Steve Kennedy
2 years ago
committed by
Steve Kennedy
Steve Kennedy
92 changed files with 3563 additions and 424 deletions
Unified View
Diff Options
-
+127 -0.github/workflows/release-and-package.yml
-
+29 -27.github/workflows/run-tests-pebble.yml
-
+7 -5.github/workflows/run-tests-staging-acmedns.yml
-
+3 -11.github/workflows/run-tests-staging-duckdns.yml
-
+3 -11.github/workflows/run-tests-staging-dynu.yml
-
+6 -4.github/workflows/shellcheck.yml
-
+2 -0.gitignore
-
+964 -0README
-
+547 -31README.md
-
+38 -0RELEASE.md
-
+48 -0common.shrc
-
+11 -0debbuild.patch
-
+8 -4dns_scripts/Cloudflare-README.md
-
+22 -12dns_scripts/dns_add_acmedns
-
+1 -1dns_scripts/dns_add_azure
-
+1 -1dns_scripts/dns_add_del_aliyun.sh
-
+7 -0dns_scripts/dns_add_dnsmasq
-
+1 -1dns_scripts/dns_add_dnspod
-
+1 -1dns_scripts/dns_add_duckdns
-
+1 -1dns_scripts/dns_add_godaddy
-
+50 -0dns_scripts/dns_add_hetzner
-
+86 -0dns_scripts/dns_add_hostway
-
+1 -1dns_scripts/dns_add_ionos
-
+44 -0dns_scripts/dns_add_ispconfig
-
+1 -1dns_scripts/dns_add_joker
-
+27 -16dns_scripts/dns_add_linode
-
+1 -1dns_scripts/dns_add_manual
-
+30 -0dns_scripts/dns_add_ns1
-
+1 -1dns_scripts/dns_add_nsupdate
-
+1 -1dns_scripts/dns_add_ovh
-
+1 -1dns_scripts/dns_add_pdns-mysql
-
+30 -0dns_scripts/dns_add_vultr
-
+39 -0dns_scripts/dns_add_windows_dns_server
-
+8 -35dns_scripts/dns_del_acmedns
-
+7 -0dns_scripts/dns_del_dnsmasq
-
+1 -1dns_scripts/dns_del_dnspod
-
+1 -1dns_scripts/dns_del_duckdns
-
+1 -1dns_scripts/dns_del_godaddy
-
+57 -0dns_scripts/dns_del_hetzner
-
+66 -0dns_scripts/dns_del_hostway
-
+1 -1dns_scripts/dns_del_ionos
-
+44 -0dns_scripts/dns_del_ispconfig
-
+1 -1dns_scripts/dns_del_joker
-
+29 -21dns_scripts/dns_del_linode
-
+1 -1dns_scripts/dns_del_manual
-
+26 -0dns_scripts/dns_del_ns1
-
+1 -1dns_scripts/dns_del_nsupdate
-
+1 -1dns_scripts/dns_del_ovh
-
+1 -1dns_scripts/dns_del_pdns-mysql
-
+26 -0dns_scripts/dns_del_vultr
-
+39 -0dns_scripts/dns_del_windows_dns_server
-
+15 -17dns_scripts/dns_godaddy
-
+140 -0dns_scripts/ispconfig_soap.php
-
+191 -100getssl
-
+3 -0getssl.crontab
-
+9 -0getssl.logrotate
-
+59 -0getssl.spec
-
+1 -1other_scripts/cpanel_cert_upload
-
+95 -0other_scripts/iis_install_certeficate.ps1
-
+49 -0test/0-test-usage.bats
-
+18 -6test/11-test--install.bats
-
+0 -33test/32-test-upgrade.bats
-
+214 -8test/34-ftp-passive.bats
-
+167 -0test/34-ftp-ports.bats
-
+1 -1test/40-cname-dns01-nslookup.bats
-
+32 -0test/41-show-account-id.bats
-
+1 -1test/Dockerfile-alpine
-
+1 -1test/Dockerfile-bash4-0
-
+1 -1test/Dockerfile-bash4-2
-
+1 -1test/Dockerfile-bash5-0
-
+1 -1test/Dockerfile-centos7
-
+1 -2test/Dockerfile-centos7-duckdns
-
+1 -2test/Dockerfile-centos7-dynu
-
+5 -1test/Dockerfile-centos8
-
+1 -1test/Dockerfile-debian
-
+1 -1test/Dockerfile-rockylinux8
-
+1 -1test/Dockerfile-ubuntu
-
+1 -1test/Dockerfile-ubuntu-acmedns
-
+1 -2test/Dockerfile-ubuntu-duckdns
-
+1 -2test/Dockerfile-ubuntu-dynu
-
+1 -1test/Dockerfile-ubuntu14
-
+1 -1test/Dockerfile-ubuntu16
-
+1 -1test/Dockerfile-ubuntu18
-
+5 -5test/README-Testing.md
-
+9 -4test/restart-ftpd
-
+3 -3test/restart-nginx
-
+8 -1test/run-test.cmd
-
+9 -0test/test-config/alpine-supervisord.conf
-
+44 -7test/test_helper.bash
-
+5 -5test/u1-test-get_auth_dns-dig.bats
-
+5 -5test/u2-test-get_auth_dns-drill.bats
-
+10 -10test/u7-test-get_auth_dns-nslookup.bats
+ 127
- 0
.github/workflows/release-and-package.yml
View File
| @ -0,0 +1,127 @@ | |||||
| # ========================== | |||||
| # Can test locally using act (https://github.com/nektos/act) | |||||
| # ========================== | |||||
| # ./bin/act -s GITHUB_TOKEN=<fine-grained-token> --directory runner --workflows "../.github/workflows/" -e ../payloads.json --no-skip-checkout -j deploy | |||||
| # | |||||
| # where payloads.json is: | |||||
| # { | |||||
| # "inputs": { | |||||
| # "tags": "2.47" | |||||
| # } | |||||
| # } | |||||
| # | |||||
| # ========================== | |||||
| # Can debug remotely on github actions instance by uncommenting the 'tmate' section below | |||||
| # ========================== | |||||
| name: Deploy getssl | |||||
| on: | |||||
| workflow_dispatch: | |||||
| inputs: | |||||
| tags: | |||||
| description: 'Tag to deploy, e.g. 2.47' | |||||
| required: true | |||||
| type: string | |||||
| jobs: | |||||
| deploy: | |||||
| runs-on: ubuntu-latest | |||||
| steps: | |||||
| - name: prepare | |||||
| # Keep the outputs persistent outside the docker container to use for the other steps | |||||
| run: | | |||||
| mkdir -p ${{ github.workspace }}/bin | |||||
| mkdir -p ${{ github.workspace }}/debbuild/BUILD | |||||
| mkdir -p ${{ github.workspace }}/debbuild/DEBS/all | |||||
| mkdir -p ${{ github.workspace }}/debbuild/SDEBS | |||||
| mkdir -p ${{ github.workspace }}/debbuild/SOURCES | |||||
| mkdir -p ${{ github.workspace }}/debbuild/SPECS | |||||
| mkdir -p ${{ github.workspace }}/rpmbuild/SOURCES | |||||
| mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/noarch | |||||
| mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/SRPMS | |||||
| - name: Checkout | |||||
| uses: actions/checkout@v3 | |||||
| with: | |||||
| path: source | |||||
| - name: Get version number | |||||
| id: get_version | |||||
| run: | | |||||
| echo "VERSION=$(bash ${{ github.workspace }}/source/getssl --version)" >> $GITHUB_OUTPUT | |||||
| - name: Get release | |||||
| id: get_release | |||||
| run: | | |||||
| echo "RELEASE=$(grep Release source/getssl.spec | awk '{ print $2 }')" >> $GITHUB_OUTPUT | |||||
| - name: Check version matches tag | |||||
| run: | | |||||
| if [ "${{ steps.get_version.outputs.VERSION }}" != "getssl V${{ github.event.inputs.tags }}" ]; then | |||||
| echo "Version number in getssl (${{ steps.get_version.outputs.VERSION }}) does not match tag (getssl V${{ github.event.inputs.tags }})" | |||||
| exit 1 | |||||
| fi | |||||
| - name: build .deb package | |||||
| id: build_deb | |||||
| run: | | |||||
| sudo apt-get update -qq | |||||
| sudo apt-get install --no-install-recommends -qq -y build-essential devscripts debhelper pax liblocale-gettext-perl wget | |||||
| wget https://github.com/debbuild/debbuild/releases/download/22.02.1/debbuild_22.02.1-0ubuntu20.04_all.deb | |||||
| sudo dpkg --install debbuild_22.02.1-0ubuntu20.04_all.deb | |||||
| # Line 1959 has an extra ")" bracket | |||||
| sudo chmod +w /usr/bin/debbuild | |||||
| sudo patch /usr/bin/debbuild < ${GITHUB_WORKSPACE}/source/debbuild.patch | |||||
| tar --absolute-names -czf ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz ${GITHUB_WORKSPACE}/source/* --transform "s,${GITHUB_WORKSPACE}/source,getssl-${{ github.event.inputs.tags }}," | |||||
| tar --absolute-names -cf ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz --transform "s,${GITHUB_WORKSPACE},SOURCES," | |||||
| tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,' | |||||
| tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.spec --transform 's,^,SPECS/,' | |||||
| ln -s ${GITHUB_WORKSPACE}/debbuild ${HOME}/debbuild | |||||
| /usr/bin/debbuild -vv --install ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb | |||||
| /usr/bin/debbuild -vv -ba ${GITHUB_WORKSPACE}/debbuild/SPECS/getssl.spec | |||||
| echo "getssl_deb=${GITHUB_WORKSPACE}/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}_all.deb" >> $GITHUB_OUTPUT | |||||
| # *** Uncomment this to debug remotely *** | |||||
| # - name: Setup tmate session | |||||
| # if: ${{ failure() }} | |||||
| # uses: mxschmitt/action-tmate@v3 | |||||
| - name: build .rpm package | |||||
| id: build_rpm | |||||
| if: ${{ success() }} | |||||
| uses: addnab/docker-run-action@v3 | |||||
| with: | |||||
| image: rockylinux:8 | |||||
| options: -v ${{ github.workspace }}:/root -e GITHUB_REF=${{ github.ref }} | |||||
| run: | | |||||
| yum install -y rpm-build make | |||||
| tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/source/* --transform "s/root\/source\//getssl-${{ github.event.inputs.tags }}\//" | |||||
| cp /root/source/getssl.crontab /root/rpmbuild/SOURCES | |||||
| cp /root/source/getssl.logrotate /root/rpmbuild/SOURCES | |||||
| rpmbuild -ba /root/source/getssl.spec | |||||
| - name: output .rpm packages | |||||
| id: output_rpm | |||||
| if: ${{ success() }} | |||||
| run: | | |||||
| echo "getssl_rpm=${GITHUB_WORKSPACE}/rpmbuild/RPMS/noarch/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.noarch.rpm" >> $GITHUB_OUTPUT | |||||
| echo "getssl_srpm=${GITHUB_WORKSPACE}/rpmbuild/SRPMS/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.src.rpm" >> $GITHUB_OUTPUT | |||||
| - name: create_release | |||||
| id: create_release | |||||
| if: ${{ success() }} | |||||
| uses: ncipollo/release-action@v1 | |||||
| env: | |||||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |||||
| with: | |||||
| tag: ${{ github.event.inputs.tags }} | |||||
| name: Draft Release ${{ github.event.inputs.tags }} | |||||
| generateReleaseNotes: true | |||||
| draft: true | |||||
| prerelease: false | |||||
| artifacts: | | |||||
| ${{ steps.build_deb.outputs.getssl_deb }} | |||||
| ${{ steps.output_rpm.outputs.getssl_rpm }} | |||||
| ${{ steps.output_rpm.outputs.getssl_srpm }} | |||||
+ 29
- 27
.github/workflows/run-tests-pebble.yml
View File
+ 7
- 5
.github/workflows/run-tests-staging-acmedns.yml
View File
+ 3
- 11
.github/workflows/run-tests-staging-duckdns.yml
View File
+ 3
- 11
.github/workflows/run-tests-staging-dynu.yml
View File
+ 6
- 4
.github/workflows/shellcheck.yml
View File
+ 2
- 0
.gitignore
View File
+ 964
- 0
README
View File
| @ -0,0 +1,964 @@ | |||||
| GETSSL | |||||
| [Run all tests] [shellcheck] | |||||
| Obtain SSL certificates from the letsencrypt.org ACME server. Suitable | |||||
| for automating the process on remote servers. | |||||
| Table of Contents | |||||
| - Upgrade broken in v2.43 | |||||
| - Features | |||||
| - Overview | |||||
| - Quick Start Guide | |||||
| - Manual Installation | |||||
| - Getting started | |||||
| - Detailed guide to getting started with more examples | |||||
| - Wildcard certificates | |||||
| - ISPConfig | |||||
| - Automating updates | |||||
| - Structure | |||||
| - Server-Types | |||||
| - Revoke a certificate | |||||
| - Elliptic curve keys | |||||
| - Preferred Chain | |||||
| - Include Root certificate in full chain | |||||
| - Windows Server and IIS Support | |||||
| - Building getssl as an RPM Package (Redhat/CentOS/SuSe/Oracle/AWS) | |||||
| - Building getssl as a Debian Package (Debian/Ubuntu) | |||||
| - Issues / problems / help | |||||
| Upgrade broken in v2.43 | |||||
| The automatic upgrade in v2.43 is broken as the url is incorrect. If you | |||||
| have this version installed you’ll need to manually upgrade using: | |||||
| curl --silent --user-agent getssl/manual https://raw.githubusercontent.com/srvrco/getssl/latest/getssl --output getssl | |||||
| Features | |||||
| - BASH - It runs on virtually all unix machines, including BSD, most | |||||
| Linux distributions, macOS. | |||||
| - GET CERTIFICATES FOR REMOTE SERVERS - The tokens used to provide | |||||
| validation of domain ownership, and the certificates themselves can | |||||
| be automatically copied to remote servers (via ssh, sftp or ftp for | |||||
| tokens). The script doesn’t need to run on the server itself. This | |||||
| can be useful if you don’t have access to run such scripts on the | |||||
| server itself, e.g. if it’s a shared server. | |||||
| - RUNS AS A DAILY CRON - so certificates will be automatically renewed | |||||
| when required. | |||||
| - AUTOMATIC CERTIFICATE RENEWALS | |||||
| - CHECKS CERTIFICATES ARE CORRECTLY LOADED - After installation of a | |||||
| new certificate it will test the port specified ( see Server-Types | |||||
| for options ) that the certificate is actually being used correctly. | |||||
| - AUTOMATICALLY UPDATES - The script can automatically update itself | |||||
| with bug fixes etc if required. | |||||
| - EXTENSIVELY CONFIGURABLE - With a simple configuration file for each | |||||
| certificate it is possible to configure it exactly for your needs, | |||||
| whether a simple single domain or multiple domains across multiple | |||||
| servers on the same certificate. | |||||
| - SUPPORTS HTTP AND DNS CHALLENGES - Full ACME implementation | |||||
| - SIMPLE AND EASY TO USE | |||||
| - DETAILED DEBUG INFO - Whilst it shouldn’t be needed, detailed debug | |||||
| information is available. | |||||
| - RELOAD SERVICES - After a new certificate is obtained then the | |||||
| relevant services (e.g. apache/nginx/postfix) can be reloaded. | |||||
| - ACME V1 AND V2 - Supports both ACME versions 1 and 2 (note ACMEv1 is | |||||
| deprecated and clients will automatically use v2) | |||||
| Overview | |||||
| GetSSL was written in standard bash ( so it can be run on a server, a | |||||
| desktop computer, or even a virtualbox) and add the checks, and | |||||
