Added option to select IP version of name to address resolution (#231)

diff --git a/CHANGELOG b/CHANGELOG
index e6cd34339b5556aca0625d352411cf95533aca22..6d4948087618db2f1d8576d0b125120fa8896517 100644 (file)
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -13,6 +13,7 @@ This file contains a log of major changes in letsencrypt.sh
 - Added option to add CSR-flag indicating OCSP stapling to be mandatory
 - Initial support for configuration on per-certificate base
 - Support for per-CA account keys and custom config for output cert directory, license, etc.
 - Added option to add CSR-flag indicating OCSP stapling to be mandatory
 - Initial support for configuration on per-certificate base
 - Support for per-CA account keys and custom config for output cert directory, license, etc.

+- Added option to select IP version of name to address resolution

 
 ## Fixed
 - letsencrypt.sh no longer stores account keys from invalid registrations
 
 ## Fixed
 - letsencrypt.sh no longer stores account keys from invalid registrations

diff --git a/README.md b/README.md
index 65632430bbfed0a08e5d15cb0bf7c3bc615dae84..9656daed5ca1db89af8437dc47aa900b110c5535 100644 (file)
--- a/README.md
+++ b/README.md
@@ -41,6 +41,8 @@ Commands:
  --env (-e)                       Output configuration variables for use in other scripts
 
 Parameters:
  --env (-e)                       Output configuration variables for use in other scripts
 
 Parameters:

+ --ipv4 (-4)                      Resolve names to IPv4 addresses only
+ --ipv6 (-6)                      Resolve names to IPv6 addresses only

  --domain (-d) domain.tld         Use specified domain name(s) instead of domains.txt entry (one certificate!)
  --force (-x)                     Force renew of certificate even if it is longer valid than value in RENEW_DAYS
  --ocsp                           Sets option in CSR indicating OCSP stapling to be mandatory
  --domain (-d) domain.tld         Use specified domain name(s) instead of domains.txt entry (one certificate!)
  --force (-x)                     Force renew of certificate even if it is longer valid than value in RENEW_DAYS
  --ocsp                           Sets option in CSR indicating OCSP stapling to be mandatory

diff --git a/docs/examples/config b/docs/examples/config
index 298eb04ea77c412d764449a3f7b92b14ba66818e..f7009e1df854a08b030e40bbc55451cb1364d8ca 100644 (file)
--- a/docs/examples/config
+++ b/docs/examples/config
@@ -10,6 +10,11 @@
 # Default values of this config are in comments        #
 ########################################################
 
 # Default values of this config are in comments        #
 ########################################################
 

+# Resolve names to addresses of IP version only. (curl)
+# supported values: 4, 6
+# default: <unset>
+#IP_VERSION=
+

 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 #CA="https://acme-v01.api.letsencrypt.org/directory"
 
 # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
 #CA="https://acme-v01.api.letsencrypt.org/directory"
 

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 6c42c12b1226e007e85fd48a701819a1281ba4ed..4b670c03275ec15a0430bf24ac77bd156e40e41e 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -58,6 +58,7 @@ store_configvars() {
   __HOOK_CHAIN="${HOOK_CHAIN}"
   __OPENSSL_CNF="${OPENSSL_CNF}"
   __RENEW_DAYS="${RENEW_DAYS}"
   __HOOK_CHAIN="${HOOK_CHAIN}"
   __OPENSSL_CNF="${OPENSSL_CNF}"
   __RENEW_DAYS="${RENEW_DAYS}"

+  __IP_VERSION="${IP_VERSION}"

 }
 
 reset_configvars() {
 }
 
 reset_configvars() {


@@ -71,6 +72,7 @@ reset_configvars() {
   HOOK_CHAIN="${__HOOK_CHAIN}"
   OPENSSL_CNF="${__OPENSSL_CNF}"
   RENEW_DAYS="${__RENEW_DAYS}"
   HOOK_CHAIN="${__HOOK_CHAIN}"
   OPENSSL_CNF="${__OPENSSL_CNF}"
   RENEW_DAYS="${__RENEW_DAYS}"

+  IP_VERSION="${__IP_VERSION}"

 }
 
 # verify configuration values
 }
 
 # verify configuration values


@@ -83,6 +85,9 @@ verify_config() {
     _exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
   fi
   [[ "${KEY_ALGO}" =~ ^(rsa|prime256v1|secp384r1)$ ]] || _exiterr "Unknown public key algorithm ${KEY_ALGO}... can not continue."
     _exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
   fi
   [[ "${KEY_ALGO}" =~ ^(rsa|prime256v1|secp384r1)$ ]] || _exiterr "Unknown public key algorithm ${KEY_ALGO}... can not continue."

