |||
| Packager: getssl developers <https://github.com/srvrco/getssl> | |||
| Name: getssl | |||
| Version: 2.49 | |||
| Release: 1 | |||
| URL: http://github.com/srvrco/getssl/ | |||
| Source0: %{name}-%{version}.tar.gz | |||
| Source1: getssl.crontab | |||
| Source2: getssl.logrotate | |||
| BuildArch: noarch | |||
| Requires: bash | |||
| BuildRequires: bash | |||
| %description | |||
| The %{name} package contains the getssl scripts, crontab files, and logrotate files for implementing automated creation and installation of SSL certificates from the Let's Encrypt ACME website. | |||
| %prep | |||
| %setup -q -n %{name}-%{version} | |||
| %build | |||
| %install | |||
| [ -n "%{buildroot}" -a "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot} | |||
| %{__mkdir_p} %{buildroot}%{_bindir} | |||
| %{__mkdir_p} %{buildroot}%{_datadir}/getssl/dns_scripts | |||
| %{__mkdir_p} %{buildroot}%{_datadir}/getssl/other_scripts | |||
| %{__make} \ | |||
| DESTDIR=%{buildroot} \ | |||
| install | |||
| install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/getssl | |||
| install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/getssl | |||
| %pre | |||
| %post | |||
| %preun | |||
| %postun | |||
| %files | |||
| %defattr(-,root,root) | |||
| %{_bindir}/getssl | |||
| %{_datadir}/getssl/dns_scripts/* | |||
| %{_datadir}/getssl/other_scripts/* | |||
| %{_sysconfdir}/cron.d/getssl | |||
| %{_sysconfdir}/logrotate.d/getssl | |||
| %changelog | |||
+ 1
- 1
other_scripts/cpanel_cert_upload
View File
+ 95
- 0
other_scripts/iis_install_certeficate.ps1
View File
| @ -0,0 +1,95 @@ | |||
| # Generate PFX for IIS (Internet Information Service) | |||
| # Load libraries | |||
| #Add-Type -AssemblyName 'C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll' | |||
| using assembly C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll | |||
| $FullDomain = $args[0] | |||
| $DebugPreference = "Continue" | |||
| # $DebugPreference="SilentlyContinue" | |||
| $IIS_SiteName = $args[1] | |||
| $Path = $args[2] | |||
| # Files | |||
| $PfxFile = "$Path$FullDomain.pfx" | |||
| $CrtFile = "$Path$FullDomain.crt" | |||
| $KeyFile = "$Path$FullDomain.key" | |||
| Write-Debug "Generating pfx certificate" | |||
| openssl pkcs12 -inkey "$KeyFile" -in "$CrtFile" -password pass:$FullDomain -export -out "$PfxFile" | |||
| # Delete old certificate and install the new PFX Certificate | |||
| # Get all certificates | |||
| $Store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine") | |||
| $Store.Open("MaxAllowed") | |||
| # Loop over all and delete matching certificate for the current domain | |||
| $Ssc = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection | |||
| for ($i = 0; $i -lt $Store.Certificates.Count; $i++) { | |||
| $Item = $Store.Certificates.Item($i) | |||
| if ($Item.subject.Contains($FullDomain)) { | |||
| Write-Debug "Adding $FullDomain certificate for deletion!" | |||
| $result=$Ssc.Add($Item) | |||
| } | |||
| } | |||
| for ($i = 0; $i -lt $Ssc.Count; $i++) { | |||
| Write-Debug "Deleting $FullDomain certificate!" | |||
| $Store.RemoveRange($Ssc.Item($i)) | |||
| } | |||
| # $X509KeyStorageFlags Enums | |||
| $X509KeyStorageFlagsExportable = 4 | |||
| $X509KeyStorageFlagsPersistKeySet = 16 | |||
| $X509KeyStorageFlagsMachineKeySet = 2 | |||
| <# | |||
| $X509KeyStorageFlagsDefaultKeySet=0 | |||
| $X509KeyStorageFlagsUserKeySet=1 | |||
| $X509KeyStorageFlagsUserProtected=8 | |||
| $X509KeyStorageFlagsEphemeralKeySet=32 | |||
| #> | |||
| # Prepare for loading new certificated | |||
| $PFXCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($PfxFile, $FullDomain, | |||
| ( | |||
| $X509KeyStorageFlagsExportable + | |||
| $X509KeyStorageFlagsPersistKeySet + | |||
| $X509KeyStorageFlagsMachineKeySet | |||
| ) | |||
| ) | |||
| #Save New Cert | |||
| $Store.Add($PFXCert); | |||
| $Store.Close(); | |||
| # IIS Binding - Need to rebind the domain to the new certificate | |||
| $Manager = New-Object Microsoft.Web.Administration.ServerManager | |||
| $Site = $Manager.Sites[$IIS_SiteName] | |||
| for ($i = 0; $i -lt $Site.Bindings.Count; $i++) { | |||
| $Bind = $Site.Bindings.Item($i); | |||
| $Protocol = $Bind.Protocol | |||
| $hostname = $Bind.Host | |||
| if ($Protocol -eq "https") { | |||
| Write-Debug "Binding ${protocol}://${hostname}" | |||
| $Bind.CertificateHash = $PFXCert.GetCertHash() | |||
| } | |||
| } | |||
| $Manager.CommitChanges() | |||
| Write-Debug "PFX complete!" | |||
+ 49
- 0
test/0-test-usage.bats