| certificates to a remote server ( providing you have a ssh with key, | |||||
| sftp or ftp access to the remote server). | |||||
| ```getssl -h getssl ver. 2.36 Obtain SSL certificates from the | |||||
| letsencrypt.org ACME server | |||||
| Usage: getssl [-h|–help] [-d|–debug] [-c|–create] [-f|–force] [-a|–all] | |||||
| [-q|–quiet] [-Q|–mute] [-u|–upgrade] [-X|–experimental tag] | |||||
| [-U|–nocheck] [-r|–revoke cert key] [-w working_dir] [–preferred-chain | |||||
| chain] domain | |||||
| Options: -a, –all Check all certificates -d, –debug Output debug | |||||
| information -c, –create Create default config files -f, –force Force | |||||
| renewal of cert (overrides expiry checks) -h, –help Display this help | |||||
| message and exit -i, –install Install certificates and reload service | |||||
| -q, –quiet Quiet mode (only outputs on error, success of new cert, or | |||||
| getssl was upgraded) -Q, –mute Like -q, but also mute notification about | |||||
| successful upgrade -r, –revoke “cert” “key” [CA_server] Revoke a | |||||
| certificate (the cert and key are required) -u, –upgrade Upgrade getssl | |||||
| if a more recent version is available - can be used with or without | |||||
| domain(s) -X –experimental tag Allow upgrade to a specified version of | |||||
| getssl -U, –nocheck Do not check if a more recent version is available | |||||
| -v –version Display current version of getssl -w working_dir “Working | |||||
| directory” –preferred-chain “chain” Use an alternate chain for the | |||||
| certificate ``` | |||||
| Quick Start Guide | |||||
| You can download precompiled RPM packages and Debian (DEB) packages from | |||||
| the release page for this project, or you can manually build and install | |||||
| the program from the git sources. | |||||
| If you want to manually install the program from scratch with the git | |||||
| sources rather than use the pre-compiled RPMS and DEB packages, or if | |||||
| your target platform does not support Linux RPM or DEB packages, then | |||||
| please skip to the section Manual Installation for instructions on | |||||
| installing the getssl program manually. | |||||
| Packages are provided in binary and source versions, and can be | |||||
| downloaded and installed directly or rebuilt. Package types are Red Hat | |||||
| Package Manager (RPM) packages and Debian (DEB) packages for binary | |||||
| installation and Source RPM packages (SRPMS) and Debbuild SDEB packages | |||||
| for source code installation. | |||||
| RPM and DEB packages for each release include a binary architecture | |||||
| specific package and a source package which can be downloaded and | |||||
| built/rebuilt and which contains the source code. | |||||
| For example, the release v2.47 contains the following packages in the | |||||
| release section: | |||||
| RPM BASED PACKAGES (REDHAT, CENTOS, SUSE, ORACLE LINUX, AWS LINUX) | |||||
| - getssl-2.47-1.src.rpm (source) | |||||
| - getssl-2.47-1.noarch.rpm (binary) | |||||
| DEBIAN BASED PACKAGES (DEBIAN, UBUNTU) | |||||
| - getssl-2.47-1.sdeb (source) | |||||
| - getssl_2.47-1_all.deb (binary) | |||||
| INSTALLING BINARY PACKAGES | |||||
| To install the binary package with the rpm package manager for RedHat, | |||||
| CentOS, SuSe, Oracle Linux, or AWS Linux distributions: | |||||
| rpm -i getssl-2.47-1.noarch.rpm | |||||
| To deinstall the RPM binary package: | |||||
| rpm -e getssl | |||||
| To install the binary package with the Debian dpkg package manager for | |||||
| Debian and Ubuntu Linux distributions: | |||||
| dpkg -i getssl_2.47-1_all.deb | |||||
| To deinstall the Debian dpkg binary package: | |||||
| dpkg -r getssl | |||||
| INSTALLING SOURCE PACKAGES | |||||
| To install the source package with the rpm package manager for RedHat, | |||||
| CentOS, SuSe, Oracle Linux, or AWS Linux distributions: | |||||
| rpm -i getssl-2.47-1.src.rpm | |||||
| _(Note: rpm installs the source code files in /root/rpmbuild/ as top | |||||
| directory for RedHat, CentOS, Oracle Linux, and AWS Linux platforms. | |||||
| SuSe platforms install the source code files in /usr/src/packages/)_ | |||||
| To install the source package with the Debbuild package tool for Debian | |||||
| or Ubuntu Linux distributions: | |||||
| debbuild -i getssl-2.47-1.sdeb | |||||
| _(Note: Debbuild installs the source code files in /root/debbuild/ as | |||||
| top directory)_ | |||||
| One item of note is that SDEB packages are actually just tar.gz archives | |||||
| renamed with an .sdeb file extension with the files organized into a | |||||
| SPECS and SOURCES directory tree structure. Subsequently, an SDEB can | |||||
| also be extracted and installed with the TAR -XVF COMMAND or the files | |||||
| listed with the TAR -TVF COMMAND: | |||||
| [root@localhost getssl]$ tar -tvf /root/debbuild/SDEBS/getssl-2.47-1.sdeb | |||||
| -rw-r--r-- root/root 1772110 2022-10-12 20:42 SOURCES/getssl-2.47.tar.gz | |||||
| -rw-r--r-- root/root 192 2022-08-02 15:02 SOURCES/getssl.crontab | |||||
| -rw-r--r-- root/root 126 2022-08-02 15:02 SOURCES/getssl.logrotate | |||||
| -rw-r--r-- root/root 1537 2022-08-02 15:02 SPECS/getssl.spec | |||||
| [root@localhost getssl]$ | |||||
| For building or rebuilding RPMS or DEB Packages after you have installed | |||||
| the associated source packages on your platform, refer to the following: | |||||
| - Building getssl as an RPM Package (Redhat/CentOS/SuSe/Oracle/AWS) | |||||
| - Building getssl as a Debian Package (Debian/Ubuntu) | |||||
| Manual Installation | |||||
| Since the script is only one file, you can use the following command for | |||||
| a quick installation of GetSSL only: | |||||
| curl --silent https://raw.githubusercontent.com/srvrco/getssl/latest/getssl > getssl ; chmod 700 getssl | |||||
| This will copy the getssl Bash script to the current location and change | |||||
| the permissions to make it executable for you. | |||||
| For a more comprehensive installation (e.g. install also helper scripts) | |||||
| use the provided Makefile with each release tarball. Use the install | |||||
| target. | |||||
| You’ll find the latest version in the git repository: | |||||
| git clone https://github.com/srvrco/getssl.git | |||||
| For Arch Linux there are packages in the AUR, see here and there. | |||||
| If you use puppet, there is a GetSSL Puppet module by dthielking | |||||
| Getting started | |||||
| Once you have obtained the script (see Installation above), the next | |||||
| step is to use | |||||
| ./getssl -c yourdomain.com | |||||
| where yourdomain.com is the primary domain name that you want to create | |||||
| a certificate for. This will create the following folders and files. | |||||
| ~/.getssl | |||||
| ~/.getssl/getssl.cfg | |||||
| ~/.getssl/yourdomain.com | |||||
| ~/.getssl/yourdomain.com/getssl.cfg | |||||
| You can then edit ~/.getssl/getssl.cfg to set the values you want as the | |||||
| default for the majority of your certificates. | |||||
| Then edit ~/.getssl/yourdomain.com/getssl.cfg to have the values you | |||||
| want for this specific domain (make sure to uncomment and specify | |||||
| correct ACL option, since it is required). | |||||
| You can then just run: | |||||
| getssl yourdomain.com | |||||
| and it should run, providing output like: | |||||
| Registering account | |||||
| Verify each domain | |||||
| Verifying yourdomain.com | |||||
| Verified yourdomain.com | |||||
| Verifying www.yourdomain.com | |||||
| Verified www.yourdomain.com | |||||
| Verification completed, obtaining certificate. | |||||
| Certificate saved in /home/user/.getssl/yourdomain.com/yourdomain.com.crt | |||||
| The intermediate CA cert is in /home/user/.getssl/yourdomain.com/chain.crt | |||||
| copying domain certificate to ssh:server5:/home/yourdomain/ssl/domain.crt | |||||
| copying private key to ssh:server5:/home/yourdomain/ssl/domain.key | |||||
| copying CA certificate to ssh:server5:/home/yourdomain/ssl/chain.crt | |||||
| reloading SSL services | |||||
| THIS WILL (BY DEFAULT) USE THE STAGING SERVER, SO SHOULD GIVE YOU A | |||||
| CERTIFICATE THAT ISN’T TRUSTED ( FAKE LET’S ENCRYPT). Change the server | |||||
| in your config file to get a fully valid certificate. | |||||
| NOTE: Verification is done via port 80 (http), port 443 (https) or dns. | |||||
| The certificate can be used (and checked with getssl) on alternate | |||||
| ports. | |||||
| Detailed guide to getting started with more examples | |||||
| Guide to getting a certificate for example.com and www.example.com | |||||
| Wildcard certificates | |||||
| getssl supports creating wildcard certificates, i.e. __.example.com_ | |||||
| which allows a single certificate to be used for any domain under | |||||
| _example.com_, e.g. _www.example.com_, _mail.example.com*. These must be | |||||
| validated using the dns-01 method. | |||||
| A _partial_ example getssl.cfg file is: | |||||
| VALIDATE_VIA_DNS=true | |||||
| export CPANEL_USERNAME='' | |||||
| export CPANEL_URL='https://www.cpanel.host:2083' | |||||
| export CPANEL_APITOKEN='1ABC2DEF3GHI4JKL5MNO6PQR7STU8VWX9YZA' | |||||
| DNS_ADD_COMMAND=/home/root/getssl/dns_scripts/dns_add_cpanel | |||||
| DNS_DEL_COMMAND=/home/root/getssl/dns_scripts/dns_del_cpanel | |||||
| ISPConfig | |||||
| There is a need to create a remote user in ISPConfig to enable the | |||||
| remote API access. | |||||
| You need to go to System -> Remote Users and then enable the features | |||||
| for the remote user such as DNS zone functions. | |||||
| PHP is required to exeucte soap functions in file ispconfig_soap.php. | |||||
| DNS_ADD_COMMAND="/home/root/getssl/dns_scripts/dns_add_ispconfig" | |||||
| DNS_DEL_COMMAND="/home/root/getssl/dns_scripts/dns_del_ispconfig" | |||||
| export ISPCONFIG_REMOTE_USER_NAME="ussename" | |||||
| export ISPCONFIG_REMOTE_USER_PASSWORD="password" | |||||
| export ISPCONFIG_SOAP_LOCATION="https://localhost:8080/remote/index.php" | |||||
| export ISPCONFIG_SOAP_URL="https://localhost:8080/remote/" | |||||
| Create the wildcard certificate (need to use quotes to prevent | |||||
| globbing): | |||||
| getssl "*.example.domain" | |||||
| You can renew the certificate using getssl -a to renew all configured | |||||
| certificates. | |||||
| You can also specify additional domains in the SANS line, e.g. | |||||
| SANS="www.test.example.com". This cannot contain any of the domains | |||||
| which would be covered by the wildcard certificate. | |||||
| Automating updates | |||||
| I use the following CRON job | |||||
| 23 5 * * * /root/scripts/getssl -u -a -q | |||||
| The cron will automatically update getssl and renew any certificates, | |||||
| only giving output if there are issues / errors. | |||||
| - The -u flag updates getssl if there is a more recent version | |||||
| available. | |||||
| - The -a flag automatically renews any certificates that are due for | |||||
| renewal. | |||||
| - The -q flag is “quiet” so that it only outputs and emails me if | |||||
| there was an error / issue. | |||||
| Structure | |||||
| The design aim was to provide flexibility in running the code. The | |||||
| default working directory is ~/.getssl (which can be modified via the | |||||
| command line). | |||||
| Within the WORKING DIRECTORY is a config file getssl.cfg which is a | |||||
| simple bash file containing variables, an example of which is: | |||||
| # Uncomment and modify any variables you need | |||||
| # The staging server is best for testing (hence set as default) | |||||
| CA="https://acme-staging-v02.api.letsencrypt.org" | |||||
| # This server issues full certificates, however has rate limits | |||||
| #CA="https://acme-v02.api.letsencrypt.org" | |||||
| AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" | |||||
| # Set an email address associated with your account - generally set at account level rather than domain. | |||||
| ACCOUNT_EMAIL="me@example.com" | |||||
| ACCOUNT_KEY_LENGTH=4096 | |||||
| ACCOUNT_KEY="/home/user/.getssl/account.key" | |||||
| PRIVATE_KEY_ALG="rsa" | |||||
| # The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits. | |||||
| RENEW_ALLOW="30" | |||||
| # openssl config file. The default should work in most cases. | |||||
| SSLCONF="/usr/lib/ssl/openssl.cnf" | |||||
| then, within the WORKING DIRECTORY there will be a folder for each | |||||
| certificate (based on its domain name). Within that folder will be a | |||||
| config file (again called getssl.cfg). An example of which is: | |||||
| # Uncomment and modify any variables you need | |||||
| # see https://github.com/srvrco/getssl/wiki/Config-variables for details | |||||
| # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs | |||||
| # | |||||
| # The staging server is best for testing | |||||
| #CA="https://acme-staging-v02.api.letsencrypt.org" | |||||