+  if [[ -n "${IP_VERSION}" ]]; then
+    [[ "${IP_VERSION}" = "4" || "${IP_VERSION}" = "6" ]] || _exiterr "Unknown IP version ${IP_VERSION}... can not continue."
+  fi

 }
 
 # Setup default config values, search for and load configuration files
 }
 
 # Setup default config values, search for and load configuration files


@@ -118,6 +123,7 @@ load_config() {
   CONTACT_EMAIL=
   LOCKFILE=
   OCSP_MUST_STAPLE="no"
   CONTACT_EMAIL=
   LOCKFILE=
   OCSP_MUST_STAPLE="no"

+  IP_VERSION=

 
   if [[ -z "${CONFIG:-}" ]]; then
     echo "#" >&2
 
   if [[ -z "${CONFIG:-}" ]]; then
     echo "#" >&2


@@ -183,6 +189,7 @@ load_config() {
   [[ -n "${PARAM_CHALLENGETYPE:-}" ]] && CHALLENGETYPE="${PARAM_CHALLENGETYPE}"
   [[ -n "${PARAM_KEY_ALGO:-}" ]] && KEY_ALGO="${PARAM_KEY_ALGO}"
   [[ -n "${PARAM_OCSP_MUST_STAPLE:-}" ]] && OCSP_MUST_STAPLE="${PARAM_OCSP_MUST_STAPLE}"
   [[ -n "${PARAM_CHALLENGETYPE:-}" ]] && CHALLENGETYPE="${PARAM_CHALLENGETYPE}"
   [[ -n "${PARAM_KEY_ALGO:-}" ]] && KEY_ALGO="${PARAM_KEY_ALGO}"
   [[ -n "${PARAM_OCSP_MUST_STAPLE:-}" ]] && OCSP_MUST_STAPLE="${PARAM_OCSP_MUST_STAPLE}"

+  [[ -n "${PARAM_IP_VERSION:-}" ]] && IP_VERSION="${PARAM_IP_VERSION}"

 
   verify_config
   store_configvars
 
   verify_config
   store_configvars


@@ -316,15 +323,19 @@ _openssl() {
 http_request() {
   tempcont="$(_mktemp)"
 
 http_request() {
   tempcont="$(_mktemp)"
 

+  if [[ -n "${IP_VERSION:-}" ]]; then
+      ip_version="-${IP_VERSION}"
+  fi
+

   set +e
   if [[ "${1}" = "head" ]]; then
   set +e
   if [[ "${1}" = "head" ]]; then

-    statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
+    statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"

     curlret="${?}"
   elif [[ "${1}" = "get" ]]; then
     curlret="${?}"
   elif [[ "${1}" = "get" ]]; then

-    statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}")"
+    statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}")"

     curlret="${?}"
   elif [[ "${1}" = "post" ]]; then
     curlret="${?}"
   elif [[ "${1}" = "post" ]]; then

-    statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -d "${3}")"
+    statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}" -d "${3}")"

     curlret="${?}"
   else
     set -e
     curlret="${?}"
   else
     set -e


@@ -957,6 +968,18 @@ main() {
         set_command cleanup
         ;;
 
         set_command cleanup
         ;;
 

+      # PARAM_Usage: --ipv4 (-4)
+      # PARAM_Description: Resolve names to IPv4 addresses only
+      --ipv4|-4)
+        PARAM_IP_VERSION="4"
+        ;;
+
+      # PARAM_Usage: --ipv6 (-6)
+      # PARAM_Description: Resolve names to IPv6 addresses only
+      --ipv6|-6)
+        PARAM_IP_VERSION="6"
+        ;;
+

       # PARAM_Usage: --domain (-d) domain.tld
       # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
       --domain|-d)
       # PARAM_Usage: --domain (-d) domain.tld
       # PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
       --domain|-d)