RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

2018-05-03 issue #381 add DNS_FOLLOW_CNAMES functionality (2.11) - sidrew

pull/382/head
Andy Speagle 8 years ago
parent
57c475ef64
commit
e4dbf00db2
1 changed files with 45 additions and 5 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +45
    -5
      getssl

+ 45
- 5
getssl View File

@ -184,10 +184,11 @@
# 2017-01-30 issue #243 compatibility with bash 3.0 (2.08) # 2017-01-30 issue #243 compatibility with bash 3.0 (2.08)
# 2017-01-30 issue #243 additional compatibility with bash 3.0 (2.09) # 2017-01-30 issue #243 additional compatibility with bash 3.0 (2.09)
# 2017-02-18 add OCSP Must-Staple to the domain csr generation (2.10) # 2017-02-18 add OCSP Must-Staple to the domain csr generation (2.10)
# 2018-05-03 issue #381 add DNS_FOLLOW_CNAMES functionality (2.11)
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
PROGNAME=${0##*/} PROGNAME=${0##*/}
VERSION="2.10"
VERSION="2.11"
# defaults # defaults
ACCOUNT_KEY_LENGTH=4096 ACCOUNT_KEY_LENGTH=4096
@ -203,6 +204,7 @@ CSR_SUBJECT="/"
DEACTIVATE_AUTH="false" DEACTIVATE_AUTH="false"
DEFAULT_REVOKE_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_REVOKE_CA="https://acme-v01.api.letsencrypt.org"
DNS_EXTRA_WAIT="" DNS_EXTRA_WAIT=""
DNS_FOLLOW_CNAMES="false"
DNS_WAIT=10 DNS_WAIT=10
DOMAIN_KEY_LENGTH=4096 DOMAIN_KEY_LENGTH=4096
DUAL_RSA_ECDSA="false" DUAL_RSA_ECDSA="false"
@ -1974,19 +1976,57 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
debug "checking dns at $ns" debug "checking dns at $ns"
ntries=0 ntries=0
check_dns="fail" check_dns="fail"
check_fqdn="_acme-challenge.${d}"
while [[ "$check_dns" == "fail" ]]; do while [[ "$check_dns" == "fail" ]]; do
if [[ "$os" == "cygwin" ]]; then if [[ "$os" == "cygwin" ]]; then
check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \
if [[ $DNS_FOLLOW_CNAMES == "true" ]]; then
cname_fqdn=$(nslookup -type=cname "${check_fqdn}" "${ns}" \
| grep ^_acme -A2\
| grep '"'|awk '{ print $5}')
if [[ "$cname_fqdn" != "" ]]; then
check_fqdn=$cname_fqdn
fi
fi
check_result=$(nslookup -type=txt "${check_fqdn}" "${ns}" \
| grep ^_acme -A2\ | grep ^_acme -A2\
| grep '"'|awk -F'"' '{ print $2}') | grep '"'|awk -F'"' '{ print $2}')
elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then
check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${d}" "@${ns}" \
if [[ $DNS_FOLLOW_CNAMES == "true" ]]; then
cname_fqdn=$($DNS_CHECK_FUNC CNAME "${check_fqdn}" "@${ns}" \
| grep ^_acme|awk '{ print $5}')
if [[ "$cname_fqdn" != "" ]]; then
check_fqdn=$cname_fqdn
fi
fi
check_result=$($DNS_CHECK_FUNC TXT "${check_fqdn}" "@${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}') | grep ^_acme|awk -F'"' '{ print $2}')
elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then
check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${d}" "${ns}" \
if [[ $DNS_FOLLOW_CNAMES == "true" ]]; then
cname_fqdn=$($DNS_CHECK_FUNC -t CNAME "${check_fqdn}" "${ns}" \
| grep ^_acme|awk '{ print $5}')
if [[ "$cname_fqdn" != "" ]]; then
check_fqdn=$cname_fqdn
fi
fi
check_result=$($DNS_CHECK_FUNC -t TXT "${check_fqdn}" "${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}') | grep ^_acme|awk -F'"' '{ print $2}')
else else
check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \
if [[ $DNS_FOLLOW_CNAMES == "true" ]]; then
cname_fqdn=$(nslookup -type=cname "${check_fqdn}" "${ns}" \
| grep ^_acme|awk '{ print $5}')
if [[ "$cname_fqdn" != "" ]]; then
check_fqdn=$cname_fqdn
fi
fi
check_result=$(nslookup -type=txt "${check_fqdn}" "${ns}" \
| grep ^_acme|awk -F'"' '{ print $2}') | grep ^_acme|awk -F'"' '{ print $2}')
fi fi
debug "expecting $auth_key" debug "expecting $auth_key"


Write Preview
Loading…
Cancel
Save