| # This server issues full certificates, however has rate limits | |||||
| #CA="https://acme-v02.api.letsencrypt.org" | |||||
| #AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf" | |||||
| PRIVATE_KEY_ALG="rsa" | |||||
| # Additional domains - this could be multiple domains / subdomains in a comma separated list | |||||
| SANS="www.example.org" | |||||
| # Acme Challenge Location. The first line for the domain, the following ones for each additional domain. | |||||
| # If these start with ssh: then the next variable is assumed to be the hostname and the rest the location. | |||||
| # An ssh key will be needed to provide you with access to the remote server. | |||||
| # Optionally, you can specify a different userid for ssh/scp to use on the remote server before the @ sign. | |||||
| # If left blank, the username on the local server will be used to authenticate against the remote server. | |||||
| # If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location | |||||
| # These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge" | |||||
| # where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain. | |||||
| #ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||||
| # 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||||
| # 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' | |||||
| # 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge') | |||||
| # Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL | |||||
| DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt" | |||||
| DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key" | |||||
| #CA_CERT_LOCATION="/etc/ssl/chain.crt" | |||||
| #DOMAIN_CHAIN_LOCATION="" this is the domain cert and CA cert | |||||
| #DOMAIN_PEM_LOCATION="" this is the domain_key. domain cert and CA cert | |||||
| # The command needed to reload apache / nginx or whatever you use. | |||||
| # Several (ssh) commands may be given using a bash array: | |||||
| # RELOAD_CMD=('ssh:sshuserid@server5:systemctl reload httpd' 'logger getssl for server5 efficient.') | |||||
| RELOAD_CMD="service apache2 reload" | |||||
| # Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp, | |||||
| # smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which | |||||
| # will be checked for certificate expiry and also will be checked after | |||||
| # an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true | |||||
| #SERVER_TYPE="https" | |||||
| #CHECK_REMOTE="true" | |||||
| If a location for a file starts with ssh: it is assumed the next part of | |||||
| the file is the hostname, followed by a colon, and then the path. Files | |||||
| will be securely copied using scp, and it assumes that you have a key on | |||||
| the server (for passwordless access). You can set the user, port etc for | |||||
| the server in your .ssh/config file. | |||||
| If an ACL starts with ftp: or sftp: it as assumed that the line is in | |||||
| the format “ftp:UserID:Password:servername:/path/to/acme-challenge”. | |||||
| sftp requires sshpass. Note: FTP can be used for copying tokens only and | |||||
| can NOT be used for uploading private key or certificates as it’s not a | |||||
| secure method of transfer. | |||||
| ssh can also be used for the reload command if using on remote servers. | |||||
| Multiple locations can be defined for a file by separating the locations | |||||
| with a semi-colon. | |||||
| A typical config file for example.com and www.example.com on the same | |||||
| server would be: | |||||
| # uncomment and modify any variables you need | |||||
| # The staging server is best for testing | |||||
| CA="https://acme-staging-v02.api.letsencrypt.org" | |||||
| # This server issues full certificates, however has rate limits | |||||
| #CA="https://acme-v02.api.letsencrypt.org" | |||||
| # additional domains - this could be multiple domains / subdomains in a comma separated list | |||||
| SANS="www.example.com" | |||||
| #Acme Challenge Location. The first line for the domain, the following ones for each additional domain | |||||
| ACL=('/var/www/example.com/web/.well-known/acme-challenge') | |||||
| USE_SINGLE_ACL="true" | |||||
| DOMAIN_CERT_LOCATION="/etc/ssl/example.com.crt" | |||||
| DOMAIN_KEY_LOCATION="/etc/ssl/example.com.key" | |||||
| CA_CERT_LOCATION="/etc/ssl/example.com.bundle" | |||||
| RELOAD_CMD="service apache2 reload" | |||||
| Server-Types | |||||
| OpenSSL has built-in support for getting the certificate from a number | |||||
| of SSL services these are available in getssl to check if the | |||||
| certificate is installed correctly | |||||
| Server-Type Port Extra | |||||
| ------------------ ------ -------------- | |||||
| https 443 | |||||
| ftp 21 FTP Explicit | |||||
| ftpi 990 FTP Implicit | |||||
| imap 143 StartTLS | |||||
| imaps 993 | |||||
| pop3 110 StartTLS | |||||
| pop3s 995 | |||||
| smtp 25 StartTLS | |||||
| smtps_deprecated 465 | |||||
| smtps 587 StartTLS | |||||
| smtp_submission 587 StartTLS | |||||
| xmpp 5222 StartTLS | |||||
| xmpps 5269 | |||||
| ldaps 636 | |||||
| port number | |||||
| Revoke a certificate | |||||
| In general revoking a certificate is not required. | |||||
| Usage: getssl -r path/to/cert path/to/key [CA_server] | |||||
| You need to specify both the certificate you want to revoke, and the | |||||
| account or private domain key which was used to sign / obtain the | |||||
| original certificate. The CA_server is an optional parameter and | |||||
| defaults to Let’s Encrypt (“https://acme-v02.api.letsencrypt.org”) as | |||||
| that is currently the only Certificate Authority using the ACME | |||||
| protocol. | |||||
| Elliptic curve keys | |||||
| You can use Elliptic curve keys for both the account key and the domain | |||||
| key (different of course, don’t use the same key for both). prime256v1 | |||||
| (NIST P-256) and secp384r1 (NIST P-384) are both fully supported. | |||||
| secp521r1 (NIST P-521) is included in the code, but not currently | |||||
| supported by Let’s Encrypt). | |||||
| Preferred Chain | |||||
| If a CA offers multiple chains then it is possible to select which chain | |||||
| is used by using the PREFERRED_CHAIN variable in getssl.cfg or | |||||
| specifying --preferred-chain in the call to getssl | |||||
| This uses wildcard matching so requesting “X1” returns the first | |||||
| certificate returned by the CA which contains the text “X1”, Note you | |||||
| may need to escape any characters which special characters, e.g. | |||||
| PREFERRED_CHAIN="\(STAGING\) Doctored Durian Root CA X3" | |||||
| - Staging options are: “(STAGING) Doctored Durian Root CA X3” and | |||||
| “(STAGING) Pretend Pear X1” | |||||
| - Production options are: “ISRG Root X1” and “ISRG Root X2” | |||||
| Include Root certificate in full chain | |||||
| Some servers, including those that use Java keystores, will not accept a | |||||
| server certificate if it cannot valid the full chain of signers. | |||||
| Specifically, Nutanix Prism (Element and Central) will not accept the | |||||
| fullchain.crt until the root CA’s certificate has been appended to it | |||||
| manually. | |||||
| If your application requires the full chain, i.e. including the root | |||||
| certificate of the CA, then this can be included in the fullchain.crt | |||||
| file by adding the following line to getssl.cfg | |||||
| FULL_CHAIN_INCLUDE_ROOT="true" | |||||
| Windows Server and IIS Support | |||||
| SYSTEM AND SOFTWARE REQUIREMENTS: | |||||
| - Windows Server with DNS and IIS services | |||||
| - One of | |||||
| - WSL Windows Sub for Linux | |||||
| - Ubuntu or any other distro | |||||
| - gettssl can be installed inside WSL or using /mnt/ path to | |||||
| windows | |||||
| - Bash - gettssl should be installed in Windows | |||||
| - Git Bash - https://git-scm.com/downloads | |||||
| - Rtools4.0 - https://cran.r-project.org/bin/windows/Rtools/ | |||||
| WSL | |||||
| - Installing and configuring WSL 2 | |||||
| - Add remove Windows features and choose “Windows for sub Linux” | |||||
| - Install a distro like Ubuntu or any other Linux platform | |||||
| - If newly added to the system a reboot is required to | |||||
| continue | |||||
| - wsl –install -d ubuntu | |||||
| - Any user will work | |||||
| - Copying files to WSL | |||||
| - From Windows open Windows Explorer and browse to | |||||
| \\wsl$\Ubuntu\home\user\ and then place the getssl files | |||||
| and folders .getssl and getssl into users home directory | |||||
| \\wsl$\Ubuntu\home\user\.getssl . or in Windows | |||||
| - Open cmd in Widnows and type | |||||
| wsl -d Ubuntu /bin/bash /home/UserName/getssl/getssl domain.eu && exit | |||||
| - Using a specific distro if not set as default in WSL then | |||||
| use the wsl -d distro command | |||||
| NOTES: | |||||
| - While configuring WSL please do check the /etc/hosts file if the | |||||
| IP of the domain is correct since it overrides the DNS server. | |||||
| - Make sure running version 2. | |||||
| GIT BASH - MINGW64_NT | |||||
| - Install git GIT Bash | |||||
| - "C:\Program Files\Git\bin\bash.exe" --login -i -- path_to/getssl/getssl domain.eu | |||||
| RTOOLS BASH - MSYS_NT | |||||
| - Make sure that the path of \rtools42\usr\bin in Windows system | |||||
| environment variables is right before c:\windows\system32\ so that | |||||
| getssl will use the Rtools applications instead of Windows | |||||
| applications such as sort.exe that crashes or speify full path to | |||||
| sort. | |||||
| - \rtools42\usr\bin\bash.exe \Users\Administrator\getssl\getssl domain.eu 2>&1 1>out.txt | |||||
| UPDATING DNS TXT RECORDS | |||||
| - Using PowerShell to add and delete _acme-challenge records | |||||
| - dns_add_windows_dnsserver | |||||
| - dns_del_windows_dnsserver | |||||
| NOTES: The script supports optional second level TLDs. | |||||
| sub.domain.co.uk You can update the reqexp .(co|com).uk to fit your | |||||
| needs. | |||||
| IIS INTERNET INFORMATION SERVICE | |||||
| - Under folder other_scripts you can find a PowerSheell script | |||||
| iis_install_certeficate.ps1 which generates PFX certificate to be | |||||
| installed in IIS and binds the domains to the PFX certificate. | |||||
| - WSL | |||||
| - RELOAD_CMD=("powershell.exe -ExecutionPolicy Bypass -File "\\\\wsl$\\Ubuntu\\home\\user\\getssl\\other_scripts\\iis_install_certeficate.ps1" "domain.eu" "IIS SiteName" "\\\\wsl$\\Ubuntu\\home\\user\\ssl\\" "path_to_ssl_dir" ) | |||||
| - GIT and Rtools4 Bash | |||||
| - RELOAD_CMD=("powershell.exe /c/Users/Administrator/getssl/other_scripts/iis_install_certeficate.ps1 domain.eu domain path_to_ssl_dir") | |||||
| Building as an RPM Package | |||||
| In order to build getssl as an RPM, the program must be compressed into | |||||
| a tar.gz file and the tar.gz file named to match the versioning | |||||
| information contained in the associated .spec file. | |||||
| Spec files are special files which contain instructions on how to build | |||||
| a particular package from a source code archive. On Red Hat, CentOS, | |||||
| Oracle Linux, and AWS Linux systems, RPMS are built in the | |||||
| /root/rpmbuild/ top directory. SuSe systems build RPMS in the | |||||
| /usr/src/packages/ as top directory. These “top directories” will | |||||
| contain BUILD, BUILDROOT, SPECS, RPMS, SRPMS, and SOURCES | |||||
| subdirectories. | |||||
| The SPECS directory contains the *.spec files used to build RPMS and | |||||
| SRPMS packages. The SOURCES subdirectory will contain the soure code | |||||
| archive file referred to in the *.spec file used to build the RPM | |||||
| package. | |||||
| See the Quick Start Guide on instructions for installing the source rpm | |||||
| which installs both the .spec file and source archive file (tar.gz) into | |||||
| the rpm build top directory (i.e. /root/rpmbuild/). You should have | |||||
| previously installed the src.rpm file before attempting to build the | |||||
| rpm. You can also manually install the .spec file into the <top | |||||
| directory>/SPECS/ directory and the source code tarball in the <top | |||||
| directory/SOURCES/ directory, then attempt to build the rpm package. | |||||
| To build getssl using the rpm tool, change directories (cd) into the | |||||
| /root/rpmbuild/SPECS/ directory (/usr/src/packages/SPECS/ for SuSe) and | |||||
| enter the following command: | |||||
| rpmbuild -ba getssl.spec <enter> | |||||
| The program should output the following if the build is successful and | |||||
| verify that the program wrote both the RPMS and SRPMS packages: | |||||
| Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.BYQw0V | |||||
| + umask 022 | |||||
| + cd /root/rpmbuild/BUILD | |||||
| + cd /root/rpmbuild/BUILD | |||||
| + rm -rf getssl-2.47 | |||||
| + /usr/bin/gzip -dc /root/rpmbuild/SOURCES/getssl-2.47.tar.gz | |||||
| + /usr/bin/tar -xof - | |||||