View File
| @ -0,0 +1,49 @@ | |||
| #! /usr/bin/env bats | |||
| load '/bats-support/load.bash' | |||
| load '/bats-assert/load.bash' | |||
| load '/getssl/test/test_helper.bash' | |||
| # This is run for every test | |||
| teardown() { | |||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||
| } | |||
| setup() { | |||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||
| #export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||
| } | |||
| @test "Run getssl without any arguments to verify the usage message is shown" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| run ${CODE_DIR}/getssl | |||
| assert_line --partial "Usage: getssl" | |||
| assert_success | |||
| } | |||
| @test "Run getssl with --nocheck and verify the usage message is shown" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| run ${CODE_DIR}/getssl --nocheck | |||
| assert_line --partial "Usage: getssl" | |||
| assert_success | |||
| } | |||
| @test "Run getssl with --upgrade and verify the usage message is NOT shown" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| # Feb-23 Getting semi-repeatable "can't check for upgrades: ''" errors which are because the limit is being exceeded (re-use of github action ip?) | |||
| check_github_quota 7 | |||
| run ${CODE_DIR}/getssl --upgrade | |||
| refute_output | |||
| assert_success | |||
| } | |||
+ 18
- 6
test/11-test--install.bats
View File
+ 0
- 33
test/32-test-upgrade.bats
View File
+ 214
- 8
test/34-ftp-passive.bats
View File
+ 167
- 0
test/34-ftp-ports.bats
View File
| @ -0,0 +1,167 @@ | |||
| #! /usr/bin/env bats | |||
| load '/bats-support/load.bash' | |||
| load '/bats-assert/load.bash' | |||
| load '/getssl/test/test_helper.bash' | |||
| # This is run for every test | |||
| setup() { | |||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||
| export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||
| if [ -n "${VSFTPD_CONF}" ]; then | |||
| if [ ! -f "${VSFTPD_CONF}.getssl" ]; then | |||
| cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl | |||
| else | |||
| cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF | |||
| fi | |||
| # enable passive and disable active mode | |||
| # https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode | |||
| cat <<- _FTP >> $VSFTPD_CONF | |||
| pasv_enable=YES | |||
| pasv_max_port=10100 | |||
| pasv_min_port=10090 | |||
| _FTP | |||
| fi | |||
| } | |||
| teardown() { | |||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||
| if [ -n "${VSFTPD_CONF}" ]; then | |||
| cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF | |||
| ${CODE_DIR}/test/restart-ftpd stop | |||
| fi | |||
| } | |||
| @test "Use ftpes, FTP_PORT=1001 (explicit ssl, port 1001) to create challenge file" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| if [[ ! -f /etc/vsftpd.pem ]]; then | |||
| echo "FAILED: This test requires the previous test to succeed" | |||
| exit 1 | |||
| fi | |||
| if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then | |||
| mkdir -p /var/www/html/.well-known/acme-challenge | |||
| fi | |||
| # Restart vsftpd with ssl enabled | |||
| cat <<- _FTP >> $VSFTPD_CONF | |||
| connect_from_port_20=NO | |||
| listen_port=1001 | |||
| ssl_enable=YES | |||
| allow_anon_ssl=NO | |||
| force_local_data_ssl=NO | |||
| force_local_logins_ssl=NO | |||
| ssl_tlsv1=YES | |||
| ssl_sslv2=NO | |||
| ssl_sslv3=NO | |||
| require_ssl_reuse=NO | |||
| ssl_ciphers=HIGH | |||
| rsa_cert_file=/etc/vsftpd.pem | |||
| rsa_private_key_file=/etc/vsftpd.pem | |||
| _FTP | |||
| ${CODE_DIR}/test/restart-ftpd start | |||
| # Always change ownership and permissions in case previous tests created the directories as root | |||
| chgrp -R www-data /var/www/html/.well-known | |||
| chmod -R g+w /var/www/html/.well-known | |||
| CONFIG_FILE="getssl-http01.cfg" | |||
| setup_environment | |||
| init_getssl | |||
| # Verbose output is needed so the test assertion passes | |||
| # On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k" | |||
| if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then | |||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||
| ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k" | |||
| FTP_PORT=1001 | |||
| EOF | |||
| else | |||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||
| ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v" | |||
| FTP_PORT=1001 | |||
| EOF | |||
| fi | |||
| create_certificate | |||
| assert_success | |||
| # assert_line --partial "SSL connection using TLSv1.3" | |||