| + STATUS=0 | |||||
| + '[' 0 -ne 0 ']' | |||||
| + cd getssl-2.47 | |||||
| + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . | |||||
| + exit 0 | |||||
| Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.xpA456 | |||||
| + umask 022 | |||||
| + cd /root/rpmbuild/BUILD | |||||
| + cd getssl-2.47 | |||||
| + exit 0 | |||||
| Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.zQs24R | |||||
| + umask 022 | |||||
| + cd /root/rpmbuild/BUILD | |||||
| + '[' /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 '!=' / ']' | |||||
| + rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| ++ dirname /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| + mkdir -p /root/rpmbuild/BUILDROOT | |||||
| + mkdir /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| + cd getssl-2.47 | |||||
| + '[' -n /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 -a /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 '!=' / ']' | |||||
| + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin | |||||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts | |||||
| + /usr/bin/mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts | |||||
| + /usr/bin/make DESTDIR=/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 install | |||||
| mkdir -p /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| install -Dvm755 getssl /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin/getssl | |||||
| 'getssl' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/bin/getssl' | |||||
| install -dvm755 /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl | |||||
| for dir in *_scripts; do install -dv /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/$dir; install -pv $dir/* /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/$dir/; done | |||||
| 'dns_scripts/Azure-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/Azure-README.txt' | |||||
| 'dns_scripts/Cloudflare-README.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/Cloudflare-README.md' | |||||
| 'dns_scripts/DNS_IONOS.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/DNS_IONOS.md' | |||||
| 'dns_scripts/DNS_ROUTE53.md' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' | |||||
| 'dns_scripts/GoDaddy-README.txt' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' | |||||
| 'dns_scripts/dns_add_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_acmedns' | |||||
| 'dns_scripts/dns_add_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_azure' | |||||
| 'dns_scripts/dns_add_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' | |||||
| 'dns_scripts/dns_add_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_clouddns' | |||||
| 'dns_scripts/dns_add_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cloudflare' | |||||
| 'dns_scripts/dns_add_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_cpanel' | |||||
| 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' | |||||
| 'dns_scripts/dns_add_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dnspod' | |||||
| 'dns_scripts/dns_add_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_duckdns' | |||||
| 'dns_scripts/dns_add_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_dynu' | |||||
| 'dns_scripts/dns_add_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_godaddy' | |||||
| 'dns_scripts/dns_add_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_hostway' | |||||
| 'dns_scripts/dns_add_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ionos' | |||||
| 'dns_scripts/dns_add_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ispconfig' | |||||
| 'dns_scripts/dns_add_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_joker' | |||||
| 'dns_scripts/dns_add_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_lexicon' | |||||
| 'dns_scripts/dns_add_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_linode' | |||||
| 'dns_scripts/dns_add_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_manual' | |||||
| 'dns_scripts/dns_add_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_nsupdate' | |||||
| 'dns_scripts/dns_add_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_ovh' | |||||
| 'dns_scripts/dns_add_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' | |||||
| 'dns_scripts/dns_add_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_vultr' | |||||
| 'dns_scripts/dns_add_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' | |||||
| 'dns_scripts/dns_del_acmedns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_acmedns' | |||||
| 'dns_scripts/dns_del_azure' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_azure' | |||||
| 'dns_scripts/dns_del_challtestsrv' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' | |||||
| 'dns_scripts/dns_del_clouddns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_clouddns' | |||||
| 'dns_scripts/dns_del_cloudflare' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cloudflare' | |||||
| 'dns_scripts/dns_del_cpanel' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_cpanel' | |||||
| 'dns_scripts/dns_del_dnspod' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dnspod' | |||||
| 'dns_scripts/dns_del_duckdns' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_duckdns' | |||||
| 'dns_scripts/dns_del_dynu' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_dynu' | |||||
| 'dns_scripts/dns_del_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_godaddy' | |||||
| 'dns_scripts/dns_del_hostway' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_hostway' | |||||
| 'dns_scripts/dns_del_ionos' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ionos' | |||||
| 'dns_scripts/dns_del_ispconfig' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ispconfig' | |||||
| 'dns_scripts/dns_del_joker' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_joker' | |||||
| 'dns_scripts/dns_del_lexicon' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_lexicon' | |||||
| 'dns_scripts/dns_del_linode' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_linode' | |||||
| 'dns_scripts/dns_del_manual' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_manual' | |||||
| 'dns_scripts/dns_del_nsupdate' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_nsupdate' | |||||
| 'dns_scripts/dns_del_ovh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_ovh' | |||||
| 'dns_scripts/dns_del_pdns-mysql' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' | |||||
| 'dns_scripts/dns_del_vultr' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_vultr' | |||||
| 'dns_scripts/dns_del_windows_dns_server' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' | |||||
| 'dns_scripts/dns_freedns.sh' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_freedns.sh' | |||||
| 'dns_scripts/dns_godaddy' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_godaddy' | |||||
| 'dns_scripts/dns_route53.py' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/dns_route53.py' | |||||
| 'dns_scripts/ispconfig_soap.php' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/dns_scripts/ispconfig_soap.php' | |||||
| 'other_scripts/cpanel_cert_upload' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts/cpanel_cert_upload' | |||||
| 'other_scripts/iis_install_certeficate.ps1' -> '/root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' | |||||
| + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.crontab /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/etc/cron.d/getssl | |||||
| + install -Dpm 644 /root/rpmbuild/SOURCES/getssl.logrotate /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64/etc/logrotate.d/getssl | |||||
| + /usr/lib/rpm/check-buildroot | |||||
| + /usr/lib/rpm/redhat/brp-ldconfig | |||||
| /sbin/ldconfig: Warning: ignoring configuration file that cannot be opened: /etc/ld.so.conf: No such file or directory | |||||
| + /usr/lib/rpm/brp-compress | |||||
| + /usr/lib/rpm/brp-strip /usr/bin/strip | |||||
| + /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump | |||||
| + /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip | |||||
| + /usr/lib/rpm/brp-python-bytecompile '' 1 | |||||
| + /usr/lib/rpm/brp-python-hardlink | |||||
| + /usr/bin/true | |||||
| Processing files: getssl-2.47-1.noarch | |||||
| Provides: getssl = 2.47-1 | |||||
| Requires(interp): /bin/sh /bin/sh /bin/sh /bin/sh | |||||
| Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 | |||||
| Requires(pre): /bin/sh | |||||
| Requires(post): /bin/sh | |||||
| Requires(preun): /bin/sh | |||||
| Requires(postun): /bin/sh | |||||
| Requires: /bin/bash /usr/bin/env | |||||
| Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| Wrote: /root/rpmbuild/SRPMS/getssl-2.47-1.src.rpm | |||||
| Wrote: /root/rpmbuild/RPMS/noarch/getssl-2.47-1.noarch.rpm | |||||
| Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.hgma8Q | |||||
| + umask 022 | |||||
| + cd /root/rpmbuild/BUILD | |||||
| + cd getssl-2.47 | |||||
| + /usr/bin/rm -rf /root/rpmbuild/BUILDROOT/getssl-2.47-1.x86_64 | |||||
| + exit 0 | |||||
| Building as a Debian Package | |||||
| In order to build getssl as a Debian package, the program must be | |||||
| compressed into a tar.gz file and the tar.gz file named to match the | |||||
| versioning information contained in the associated .spec file. Spec | |||||
| files are special files which contain instructions on how to build a | |||||
| particular package from a source code archive. | |||||
| Debian Packages can be built using a utility called “debbuild” and use a | |||||
| top directory structure which is similar to that used by the RPM tool | |||||
| but using /root/debbuild/ as the “top directory”. These “top | |||||
| directories” will contain BUILD, BUILDROOT, SPECS, DEBS, SDEBS, and | |||||
| SOURCES subdirectories and follows a similar layout that is used for RPM | |||||
| files. | |||||
| The SPECS directory contains the *.spec files used to build DEB and SDEB | |||||
| packages. The SOURCES subdirectory will contain the soure code archive | |||||
| file referred to in the *.spec file used to build the DEB and SDEB | |||||
| packages. | |||||
| See the Quick Start Guide on instructions for installing the source SDEB | |||||
| which installs both the .spec file and source archive file (tar.gz) into | |||||
| the debbuild top directory (i.e. /root/debbuild/). You should have | |||||
| previously installed the SDEB file before attempting to build the DEB | |||||
| package. You can also manually install the .spec file into the <top | |||||
| directory>/SPECS/ directory and the source code tarball in the <top | |||||
| directory/SOURCES/ directory, then attempt to build the DEB package. | |||||
| To build getssl using debbuild, change directories (cd) into the | |||||
| /root/debbuild/SPECS/ directory and enter the following command: | |||||
| debbuild -vv -ba getssl.spec <enter> | |||||
| The program should output the following if the build is successful and | |||||
| verify that the program wrote both the DEB and SDEB packages: | |||||
| This is debbuild, version 22.02.1\ndebconfigdir:/usr/lib/debbuild\nsysconfdir:/etc\n | |||||
| Lua: No Lua module loaded | |||||
| Executing (%prep): /bin/sh -e /var/tmp/deb-tmp.prep.92007 | |||||
| + umask 022 | |||||
| + cd /root/debbuild/BUILD | |||||
| + /bin/rm -rf getssl-2.47 | |||||
| + /bin/gzip -dc /root/debbuild/SOURCES/getssl-2.47.tar.gz | |||||
| + /bin/tar -xf - | |||||
| + STATUS=0 | |||||
| + '[' 0 -ne 0 ']' | |||||
| + cd getssl-2.47 | |||||
| + /bin/chmod -Rf a+rX,u+w,go-w . | |||||
| + exit 0 | |||||
| Executing (%build): /bin/sh -e /var/tmp/deb-tmp.build.40956 | |||||
| + umask 022 | |||||
| + cd /root/debbuild/BUILD | |||||
| + cd getssl-2.47 | |||||
| + exit 0 | |||||
| Executing (%install): /bin/sh -e /var/tmp/deb-tmp.install.36647 | |||||
| + umask 022 | |||||
| + cd /root/debbuild/BUILD | |||||
| + cd getssl-2.47 | |||||
| + '[' -n /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 -a /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 '!=' / ']' | |||||
| + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin | |||||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts | |||||
| + /bin/mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts | |||||
| + /usr/bin/make DESTDIR=/root/debbuild/BUILDROOT/getssl-2.47-1.amd64 install | |||||
| mkdir -p /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||||
| install -Dvm755 getssl /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin/getssl | |||||
| 'getssl' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/bin/getssl' | |||||
| install -dvm755 /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl | |||||
| for dir in *_scripts; do install -dv /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/$dir; install -pv $dir/* /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/$dir/; done | |||||
| 'dns_scripts/Azure-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/Azure-README.txt' | |||||
| 'dns_scripts/Cloudflare-README.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/Cloudflare-README.md' | |||||
| 'dns_scripts/DNS_IONOS.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/DNS_IONOS.md' | |||||
| 'dns_scripts/DNS_ROUTE53.md' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/DNS_ROUTE53.md' | |||||
| 'dns_scripts/GoDaddy-README.txt' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/GoDaddy-README.txt' | |||||
| 'dns_scripts/dns_add_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_acmedns' | |||||
| 'dns_scripts/dns_add_azure' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_azure' | |||||
| 'dns_scripts/dns_add_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_challtestsrv' | |||||
| 'dns_scripts/dns_add_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_clouddns' | |||||
| 'dns_scripts/dns_add_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_cloudflare' | |||||
| 'dns_scripts/dns_add_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_cpanel' | |||||
| 'dns_scripts/dns_add_del_aliyun.sh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_del_aliyun.sh' | |||||
| 'dns_scripts/dns_add_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_dnspod' | |||||
| 'dns_scripts/dns_add_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_duckdns' | |||||
| 'dns_scripts/dns_add_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_dynu' | |||||
| 'dns_scripts/dns_add_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_godaddy' | |||||
| 'dns_scripts/dns_add_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_hostway' | |||||
| 'dns_scripts/dns_add_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ionos' | |||||
| 'dns_scripts/dns_add_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ispconfig' | |||||
| 'dns_scripts/dns_add_joker' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_joker' | |||||
| 'dns_scripts/dns_add_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_lexicon' | |||||
| 'dns_scripts/dns_add_linode' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_linode' | |||||
| 'dns_scripts/dns_add_manual' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_manual' | |||||
| 'dns_scripts/dns_add_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_nsupdate' | |||||
| 'dns_scripts/dns_add_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_ovh' | |||||
| 'dns_scripts/dns_add_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_pdns-mysql' | |||||
| 'dns_scripts/dns_add_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_vultr' | |||||
| 'dns_scripts/dns_add_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_add_windows_dns_server' | |||||
| 'dns_scripts/dns_del_acmedns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_acmedns' | |||||
| 'dns_scripts/dns_del_azure' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_azure' | |||||
| 'dns_scripts/dns_del_challtestsrv' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_challtestsrv' | |||||
| 'dns_scripts/dns_del_clouddns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_clouddns' | |||||
| 'dns_scripts/dns_del_cloudflare' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_cloudflare' | |||||
| 'dns_scripts/dns_del_cpanel' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_cpanel' | |||||
| 'dns_scripts/dns_del_dnspod' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_dnspod' | |||||
| 'dns_scripts/dns_del_duckdns' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_duckdns' | |||||
| 'dns_scripts/dns_del_dynu' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_dynu' | |||||
| 'dns_scripts/dns_del_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_godaddy' | |||||
| 'dns_scripts/dns_del_hostway' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_hostway' | |||||
| 'dns_scripts/dns_del_ionos' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ionos' | |||||
| 'dns_scripts/dns_del_ispconfig' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ispconfig' | |||||
| 'dns_scripts/dns_del_joker' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_joker' | |||||
| 'dns_scripts/dns_del_lexicon' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_lexicon' | |||||
| 'dns_scripts/dns_del_linode' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_linode' | |||||
| 'dns_scripts/dns_del_manual' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_manual' | |||||
| 'dns_scripts/dns_del_nsupdate' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_nsupdate' | |||||
| 'dns_scripts/dns_del_ovh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_ovh' | |||||
| 'dns_scripts/dns_del_pdns-mysql' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_pdns-mysql' | |||||
| 'dns_scripts/dns_del_vultr' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_vultr' | |||||
| 'dns_scripts/dns_del_windows_dns_server' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_del_windows_dns_server' | |||||
| 'dns_scripts/dns_freedns.sh' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_freedns.sh' | |||||
| 'dns_scripts/dns_godaddy' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_godaddy' | |||||
| 'dns_scripts/dns_route53.py' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/dns_route53.py' | |||||
| 'dns_scripts/ispconfig_soap.php' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/dns_scripts/ispconfig_soap.php' | |||||
| 'other_scripts/cpanel_cert_upload' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts/cpanel_cert_upload' | |||||
| 'other_scripts/iis_install_certeficate.ps1' -> '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/usr/share/getssl/other_scripts/iis_install_certeficate.ps1' | |||||
| + install -Dpm 644 /root/debbuild/SOURCES/getssl.crontab /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/etc/cron.d/getssl | |||||
| + install -Dpm 644 /root/debbuild/SOURCES/getssl.logrotate /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/etc/logrotate.d/getssl | |||||
| + exit 0 | |||||
| Checking library requirements... | |||||
| Executing (package-creation): /bin/sh -e /var/tmp/deb-tmp.pkg.6107 for getssl | |||||
| + umask 022 | |||||
| + cd /root/debbuild/BUILD | |||||
| + /usr/bin/fakeroot -- /usr/bin/dpkg-deb -b /root/debbuild/BUILDROOT/getssl-2.47-1.amd64/main /root/debbuild/DEBS/all/getssl_2.47-1_all.deb | |||||
| dpkg-deb: warning: parsing file '/root/debbuild/BUILDROOT/getssl-2.47-1.amd64/main/DEBIAN/control' near line 10 package 'getssl': | |||||
| missing 'Maintainer' field | |||||
| dpkg-deb: warning: ignoring 1 warning about the control file(s) | |||||
| dpkg-deb: building package 'getssl' in '/root/debbuild/DEBS/all/getssl_2.47-1_all.deb'. | |||||
| + exit 0 | |||||
| Executing (%clean): /bin/sh -e /var/tmp/deb-tmp.clean.52780 | |||||
| + umask 022 | |||||
| + cd /root/debbuild/BUILD | |||||
| + '[' /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 '!=' / ']' | |||||
| + /bin/rm -rf /root/debbuild/BUILDROOT/getssl-2.47-1.amd64 | |||||
| + exit 0 | |||||
| Wrote source package getssl-2.47-1.sdeb in /root/debbuild/SDEBS. | |||||
| Wrote binary package getssl_2.47-1_all.deb in /root/debbuild/DEBS/all | |||||
| Issues / problems / help | |||||
| If you have any issues, please log them at | |||||
| https://github.com/srvrco/getssl/issues | |||||
| There are additional help pages on the wiki | |||||
| If you have any suggestions for improvements then pull requests are | |||||
| welcomed, or raise an issue. | |||||
+ 547
- 31
README.md
View File
+ 38
- 0
RELEASE.md
View File
| @ -0,0 +1,38 @@ | |||||
| # How to do a release of getssl | |||||
| ## Update the version and tag the release | |||||
| 1. git pull | |||||
| 2. git branch -c release_2_nn | |||||
| 3. git switch release_2_nn | |||||
| 4. update VERSION in `getssl` and `getssl.spec` | |||||
| 5. git commit -m"Update version to v2.nn" | |||||
| 6. git tag -a v2.nn | |||||
| 7. git push origin release_2_nn | |||||
| 8. git push --tags | |||||
| ## Manually start the github release-and-package action | |||||
| 1. Build the .deb and .rpm packages | |||||
| 2. create a draft release containing the packages and the release note | |||||
| 3. **IMPORTANT** make sure that the release references tag **v**N.NN otherwise getssl -u fails! | |||||
| ## Can test the .deb file using the following steps | |||||
| 1. Change the status from draft to pre-release | |||||
| 2. Test that the package can be installed using a cloud instance | |||||
| 1. Start an Ubuntu ec2 instance from AWS Console (or Azure or Google Cloud) | |||||
| 2. Or use the instant-ec2.sh script from my Github gist to start an Ubuntu ec2 instance | |||||
| 1. `git clone git@gist.github.com:12c297e0645920c413273c9d15edbc68.git instant-ec2` | |||||
| 2. `./instant-ec2/instant-ec2.sh` | |||||
| 3. download the deb package | |||||
| `wget https://github.com/srvrco/getssl/releases/download/v2.nn/getssl_2.nn-1_all.deb` | |||||
| 4. install the deb package | |||||
| `dpkg -i getssl_2.nn-1_all.deb` | |||||
| 5. Check it's installed correctly | |||||
| `getssl --version` | |||||
| ## Update the latest tag post-release | |||||
| 1. git tag -f -a latest | |||||
| 2. git push --force --tags | |||||
+ 48
- 0
common.shrc
View File
| @ -0,0 +1,48 @@ | |||||
| # Simple cURL wrapper to manage nicely error handling: | |||||
| # | |||||
| # * In case of success, just read body from stdout | |||||
| # * In case of HTTP error (status >= 400), first stderr contains "HTTP status: XXX", then body | |||||
| # * In case of other error, just print cURL error on stderr | |||||
| # | |||||
| # This function requires a temporary file. It's created under ${TEMP_DIR} if defined and not empty. | |||||
| # Otherwise, it relies on `mktemp` defaults. | |||||
| # | |||||
| curl.do() { | |||||
| local rc=0 | |||||
| local mktemp_opts=( '--suffix=.curl' ) | |||||
| [[ -z "${TEMP_DIR}" ]] || mktemp_opts+=( "--tempdir=${TEMP_DIR}" ) | |||||
| local curl_body_file='' | |||||
| curl_body_file="$(mktemp "${mktemp_opts[@]}")" || { | |||||
| rc=$? | |||||
| echo "Unable to create temporary file for cURL output" | |||||
| return $rc | |||||
| } >&2 | |||||
| local curl_opts=( | |||||
| --output "${curl_body_file}" | |||||
| --write-out '%{http_code}' | |||||
| --silent | |||||
| --show-error | |||||
| "$@" | |||||
| ) | |||||
| local http_code='' | |||||
| http_code="$(curl "${curl_opts[@]}")" || rc=$? | |||||
| (( http_code < 400 )) || { | |||||
| (( rc == 0 )) || rc=1 | |||||
| echo "HTTP status: ${http_code}" | |||||
| } >&2 | |||||
| if [[ $rc == 0 ]]; then | |||||
| cat "${curl_body_file}" || rc=$? | |||||
| else | |||||
| cat "${curl_body_file}" >&2 | |||||
| fi | |||||
| rm -rf "${curl_body_file}" || { | |||||
| (( rc == 0 )) || rc=1 | |||||
| echo "Unable to clear temporary file '${curl_body_file}'" | |||||
| } >&2 | |||||
| return $rc | |||||
| } | |||||
+ 11
- 0
debbuild.patch
View File
| @ -0,0 +1,11 @@ | |||||
| --- /usr/bin/debbuild 2022-11-11 15:34:22.529876000 +0000 | |||||
| +++ /usr/bin/debbuild.fix 2022-11-11 15:34:53.137410000 +0000 | |||||
| @@ -1956,7 +1956,7 @@ | |||||
| my $srcpkg = shift; | |||||
| die _('Can\'t install ').$srcpkg."\n" unless $srcpkg =~ /\.sdeb$/; | |||||
| $srcpkg = abs_path($srcpkg); | |||||
| - system(expandmacros("cd %{_topdir}; %{__pax} -r -f $srcpkg)")) == 0 and | |||||
| + system(expandmacros("cd %{_topdir}; %{__pax} -r -f $srcpkg")) == 0 and | |||||
| $finalmessages .= _('Extracted source package ').$srcpkg. | |||||
| _(" to %{_topdir}.\n"); | |||||
| } # end install_sdeb() | |||||
+ 8
- 4
dns_scripts/Cloudflare-README.md
View File
+ 22
- 12
dns_scripts/dns_add_acmedns
View File
+ 1
- 1
dns_scripts/dns_add_azure
View File
+ 1
- 1
dns_scripts/dns_add_del_aliyun.sh
View File
+ 7
- 0
dns_scripts/dns_add_dnsmasq
View File
| @ -0,0 +1,7 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Make sure you enable in the /etc/dnsmasq.conf this line conf-dir=/etc/dnsmasq.d/,*.conf | |||||
| echo "txt-record=_acme-challenge.\${1},\$2" > /etc/dnsmasq.d/acme-challenge.conf | |||||
| systemctl restart dnsmasq | |||||
+ 1
- 1
dns_scripts/dns_add_dnspod
View File
+ 1
- 1
dns_scripts/dns_add_duckdns
View File
+ 1
- 1
dns_scripts/dns_add_godaddy
View File
+ 50
- 0
dns_scripts/dns_add_hetzner
View File
| @ -0,0 +1,50 @@ | |||||
| #!/usr/bin/env bash | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| api_url="https://dns.hetzner.com/api/v1" | |||||
| api_key=${HETZNER_KEY:-''} | |||||
| zone_id=${HETZNER_ZONE_ID:-''} | |||||
| zone_name=${HETZNER_ZONE_NAME:-''} | |||||
| # Verify that required parameters are set | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$HETZNER_KEY" ]]; then | |||||
| echo "HETZNER_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$HETZNER_ZONE_ID" && -z "$HETZNER_ZONE_NAME" ]] ; then | |||||
| echo "HETZNER_ZONE_ID and HETZNER_ZONE_NAME variables not set" | |||||
| exit 1 | |||||
| fi | |||||