| assert_line --partial "200 PROT now Private" | |||
| check_output_for_errors | |||
| } | |||
| @test "Use ftps, FTP_PORT=2002 (implicit ssl, port 2002) to create challenge file" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| if [[ ! -f /etc/vsftpd.pem ]]; then | |||
| echo "FAILED: This test requires the previous test to succeed" | |||
| exit 1 | |||
| fi | |||
| # Restart vsftpd listening on port 990 | |||
| cat <<- _FTP >> $VSFTPD_CONF | |||
| implicit_ssl=YES | |||
| listen_port=2002 | |||
| connect_from_port_20=NO | |||
| ssl_enable=YES | |||
| allow_anon_ssl=NO | |||
| force_local_data_ssl=NO | |||
| force_local_logins_ssl=NO | |||
| ssl_tlsv1=YES | |||
| ssl_sslv2=NO | |||
| ssl_sslv3=NO | |||
| require_ssl_reuse=NO | |||
| ssl_ciphers=HIGH | |||
| rsa_cert_file=/etc/vsftpd.pem | |||
| rsa_private_key_file=/etc/vsftpd.pem | |||
| _FTP | |||
| ${CODE_DIR}/test/restart-ftpd start | |||
| if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then | |||
| mkdir -p /var/www/html/.well-known/acme-challenge | |||
| fi | |||
| # Always change ownership and permissions in case previous tests created the directories as root | |||
| chgrp -R www-data /var/www/html/.well-known | |||
| chmod -R g+w /var/www/html/.well-known | |||
| CONFIG_FILE="getssl-http01.cfg" | |||
| setup_environment | |||
| init_getssl | |||
| # Verbose output is needed so the test assertion passes | |||
| # On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k" | |||
| # as I don't have time to fix | |||
| if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then | |||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||
| ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k" | |||
| FTP_PORT=2002 | |||
| EOF | |||
| else | |||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||
| ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v" | |||
| FTP_PORT=2002 | |||
| EOF | |||
| fi | |||
| create_certificate | |||
| assert_success | |||
| assert_line --partial "200 PROT now Private" | |||
| check_output_for_errors | |||
| } | |||
+ 1
- 1
test/40-cname-dns01-nslookup.bats
View File
+ 32
- 0
test/41-show-account-id.bats
View File
| @ -0,0 +1,32 @@ | |||
| #! /usr/bin/env bats | |||
| load '/bats-support/load.bash' | |||
| load '/bats-assert/load.bash' | |||
| load '/getssl/test/test_helper.bash' | |||
| # This is run for every test | |||
| teardown() { | |||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||
| } | |||
| setup() { | |||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||
| export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||
| } | |||
| @test "Create new certificate using HTTP-01 verification (any dns tool)" { | |||
| if [ -n "$STAGING" ]; then | |||
| skip "Using staging server, skipping internal test" | |||
| fi | |||
| CONFIG_FILE="getssl-http01.cfg" | |||
| setup_environment | |||
| init_getssl | |||
| create_certificate | |||
| assert_success | |||
| run ${CODE_DIR}/getssl --account-id ${GETSSL_HOST} | |||
| assert_line --partial "Account Id is:" | |||
| assert_success | |||
| } | |||
+ 1
- 1
test/Dockerfile-alpine
View File
+ 1
- 1
test/Dockerfile-bash4-0
View File
+ 1
- 1
test/Dockerfile-bash4-2
View File
+ 1
- 1
test/Dockerfile-bash5-0
View File
+ 1
- 1
test/Dockerfile-centos7
View File
+ 1
- 2
test/Dockerfile-centos7-duckdns
View File
+ 1
- 2
test/Dockerfile-centos7-dynu
View File
+ 5
- 1
test/Dockerfile-centos8
View File
+ 1
- 1
test/Dockerfile-debian
View File
+ 1
- 1
test/Dockerfile-rockylinux8
View File
+ 1
- 1
test/Dockerfile-ubuntu
View File
+ 1
- 1
test/Dockerfile-ubuntu-acmedns
View File
+ 1
- 2
test/Dockerfile-ubuntu-duckdns
View File
+ 1
- 2
test/Dockerfile-ubuntu-dynu
View File
+ 1
- 1
test/Dockerfile-ubuntu14
View File
+ 1
- 1
test/Dockerfile-ubuntu16
View File
+ 1
- 1
test/Dockerfile-ubuntu18
View File
+ 5
- 5
test/README-Testing.md
View File
+ 9
- 4
test/restart-ftpd
View File
+ 3
- 3
test/restart-nginx
View File
| @ -1,14 +1,14 @@ | |||
| #!/usr/bin/env bash | |||
| if [ "$GETSSL_OS" = "alpine" ]; then | |||
| killall -HUP nginx >&3- | |||
| killall -HUP nginx | |||
| sleep 5 | |||
| elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then | |||
| pgrep nginx | head -1 | xargs kill -HUP | |||
| sleep 5 | |||
| elif [[ "$GETSSL_OS" == "centos6" ]]; then | |||
| service nginx restart 3>&- | |||
| service nginx restart 3>&- 4>&- | |||
| # service nginx restart | |||
| else | |||
| service nginx restart >/dev/null >&3- | |||
| service nginx restart >/dev/null 3>&- 4>&- | |||
| fi | |||