| # Get Zone ID if not set | |||||
| if [[ -z "$HETZNER_ZONE_ID" ]] ; then | |||||
| zone_id=$(curl --silent -X GET "$api_url/zones?name=$zone_name" -H 'Auth-API-Token: '"$api_key"'' | jq -r '.zones[0].id') | |||||
| if [[ "$zone_id" == "null" ]] ; then | |||||
| echo "Zone ID not found" | |||||
| exit 1 | |||||
| fi | |||||
| fi | |||||
| txtname="_acme-challenge.$fulldomain." | |||||
| # Create TXT record | |||||
| response=$(curl --silent -X POST "$api_url/records" \ | |||||
| -H 'Content-Type: application/json' \ | |||||
| -H "Auth-API-Token: $api_key" \ | |||||
| -d '{"value": "'"$token"'","ttl": 60,"type": "TXT","name": "'"$txtname"'","zone_id": "'"$zone_id"'"}' \ | |||||
| -o /dev/null -w '%{http_code}') | |||||
| if [[ "$response" != "200" ]] ; then | |||||
| echo "Record not created" | |||||
| echo "Response code: $response" | |||||
| exit 1 | |||||
| fi | |||||
+ 86
- 0
dns_scripts/dns_add_hostway
View File
| @ -0,0 +1,86 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Need to add your API key below or set as env variable | |||||
| apikey="$HOSTWAY_API_KEY" | |||||
| # This script adds a token to dynu.com DNS for the ACME challenge | |||||
| # usage dns_add_dynu "domain name" "token" | |||||
| # return codes are; | |||||
| # 0 - success | |||||
| # 1 - error in input | |||||
| # 2 - error within internal processing | |||||
| # 3 - error in result ( domain not found in dynu.com etc) | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| API='https://api.hostway.com/dns' | |||||
| # Check initial parameters | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| curl_params=( -H "accept: application/json" -H "Authorization: Basic $apikey" -H 'Content-Type: application/json charset=utf-8') | |||||
| # Get domain id | |||||
| # curl -X GET "https://api.hostway.com/dns/domain/" | |||||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}") | |||||
| # Match domain id | |||||
| re="\"serial\":\s?([^}]*)" | |||||
| if [[ "$resp" =~ $re ]]; then | |||||
| domain_id="${BASH_REMATCH[1]}" | |||||
| fi | |||||
| if [[ -z "$domain_id" ]]; then | |||||
| echo 'Domain name not found on your Hostway account' | |||||
| exit 3 | |||||
| fi | |||||
| # Check for existing _acme-challenge TXT record | |||||
| # curl -X GET "https://api.hostway.com/dns/domain/records?filterType=TXT&page=1&pageSize=100" | |||||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}/records?filterType=TXT") | |||||
| re="\"id\":\s?([^}]*)" | |||||
| if [[ "$resp" =~ $re ]]; then | |||||
| record_id="${BASH_REMATCH[1]}" | |||||
| fi | |||||
| if [[ -z "$record_id" ]]; then | |||||
| # Add new TXT challenge record | |||||
| # curl -X POST https://api.hostway.com/dns/{domain}/records/{record_id} -d "{\"name\":\"_acme-challenge.{domain}\",\"type\":\"TXT\",\"ttl\":\"300\",\"data\":\"Test2\"}" | |||||
| # Response is empty when successful | |||||
| echo "Adding record for ${fulldomain}" | |||||
| resp=$(curl --silent \ | |||||
| "${curl_params[@]}" \ | |||||
| -X POST "${API}/${fulldomain}/records" \ | |||||
| --data "{\"name\":\"_acme-challenge.${fulldomain}\",\"type\":\"TXT\",\"ttl\":\"300\",\"data\":\"$token\"}") | |||||
| else | |||||
| # Update existing record | |||||
| # curl -X PUT https://api.hostway.com/dns/{domain}/records/{record_id} -d "{\"name\":\"_acme-challenge.{domain}\", \"data\":\"Test2\"}" | |||||
| echo "Updating record for ${fulldomain}" | |||||
| resp=$(curl --silent \ | |||||
| "${curl_params[@]}" \ | |||||
| -X PUT "${API}/${fulldomain}/records/${record_id}" \ | |||||
| --data "{\"name\":\"_acme-challenge.${fulldomain}\", \"data\":\"$token\"}") | |||||
| fi | |||||
| # Check if response data matches token | |||||
| re="\"data\":\s?\"([^,]*)\"" | |||||
| if [[ "$resp" =~ $re ]]; then | |||||
| if [[ ${BASH_REMATCH[1]} == "$token" ]]; then | |||||
| token_match="$token ${BASH_REMATCH[1]}" | |||||
| fi | |||||
| fi | |||||
| # If adding record failed (exception:) then print error message | |||||
| if [[ -z "$token_match" && "$resp" != "" ]]; then | |||||
| echo "Error: DNS challenge not added: unknown error - ${resp}" | |||||
| exit 3 | |||||
| else | |||||
| echo "Record added successfully for ${fulldomain}" | |||||
| fi | |||||
+ 1
- 1
dns_scripts/dns_add_ionos
View File
+ 44
- 0
dns_scripts/dns_add_ispconfig
View File
| @ -0,0 +1,44 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Need to add your API key below or set as env variable | |||||
| CURR_PATH="`dirname \"$0\"`" | |||||
| ispconfig_user="$ISPCONFIG_REMOTE_USER_NAME" | |||||
| ispconfig_pass="$ISPCONFIG_REMOTE_USER_PASSWORD" | |||||
| soap_location="$ISPCONFIG_SOAP_LOCATION" | |||||
| soap_uri="$ISPCONFIG_SOAP_URL" | |||||
| # This script adds a token to ispconfig database DNS for the ACME challenge | |||||
| # usage dns_add_ispconfig "domain name" "token" | |||||
| # return codes are; | |||||
| # 0 - success | |||||
| # 1 - error in input | |||||
| # 2 - error within internal processing | |||||
| # 3 - error in result ( domain not found in dynu.com etc) | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| # Check initial parameters | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| response=$(php $CURR_PATH/ispconfig_soap.php \ | |||||
| --action="add" \ | |||||
| --domain="$fulldomain" \ | |||||
| --token="$token" \ | |||||
| --ispconfig_user="$ispconfig_user" \ | |||||
| --ispconfig_pass="$ispconfig_pass" \ | |||||
| --soap_location="$soap_location" \ | |||||
| --soap_uri="$soap_uri") | |||||
| echo $response | |||||
| exit 0 | |||||
+ 1
- 1
dns_scripts/dns_add_joker
View File
+ 27
- 16
dns_scripts/dns_add_linode
View File
+ 1
- 1
dns_scripts/dns_add_manual
View File
+ 30
- 0
dns_scripts/dns_add_ns1
View File
| @ -0,0 +1,30 @@ | |||||
| #! /usr/bin/env bash | |||||
| # NS1 Add DNS Record | |||||
| if [[ -z "$NS1_API_KEY" ]]; then | |||||
| echo "NS1_API_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| api_url="https://api.nsone.net/v1/" | |||||
| api_key=${NS1_API_KEY:-''} | |||||
| domain="$1" | |||||
| challenge="$2" | |||||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||||
| subdomain="_acme-challenge.${domain%}" | |||||
| function create { | |||||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X DELETE \ | |||||
| --header "X-NSONE-Key: $api_key" | |||||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X PUT \ | |||||
| --header "X-NSONE-Key: $api_key" \ | |||||
| --header "Content-Type: application/json" \ | |||||
| --data "{ \"zone\": \"${root}\", \"domain\": \"${subdomain}\", \"type\": \"TXT\", \"answers\": [ { \"answer\": [ \"${challenge}\" ] } ] }" | |||||
| } | |||||
| create $root $subdomain | |||||
+ 1
- 1
dns_scripts/dns_add_nsupdate
View File
+ 1
- 1
dns_scripts/dns_add_ovh
View File
+ 1
- 1
dns_scripts/dns_add_pdns-mysql
View File
+ 30
- 0
dns_scripts/dns_add_vultr
View File
| @ -0,0 +1,30 @@ | |||||
| #! /usr/bin/env bash | |||||
| # Vultr Add DNS Record | |||||
| api_url="https://api.vultr.com/v2" | |||||
| api_key=${VULTR_API_KEY:-''} | |||||
| domain="$1" | |||||
| challenge="$2" | |||||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||||
| subdomain="_acme-challenge.${domain%.$root}" | |||||
| if [[ -z "$VULTR_API_KEY" ]]; then | |||||
| echo "VULTR_API_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| function create { | |||||
| curl "${api_url}/domains/$1/records" -s -o /dev/null -X POST -H "Authorization: Bearer ${VULTR_API_KEY}" -H "Content-Type: application/json" \ | |||||
| --data "{ | |||||
| \"name\" : \"$2\", | |||||
| \"type\" : \"TXT\", | |||||
| \"data\" : \"${challenge}\", | |||||
| \"ttl\" : 300, | |||||
| \"priority\" : 0 | |||||
| }" | |||||
| } | |||||
| create $root $subdomain | |||||
+ 39
- 0
dns_scripts/dns_add_windows_dns_server
View File
| @ -0,0 +1,39 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Windows DNS server using powershell - dnscmd is going to be deprecated | |||||
| # Using Windows Sublinux for executing windows commands | |||||
| # dnscmd command will be depricated use powershell instead | |||||
| regexp='[A-z0-9]+(\.(co|com))?\.\w+$' | |||||
| fulldomain=${1} | |||||
| # Get root domain api.[domain|.co|.uk] | |||||
| rootdomain=$(echo "${fulldomain}" | grep -Eo "${regexp}") | |||||
| # Exlude root domain [api].domain.com | |||||
| subdomain=$(result=$(echo "${fulldomain}" | grep -Po '(.*)(?=\.[A-z0-9]+(\.(co|com))?\.\w+$)') && if [[ ${#result} -gt 0 ]]; then echo ".${result}"; else echo ""; fi) | |||||
| token=${2} | |||||
| nloop=1 | |||||
| retries=15 # Sometimes it fails | |||||
| while [[ ${nloop} -le ${retries} ]]; do | |||||
| # Add TXT record | |||||
| echo "Tries ${nloop} out of ${retries}" | |||||
| echo "Adding acme challenge record for ${fulldomain} with token ${token}" | |||||
| cmd=(powershell.exe Add-DnsServerResourceRecord -DescriptiveText \'"${token}"\' -Name \'"_acme-challenge${subdomain}"\' -Txt -ZoneName \'"${rootdomain}"\' -TimeToLive 0:0:0:1) | |||||
| echo "${cmd[@]}" | |||||
| result_stderr=$({ "${cmd[@]}" ;} 2>&1) | |||||
| if [[ ${#result_stderr} -eq 0 ]]; then | |||||
| break | |||||
| else | |||||
| echo "${result_stderr}" | |||||
| fi | |||||
| nloop=$((nloop+1)) | |||||
| echo "Sleeping 5 seconds" | |||||
| sleep 5 | |||||
| done | |||||
+ 8
- 35
dns_scripts/dns_del_acmedns
View File
+ 7
- 0
dns_scripts/dns_del_dnsmasq
View File
| @ -0,0 +1,7 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Make sure you enable in the /etc/dnsmasq.conf this line conf-dir=/etc/dnsmasq.d/,*.conf | |||||
| echo "" > /etc/dnsmasq.d/acme-challenge.conf | |||||
| systemctl restart dnsmasq | |||||
+ 1
- 1
dns_scripts/dns_del_dnspod
View File
+ 1
- 1
dns_scripts/dns_del_duckdns
View File
+ 1
- 1
dns_scripts/dns_del_godaddy
View File
+ 57
- 0
dns_scripts/dns_del_hetzner
View File
| @ -0,0 +1,57 @@ | |||||
| #!/usr/bin/env bash | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| api_url="https://dns.hetzner.com/api/v1" | |||||
| api_key=${HETZNER_KEY:-''} | |||||
| zone_id=${HETZNER_ZONE_ID:-''} | |||||
| zone_name=${HETZNER_ZONE_NAME:-''} | |||||
| # Verify that required parameters are set | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$HETZNER_KEY" ]]; then | |||||
| echo "HETZNER_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$HETZNER_ZONE_ID" && -z "$HETZNER_ZONE_NAME" ]] ; then | |||||
| echo "HETZNER_ZONE_ID and HETZNER_ZONE_NAME variables not set" | |||||
| exit 1 | |||||
| fi | |||||
| # Get Zone ID if not set | |||||
| if [[ -z "$HETZNER_ZONE_ID" ]] ; then | |||||
| zone_id=$(curl --silent -X GET "$api_url/zones?name=$zone_name" -H 'Auth-API-Token: '"$api_key"'' | jq -r '.zones[0].id') | |||||
| if [[ "$zone_id" == "null" ]] ; then | |||||
| echo "Zone by name not found" | |||||
| exit 1 | |||||
| fi | |||||
| fi | |||||
| # domain_root=$(echo "$fulldomain" | awk -F\. '{print $(NF-1) FS $NF FS}') | |||||
| # domain=${fulldomain%.$domain_root} | |||||
| txtname="_acme-challenge.$fulldomain." | |||||
| record_id=$(curl --silent -X GET "$api_url/records?zone_id=$zone_id" -H "Auth-API-Token: $api_key" | jq -r '.records[] | select(.name=="'"$txtname"'") | .id') | |||||
| if [[ "$record_id" == "null" ]] ; then | |||||
| echo "Record not found" | |||||
| exit 1 | |||||
| fi | |||||
| # Create TXT record | |||||
| response=$(curl --silent -X DELETE "$api_url/records/$record_id" -H "Auth-API-Token: $api_key" -o /dev/null -w '%{http_code}') | |||||
| if [[ "$response" != "200" ]] ; then | |||||
| echo "Record not deleted" | |||||
| echo "Response code: $response" | |||||
| exit 1 | |||||
| fi | |||||
+ 66
- 0
dns_scripts/dns_del_hostway
View File
| @ -0,0 +1,66 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Need to add your API key below or set as env variable | |||||
| apikey="$HOSTWAY_API_KEY" | |||||
| # This script adds a token to dynu.com DNS for the ACME challenge | |||||
| # usage dns_add_dynu "domain name" "token" | |||||
| # return codes are; | |||||
| # 0 - success | |||||
| # 1 - error in input | |||||
| # 2 - error within internal processing | |||||
| # 3 - error in result ( domain not found in dynu.com etc) | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| API='https://api.hostway.com/dns' | |||||
| # Check initial parameters | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| curl_params=( -H "accept: application/json" -H "Authorization: Basic $apikey" -H 'Content-Type: application/json charset=utf-8') | |||||
| # Get domain id | |||||
| # curl -X GET "https://api.hostway.com/dns/domain/" | |||||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}") | |||||
| # Match domain id | |||||
| re="\"serial\":\s?([^}]*)" | |||||
| if [[ "$resp" =~ $re ]]; then | |||||
| domain_id="${BASH_REMATCH[1]}" | |||||
| fi | |||||
| if [[ -z "$domain_id" ]]; then | |||||
| echo 'Domain name not found on your Hostway account' | |||||
| exit 3 | |||||
| fi | |||||
| # Check for existing _acme-challenge TXT record | |||||
| # curl -X GET "https://api.hostway.com/dns/domain/records?filterType=TXT&page=1&pageSize=100" | |||||
| resp=$(curl --silent "${curl_params[@]}" -X GET "$API/${fulldomain}/records?filterType=TXT") | |||||
| #re="\"id\":\s?([^}]*)" | |||||
| re="(?<=_acme(.*)\"id\":\s?)[0-9]+(?=\})" | |||||
| if [[ "$resp" =~ $re ]]; then | |||||
| record_id="${BASH_REMATCH[1]}" | |||||
| fi | |||||
| if [[ -z "$record_id" ]]; then | |||||
| echo "Not able to find a record to delete" | |||||
| else | |||||
| # Delete existing record | |||||
| # curl -X DELETE https://api.hostway.com/dns/{domain}/records/{record_id} | |||||
| resp=$(curl --silent \ | |||||
| "${curl_params[@]}" \ | |||||
| -X DELETE "${API}/${fulldomain}/records/${record_id}") | |||||
| if [[ "$resp" == "" ]]; then | |||||
| echo "Record deleted successfully for ${fulldomain}" | |||||
| fi | |||||
| fi | |||||
+ 1
- 1
dns_scripts/dns_del_ionos
View File
+ 44
- 0
dns_scripts/dns_del_ispconfig
View File
| @ -0,0 +1,44 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Need to add your API key below or set as env variable | |||||
| CURR_PATH="`dirname \"$0\"`" | |||||
| ispconfig_user="$ISPCONFIG_REMOTE_USER_NAME" | |||||
| ispconfig_pass="$ISPCONFIG_REMOTE_USER_PASSWORD" | |||||
| soap_location="$ISPCONFIG_SOAP_LOCATION" | |||||
| soap_uri="$ISPCONFIG_SOAP_URL" | |||||
| # This script adds a token to ispconfig database DNS for the ACME challenge | |||||
| # usage dns_add_ispconfig "domain name" "token" | |||||
| # return codes are; | |||||
| # 0 - success | |||||
| # 1 - error in input | |||||
| # 2 - error within internal processing | |||||
| # 3 - error in result ( domain not found in dynu.com etc) | |||||
| fulldomain="${1}" | |||||
| token="${2}" | |||||
| # Check initial parameters | |||||
| if [[ -z "$fulldomain" ]]; then | |||||
| echo "DNS script requires full domain name as first parameter" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ -z "$token" ]]; then | |||||
| echo "DNS script requires challenge token as second parameter" | |||||
| exit 1 | |||||
| fi | |||||
| response=$(php $CURR_PATH/ispconfig_soap.php \ | |||||
| --action="del" \ | |||||
| --domain="$fulldomain" \ | |||||
| --token="$token" \ | |||||
| --ispconfig_user="$ispconfig_user" \ | |||||
| --ispconfig_pass="$ispconfig_pass" \ | |||||
| --soap_location="$soap_location" \ | |||||
| --soap_uri="$soap_uri") | |||||
| echo $response | |||||
| exit 0 | |||||
+ 1
- 1
dns_scripts/dns_del_joker
View File
+ 29
- 21
dns_scripts/dns_del_linode
View File
+ 1
- 1
dns_scripts/dns_del_manual
View File
+ 26
- 0
dns_scripts/dns_del_ns1
View File
| @ -0,0 +1,26 @@ | |||||
| #! /usr/bin/env bash | |||||
| # NS1 Add DNS Record | |||||
| if [[ -z "$NS1_API_KEY" ]]; then | |||||
| echo "NS1_API_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| api_url="https://api.nsone.net/v1/" | |||||
| api_key=${NS1_API_KEY:-''} | |||||
| domain="$1" | |||||
| challenge="$2" | |||||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||||
| subdomain="_acme-challenge.${domain%}" | |||||
| function delete { | |||||
| curl "${api_url}/zones/${root}/${subdomain}/TXT" -X DELETE \ | |||||
| --header "X-NSONE-Key: $api_key" | |||||
| } | |||||
| delete $root $subdomain | |||||
+ 1
- 1
dns_scripts/dns_del_nsupdate
View File
+ 1
- 1
dns_scripts/dns_del_ovh
View File
+ 1
- 1
dns_scripts/dns_del_pdns-mysql
View File
+ 26
- 0
dns_scripts/dns_del_vultr
View File
| @ -0,0 +1,26 @@ | |||||
| #! /usr/bin/env bash | |||||
| # Vultr Delete DNS Record | |||||
| # This script requires jq to be installed on the machine running it | |||||
| api_url="https://api.vultr.com/v2" | |||||
| api_key=${VULTR_API_KEY:-''} | |||||
| domain="$1" | |||||
| root=$(echo "$domain" | awk -F\. '{print $(NF-1) FS $NF}') | |||||
| subdomain="_acme-challenge.${domain%.$root}" | |||||
| if [[ -z "$VULTR_API_KEY" ]]; then | |||||
| echo "VULTR_API_KEY variable not set" | |||||
| exit 1 | |||||
| fi | |||||
| function delete { | |||||
| recordID=$(curl "${api_url}/domains/$1/records" --silent -X GET -H "Authorization: Bearer ${VULTR_API_KEY}" | jq -r ".records[] | select(.name==\"$2\").id") | |||||
| curl "${api_url}/domains/$1/records/$recordID" -X DELETE -H "Authorization: Bearer ${VULTR_API_KEY}" | |||||
| } | |||||
| delete $root $subdomain | |||||
+ 39
- 0
dns_scripts/dns_del_windows_dns_server
View File
| @ -0,0 +1,39 @@ | |||||
| #!/usr/bin/env bash | |||||
| # Windows DNS server using powershell - dnscmd is going to be deprecated | |||||
| # Using Windows Sublinux for executing windows commands | |||||
| # dnscmd command will be depricated use powershell instead | |||||
| regexp='[A-z0-9]+(\.(co|com))?\.\w+$' | |||||
| fulldomain=${1} | |||||
| # Get root domain api.[domain|.co|.uk] | |||||
| rootdomain=$(echo "${fulldomain}" | grep -Eo "${regexp}") | |||||
| # Exlude root domain [api].domain.com | |||||
| subdomain=$(result=$(echo "${fulldomain}" | grep -Po '(.*)(?=\.[A-z0-9]+(\.(co|com))?\.\w+$)') && if [[ ${#result} -gt 0 ]]; then echo ".${result}"; else echo ""; fi) | |||||
| token=${2} | |||||
| nloop=1 | |||||
| retries=15 # Sometimes it fails | |||||
| while [[ ${nloop} -le ${retries} ]]; do | |||||
| # Delete TXT record | |||||
| echo "Tries ${nloop} out of ${retries}" | |||||
| echo "Deleting acme challenge record for ${fulldomain} with token ${token}" | |||||
| cmd=(powershell.exe Remove-DnsServerResourceRecord -RRType TXT -Name \'"_acme-challenge${subdomain}"\' -ZoneName \'"${rootdomain}"\' -RecordData \'"${token}"\' -Force) | |||||
| echo "${cmd[@]}" | |||||
| result_stderr=$({ "${cmd[@]}" ;} 2>&1) | |||||
| if [[ ${#result_stderr} -eq 0 ]]; then | |||||
| break | |||||
| else | |||||
| echo "${result_stderr}" | |||||
| fi | |||||
| nloop=$((nloop+1)) | |||||
| echo "Sleeping 5 seconds" | |||||
| sleep 5 | |||||
| done | |||||
+ 15
- 17
dns_scripts/dns_godaddy
View File
+ 140
- 0
dns_scripts/ispconfig_soap.php
View File
| @ -0,0 +1,140 @@ | |||||
| <?php | |||||
| $args = getopt("", array("action:", "domain:", "token:", "ispconfig_user:", "ispconfig_pass:", "soap_location:", "soap_uri:")); | |||||
| $action = $args["action"]; | |||||
| $fulldomain = $args["domain"]; | |||||
| $token = $args["token"]; | |||||
| $soap_location = $args["soap_location"]; | |||||
| $soap_uri = $args["soap_uri"]; | |||||
| $username = $args["ispconfig_user"]; | |||||
| $password = $args["ispconfig_pass"]; | |||||
| $client = new SoapClient( | |||||
| null, | |||||
| array( | |||||
| 'location' => $soap_location, | |||||
| 'uri' => $soap_uri, | |||||
| 'trace' => 1, | |||||
| 'exceptions' => 1, | |||||
| 'stream_context' => stream_context_create( | |||||
| array( | |||||
| 'ssl' => | |||||
| array( | |||||
| 'verify_peer' => false, | |||||
| 'verify_peer_name' => false | |||||
| ) | |||||
| ) | |||||
| ) | |||||
| ) | |||||
| ); | |||||
| try { | |||||
| if ($session_id = $client->login($username, $password)) { | |||||
| //echo 'Logged in successfully. Session ID:' . $session_id . '<br />'; | |||||
| } | |||||
| // Get all zone | |||||
| $zones = $client->dns_zone_get($session_id, -1); | |||||
| $zone_id = 0; | |||||
| $client_id = 0; | |||||
| $server_id = 0; | |||||
| foreach ($zones as $zone) { | |||||
| // Find zone that needs to update | |||||
| if (preg_match("/" . $zone["origin"] . "/", $fulldomain . ".")) { | |||||
| $zone_id = $zone["id"]; | |||||
| $sys_userid = $zone["sys_userid"]; | |||||
| $server_id = $zone["server_id"]; | |||||
| } | |||||
| } | |||||
| //Get client id | |||||
| $client_id = $client->client_get_id($session_id, $sys_userid); | |||||
| if ($client_id == 0) { | |||||
| exit; | |||||
| } | |||||
| // Get all domain records of type txt | |||||
| // Bug it retrieves all domain records | |||||
| $dns_records = $client->dns_txt_get($session_id, -1); | |||||
| $dns_record_id = 0; | |||||
| foreach ($dns_records as $dns_record) { | |||||
| if ($dns_record["zone"] == $zone_id && $dns_record["type"] == "TXT" && $dns_record["name"] == "_acme-challenge.{$fulldomain}.") { | |||||
| $dns_record_id = $dns_record["id"]; | |||||
| } | |||||
| } | |||||
| // Add if zero else update | |||||
| $date = new DateTime(); | |||||
| switch ($action) { | |||||
| case "add": | |||||
| if ($dns_record_id == 0) { | |||||
| $dns_record = array( | |||||
| "server_id" => $server_id, | |||||
| "zone" => $zone_id, | |||||
| "name" => "_acme-challenge.{$fulldomain}.", | |||||
| "type" => "txt", | |||||
| "data" => $token, | |||||
| "aux" => 111, | |||||
| "ttl" => 300, | |||||
| "active" => 'y', | |||||
| "stamp" => date_format($date, 'Y-m-d H:i:s'), | |||||
| "serial" => date_format($date, 'Ymds') | |||||
| ); | |||||
| $result = $client->dns_txt_add($session_id, $client_id, $dns_record); | |||||
| echo "Created record for domain {$fulldomain} with token $token\n"; | |||||
| } else { | |||||
| $dns_record["data"] = $token; | |||||
| $dns_record["stamp"] = date_format($date, 'Y-m-d H:i:s'); | |||||
| $dns_record["serial"] = date_format($date, 'YmdH'); | |||||
| $result = $client->dns_txt_update($session_id, $client_id, $dns_record_id, $dns_record); | |||||
| echo "Updated the record for domain {$fulldomain} with token $token\n"; | |||||
| } | |||||
| break; | |||||
| case "del": | |||||
| if ($dns_record_id > 0) { | |||||
| $result = $client->dns_txt_delete($session_id, $dns_record_id); | |||||
| if ($result) { | |||||
| echo "The record was deleted from domain {$fulldomain} successfully\n"; | |||||
| } else { | |||||
| echo "Failed to delete the record for domain {$fulldomain}\n"; | |||||
| } | |||||
| } else { | |||||
| echo "The record was not found for deletion\n"; | |||||
| } | |||||
| break; | |||||
| default: | |||||
| echo "No action was specified as parameter\n"; | |||||
| break; | |||||
| } | |||||
| if ($client->logout($session_id)) { | |||||
| //echo 'Logged out.<br />'; | |||||
| } | |||||
| } catch (SoapFault $e) { | |||||
| echo $client->__getLastResponse(); | |||||
| die('SOAP Error: ' . $e->getMessage()); | |||||
| } | |||||
+ 191
- 100
getssl
View File
+ 3
- 0
getssl.crontab
View File
| @ -0,0 +1,3 @@ | |||||
| # 0 18 1 */1 * means run at 18:00 on day-of-month 1 in every month | |||||
| # uncomment the line below to activate cron getssl service | |||||
| # 0 18 1 */1 * root /usr/bin/getssl -u -a &>> /var/log/getssl.log | |||||
+ 9
- 0
getssl.logrotate
View File
| @ -0,0 +1,9 @@ | |||||
| /var/log/getssl.log { | |||||
| monthly | |||||
| rotate 10 | |||||
| copytruncate | |||||
| delaycompress | |||||
| compress | |||||
| notifempty | |||||
| missingok | |||||
| } | |||||
+ 59
- 0
getssl.spec
View File
| @ -0,0 +1,59 @@ | |||||
| %define _build_id_links none | |||||
| %define debug_package %{nil} | |||||
| # set this to true or the rpmbuild will fail with errors due to shebang defines | |||||
| # in some of the dns scripts for python | |||||
| %global __brp_mangle_shebangs /usr/bin/true | |||||
| Summary: getssl ACME Scripts for managing Let's Encrypt certificates | |||||
| License: GPL | |||||
| Packager: getssl developers <https://github.com/srvrco/getssl> | |||||
| Name: getssl | |||||
| Version: 2.49 | |||||
| Release: 1 | |||||
| URL: http://github.com/srvrco/getssl/ | |||||
| Source0: %{name}-%{version}.tar.gz | |||||
| Source1: getssl.crontab | |||||
| Source2: getssl.logrotate | |||||
| BuildArch: noarch | |||||
| Requires: bash | |||||
| BuildRequires: bash | |||||
| %description | |||||
| The %{name} package contains the getssl scripts, crontab files, and logrotate files for implementing automated creation and installation of SSL certificates from the Let's Encrypt ACME website. | |||||
| %prep | |||||
| %setup -q -n %{name}-%{version} | |||||
| %build | |||||
| %install | |||||
| [ -n "%{buildroot}" -a "%{buildroot}" != "/" ] && %{__rm} -rf %{buildroot} | |||||
| %{__mkdir_p} %{buildroot}%{_bindir} | |||||
| %{__mkdir_p} %{buildroot}%{_datadir}/getssl/dns_scripts | |||||
| %{__mkdir_p} %{buildroot}%{_datadir}/getssl/other_scripts | |||||
| %{__make} \ | |||||
| DESTDIR=%{buildroot} \ | |||||
| install | |||||
| install -Dpm 644 %{SOURCE1} %{buildroot}%{_sysconfdir}/cron.d/getssl | |||||
| install -Dpm 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/getssl | |||||
| %pre | |||||
| %post | |||||
| %preun | |||||
| %postun | |||||
| %files | |||||
| %defattr(-,root,root) | |||||
| %{_bindir}/getssl | |||||
| %{_datadir}/getssl/dns_scripts/* | |||||
| %{_datadir}/getssl/other_scripts/* | |||||
| %{_sysconfdir}/cron.d/getssl | |||||
| %{_sysconfdir}/logrotate.d/getssl | |||||
| %changelog | |||||
+ 1
- 1
other_scripts/cpanel_cert_upload
View File
+ 95
- 0
other_scripts/iis_install_certeficate.ps1
View File
| @ -0,0 +1,95 @@ | |||||
| # Generate PFX for IIS (Internet Information Service) | |||||
| # Load libraries | |||||
| #Add-Type -AssemblyName 'C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll' | |||||
| using assembly C:\Windows\System32\inetsrv\Microsoft.Web.Administration.dll | |||||
| $FullDomain = $args[0] | |||||
| $DebugPreference = "Continue" | |||||
| # $DebugPreference="SilentlyContinue" | |||||
| $IIS_SiteName = $args[1] | |||||
| $Path = $args[2] | |||||
| # Files | |||||
| $PfxFile = "$Path$FullDomain.pfx" | |||||
| $CrtFile = "$Path$FullDomain.crt" | |||||
| $KeyFile = "$Path$FullDomain.key" | |||||
| Write-Debug "Generating pfx certificate" | |||||
| openssl pkcs12 -inkey "$KeyFile" -in "$CrtFile" -password pass:$FullDomain -export -out "$PfxFile" | |||||
| # Delete old certificate and install the new PFX Certificate | |||||
| # Get all certificates | |||||
| $Store = New-Object System.Security.Cryptography.X509Certificates.X509Store("My", "LocalMachine") | |||||
| $Store.Open("MaxAllowed") | |||||
| # Loop over all and delete matching certificate for the current domain | |||||
| $Ssc = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2Collection | |||||
| for ($i = 0; $i -lt $Store.Certificates.Count; $i++) { | |||||
| $Item = $Store.Certificates.Item($i) | |||||
| if ($Item.subject.Contains($FullDomain)) { | |||||
| Write-Debug "Adding $FullDomain certificate for deletion!" | |||||
| $result=$Ssc.Add($Item) | |||||
| } | |||||
| } | |||||
| for ($i = 0; $i -lt $Ssc.Count; $i++) { | |||||
| Write-Debug "Deleting $FullDomain certificate!" | |||||
| $Store.RemoveRange($Ssc.Item($i)) | |||||
| } | |||||
| # $X509KeyStorageFlags Enums | |||||
| $X509KeyStorageFlagsExportable = 4 | |||||
| $X509KeyStorageFlagsPersistKeySet = 16 | |||||
| $X509KeyStorageFlagsMachineKeySet = 2 | |||||
| <# | |||||
| $X509KeyStorageFlagsDefaultKeySet=0 | |||||
| $X509KeyStorageFlagsUserKeySet=1 | |||||
| $X509KeyStorageFlagsUserProtected=8 | |||||
| $X509KeyStorageFlagsEphemeralKeySet=32 | |||||
| #> | |||||
| # Prepare for loading new certificated | |||||
| $PFXCert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2($PfxFile, $FullDomain, | |||||
| ( | |||||
| $X509KeyStorageFlagsExportable + | |||||
| $X509KeyStorageFlagsPersistKeySet + | |||||
| $X509KeyStorageFlagsMachineKeySet | |||||
| ) | |||||
| ) | |||||
| #Save New Cert | |||||
| $Store.Add($PFXCert); | |||||
| $Store.Close(); | |||||
| # IIS Binding - Need to rebind the domain to the new certificate | |||||
| $Manager = New-Object Microsoft.Web.Administration.ServerManager | |||||
| $Site = $Manager.Sites[$IIS_SiteName] | |||||
| for ($i = 0; $i -lt $Site.Bindings.Count; $i++) { | |||||
| $Bind = $Site.Bindings.Item($i); | |||||
| $Protocol = $Bind.Protocol | |||||
| $hostname = $Bind.Host | |||||
| if ($Protocol -eq "https") { | |||||
| Write-Debug "Binding ${protocol}://${hostname}" | |||||
| $Bind.CertificateHash = $PFXCert.GetCertHash() | |||||
| } | |||||
| } | |||||
| $Manager.CommitChanges() | |||||
| Write-Debug "PFX complete!" | |||||
+ 49
- 0
test/0-test-usage.bats
View File
| @ -0,0 +1,49 @@ | |||||
| #! /usr/bin/env bats | |||||
| load '/bats-support/load.bash' | |||||
| load '/bats-assert/load.bash' | |||||
| load '/getssl/test/test_helper.bash' | |||||
| # This is run for every test | |||||
| teardown() { | |||||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||||
| } | |||||
| setup() { | |||||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||||
| #export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||||
| } | |||||
| @test "Run getssl without any arguments to verify the usage message is shown" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| run ${CODE_DIR}/getssl | |||||
| assert_line --partial "Usage: getssl" | |||||
| assert_success | |||||
| } | |||||
| @test "Run getssl with --nocheck and verify the usage message is shown" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| run ${CODE_DIR}/getssl --nocheck | |||||
| assert_line --partial "Usage: getssl" | |||||
| assert_success | |||||
| } | |||||
| @test "Run getssl with --upgrade and verify the usage message is NOT shown" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| # Feb-23 Getting semi-repeatable "can't check for upgrades: ''" errors which are because the limit is being exceeded (re-use of github action ip?) | |||||
| check_github_quota 7 | |||||
| run ${CODE_DIR}/getssl --upgrade | |||||
| refute_output | |||||
| assert_success | |||||
| } | |||||
+ 18
- 6
test/11-test--install.bats
View File
+ 0
- 33
test/32-test-upgrade.bats
View File
+ 214
- 8
test/34-ftp-passive.bats
View File
+ 167
- 0
test/34-ftp-ports.bats
View File
| @ -0,0 +1,167 @@ | |||||
| #! /usr/bin/env bats | |||||
| load '/bats-support/load.bash' | |||||
| load '/bats-assert/load.bash' | |||||
| load '/getssl/test/test_helper.bash' | |||||
| # This is run for every test | |||||
| setup() { | |||||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||||
| export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||||
| if [ -n "${VSFTPD_CONF}" ]; then | |||||
| if [ ! -f "${VSFTPD_CONF}.getssl" ]; then | |||||
| cp $VSFTPD_CONF ${VSFTPD_CONF}.getssl | |||||
| else | |||||
| cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF | |||||
| fi | |||||
| # enable passive and disable active mode | |||||
| # https://www.pixelstech.net/article/1364817664-FTP-active-mode-and-passive-mode | |||||
| cat <<- _FTP >> $VSFTPD_CONF | |||||
| pasv_enable=YES | |||||
| pasv_max_port=10100 | |||||
| pasv_min_port=10090 | |||||
| _FTP | |||||
| fi | |||||
| } | |||||
| teardown() { | |||||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||||
| if [ -n "${VSFTPD_CONF}" ]; then | |||||
| cp ${VSFTPD_CONF}.getssl $VSFTPD_CONF | |||||
| ${CODE_DIR}/test/restart-ftpd stop | |||||
| fi | |||||
| } | |||||
| @test "Use ftpes, FTP_PORT=1001 (explicit ssl, port 1001) to create challenge file" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| if [[ ! -f /etc/vsftpd.pem ]]; then | |||||
| echo "FAILED: This test requires the previous test to succeed" | |||||
| exit 1 | |||||
| fi | |||||
| if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then | |||||
| mkdir -p /var/www/html/.well-known/acme-challenge | |||||
| fi | |||||
| # Restart vsftpd with ssl enabled | |||||
| cat <<- _FTP >> $VSFTPD_CONF | |||||
| connect_from_port_20=NO | |||||
| listen_port=1001 | |||||
| ssl_enable=YES | |||||
| allow_anon_ssl=NO | |||||
| force_local_data_ssl=NO | |||||
| force_local_logins_ssl=NO | |||||
| ssl_tlsv1=YES | |||||
| ssl_sslv2=NO | |||||
| ssl_sslv3=NO | |||||
| require_ssl_reuse=NO | |||||
| ssl_ciphers=HIGH | |||||
| rsa_cert_file=/etc/vsftpd.pem | |||||
| rsa_private_key_file=/etc/vsftpd.pem | |||||
| _FTP | |||||
| ${CODE_DIR}/test/restart-ftpd start | |||||
| # Always change ownership and permissions in case previous tests created the directories as root | |||||
| chgrp -R www-data /var/www/html/.well-known | |||||
| chmod -R g+w /var/www/html/.well-known | |||||
| CONFIG_FILE="getssl-http01.cfg" | |||||
| setup_environment | |||||
| init_getssl | |||||
| # Verbose output is needed so the test assertion passes | |||||
| # On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k" | |||||
| if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then | |||||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||||
| ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k" | |||||
| FTP_PORT=1001 | |||||
| EOF | |||||
| else | |||||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||||
| ACL="ftpes:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v" | |||||
| FTP_PORT=1001 | |||||
| EOF | |||||
| fi | |||||
| create_certificate | |||||
| assert_success | |||||
| # assert_line --partial "SSL connection using TLSv1.3" | |||||
| assert_line --partial "200 PROT now Private" | |||||
| check_output_for_errors | |||||
| } | |||||
| @test "Use ftps, FTP_PORT=2002 (implicit ssl, port 2002) to create challenge file" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| if [[ ! -f /etc/vsftpd.pem ]]; then | |||||
| echo "FAILED: This test requires the previous test to succeed" | |||||
| exit 1 | |||||
| fi | |||||
| # Restart vsftpd listening on port 990 | |||||
| cat <<- _FTP >> $VSFTPD_CONF | |||||
| implicit_ssl=YES | |||||
| listen_port=2002 | |||||
| connect_from_port_20=NO | |||||
| ssl_enable=YES | |||||
| allow_anon_ssl=NO | |||||
| force_local_data_ssl=NO | |||||
| force_local_logins_ssl=NO | |||||
| ssl_tlsv1=YES | |||||
| ssl_sslv2=NO | |||||
| ssl_sslv3=NO | |||||
| require_ssl_reuse=NO | |||||
| ssl_ciphers=HIGH | |||||
| rsa_cert_file=/etc/vsftpd.pem | |||||
| rsa_private_key_file=/etc/vsftpd.pem | |||||
| _FTP | |||||
| ${CODE_DIR}/test/restart-ftpd start | |||||
| if [[ ! -d /var/www/html/.well-known/acme-challenge ]]; then | |||||
| mkdir -p /var/www/html/.well-known/acme-challenge | |||||
| fi | |||||
| # Always change ownership and permissions in case previous tests created the directories as root | |||||
| chgrp -R www-data /var/www/html/.well-known | |||||
| chmod -R g+w /var/www/html/.well-known | |||||
| CONFIG_FILE="getssl-http01.cfg" | |||||
| setup_environment | |||||
| init_getssl | |||||
| # Verbose output is needed so the test assertion passes | |||||
| # On Ubuntu 14 and 18 curl errors with "unable to get issuer certificate" so disable cert check using "-k" | |||||
| # as I don't have time to fix | |||||
| if [[ "$GETSSL_OS" == "ubuntu14" || "$GETSSL_OS" == "ubuntu18" ]]; then | |||||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||||
| ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v -k" | |||||
| FTP_PORT=2002 | |||||
| EOF | |||||
| else | |||||
| cat <<- EOF > ${INSTALL_DIR}/.getssl/${GETSSL_CMD_HOST}/getssl_test_specific.cfg | |||||
| ACL="ftps:ftpuser:ftpuser:${GETSSL_CMD_HOST}:/var/www/html/.well-known/acme-challenge" | |||||
| FTPS_OPTIONS="--cacert /etc/cacert.pem -v" | |||||
| FTP_PORT=2002 | |||||
| EOF | |||||
| fi | |||||
| create_certificate | |||||
| assert_success | |||||
| assert_line --partial "200 PROT now Private" | |||||
| check_output_for_errors | |||||
| } | |||||
+ 1
- 1
test/40-cname-dns01-nslookup.bats
View File
+ 32
- 0
test/41-show-account-id.bats
View File
| @ -0,0 +1,32 @@ | |||||
| #! /usr/bin/env bats | |||||
| load '/bats-support/load.bash' | |||||
| load '/bats-assert/load.bash' | |||||
| load '/getssl/test/test_helper.bash' | |||||
| # This is run for every test | |||||
| teardown() { | |||||
| [ -n "$BATS_TEST_COMPLETED" ] || touch $BATS_RUN_TMPDIR/failed.skip | |||||
| } | |||||
| setup() { | |||||
| [ ! -f $BATS_RUN_TMPDIR/failed.skip ] || skip "skipping tests after first failure" | |||||
| export CURL_CA_BUNDLE=/root/pebble-ca-bundle.crt | |||||
| } | |||||
| @test "Create new certificate using HTTP-01 verification (any dns tool)" { | |||||
| if [ -n "$STAGING" ]; then | |||||
| skip "Using staging server, skipping internal test" | |||||
| fi | |||||
| CONFIG_FILE="getssl-http01.cfg" | |||||
| setup_environment | |||||
| init_getssl | |||||
| create_certificate | |||||
| assert_success | |||||
| run ${CODE_DIR}/getssl --account-id ${GETSSL_HOST} | |||||
| assert_line --partial "Account Id is:" | |||||
| assert_success | |||||
| } | |||||
+ 1
- 1
test/Dockerfile-alpine
View File
+ 1
- 1
test/Dockerfile-bash4-0
View File
+ 1
- 1
test/Dockerfile-bash4-2
View File
+ 1
- 1
test/Dockerfile-bash5-0
View File
+ 1
- 1
test/Dockerfile-centos7
View File
+ 1
- 2
test/Dockerfile-centos7-duckdns
View File
+ 1
- 2
test/Dockerfile-centos7-dynu
View File
+ 5
- 1
test/Dockerfile-centos8
View File
+ 1
- 1
test/Dockerfile-debian
View File
+ 1
- 1
test/Dockerfile-rockylinux8
View File
+ 1
- 1
test/Dockerfile-ubuntu
View File
+ 1
- 1
test/Dockerfile-ubuntu-acmedns
View File
+ 1
- 2
test/Dockerfile-ubuntu-duckdns
View File
+ 1
- 2
test/Dockerfile-ubuntu-dynu
View File
+ 1
- 1
test/Dockerfile-ubuntu14
View File
+ 1
- 1
test/Dockerfile-ubuntu16
View File
+ 1
- 1
test/Dockerfile-ubuntu18
View File
+ 5
- 5
test/README-Testing.md
View File
+ 9
- 4
test/restart-ftpd
View File
+ 3
- 3
test/restart-nginx
View File
| @ -1,14 +1,14 @@ | |||||
| #!/usr/bin/env bash | #!/usr/bin/env bash | ||||
| if [ "$GETSSL_OS" = "alpine" ]; then | if [ "$GETSSL_OS" = "alpine" ]; then | ||||
| killall -HUP nginx >&3- | |||||
| killall -HUP nginx | |||||
| sleep 5 | sleep 5 | ||||
| elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then | elif [[ "$GETSSL_OS" == "centos"[78] || "$GETSSL_OS" == "rockylinux"* ]]; then | ||||
| pgrep nginx | head -1 | xargs kill -HUP | pgrep nginx | head -1 | xargs kill -HUP | ||||
| sleep 5 | sleep 5 | ||||
| elif [[ "$GETSSL_OS" == "centos6" ]]; then | elif [[ "$GETSSL_OS" == "centos6" ]]; then | ||||
| service nginx restart 3>&- | |||||
| service nginx restart 3>&- 4>&- | |||||
| # service nginx restart | # service nginx restart | ||||
| else | else | ||||
| service nginx restart >/dev/null >&3- | |||||
| service nginx restart >/dev/null 3>&- 4>&- | |||||
| fi | fi | ||||