- Added option to add CSR-flag indicating OCSP stapling to be mandatory
- Initial support for configuration on per-certificate base
- Support for per-CA account keys and custom config for output cert directory, license, etc.
+- Added option to select IP version of name to address resolution
## Fixed
- letsencrypt.sh no longer stores account keys from invalid registrations
--env (-e) Output configuration variables for use in other scripts
Parameters:
+ --ipv4 (-4) Resolve names to IPv4 addresses only
+ --ipv6 (-6) Resolve names to IPv6 addresses only
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--ocsp Sets option in CSR indicating OCSP stapling to be mandatory
__HOOK_CHAIN="${HOOK_CHAIN}"
__OPENSSL_CNF="${OPENSSL_CNF}"
__RENEW_DAYS="${RENEW_DAYS}"
+ __IP_VERSION="${IP_VERSION}"
}
reset_configvars() {
HOOK_CHAIN="${__HOOK_CHAIN}"
OPENSSL_CNF="${__OPENSSL_CNF}"
RENEW_DAYS="${__RENEW_DAYS}"
+ IP_VERSION="${__IP_VERSION}"
}
# verify configuration values
_exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
fi
[[ "${KEY_ALGO}" =~ ^(rsa|prime256v1|secp384r1)$ ]] || _exiterr "Unknown public key algorithm ${KEY_ALGO}... can not continue."
+ if [[ -n "${IP_VERSION}" ]]; then
+ [[ "${IP_VERSION}" = "4" || "${IP_VERSION}" = "6" ]] || _exiterr "Unknown IP version ${IP_VERSION}... can not continue."
+ fi
}
# Setup default config values, search for and load configuration files
CONTACT_EMAIL=
LOCKFILE=
OCSP_MUST_STAPLE="no"
+ IP_VERSION=
if [[ -z "${CONFIG:-}" ]]; then
echo "#" >&2
[[ -n "${PARAM_CHALLENGETYPE:-}" ]] && CHALLENGETYPE="${PARAM_CHALLENGETYPE}"
[[ -n "${PARAM_KEY_ALGO:-}" ]] && KEY_ALGO="${PARAM_KEY_ALGO}"
[[ -n "${PARAM_OCSP_MUST_STAPLE:-}" ]] && OCSP_MUST_STAPLE="${PARAM_OCSP_MUST_STAPLE}"
+ [[ -n "${PARAM_IP_VERSION:-}" ]] && IP_VERSION="${PARAM_IP_VERSION}"
verify_config
store_configvars
http_request() {
tempcont="$(_mktemp)"
+ if [[ -n "${IP_VERSION:-}" ]]; then
+ ip_version="-${IP_VERSION}"
+ fi
+
set +e
if [[ "${1}" = "head" ]]; then
- statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
+ statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
curlret="${?}"
elif [[ "${1}" = "get" ]]; then
- statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}")"
+ statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}")"
curlret="${?}"
elif [[ "${1}" = "post" ]]; then
- statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -d "${3}")"
+ statuscode="$(curl ${ip_version:-} -s -w "%{http_code}" -o "${tempcont}" "${2}" -d "${3}")"
curlret="${?}"
else
set -e
set_command cleanup
;;
+ # PARAM_Usage: --ipv4 (-4)
+ # PARAM_Description: Resolve names to IPv4 addresses only
+ --ipv4|-4)
+ PARAM_IP_VERSION="4"
+ ;;
+
+ # PARAM_Usage: --ipv6 (-6)
+ # PARAM_Description: Resolve names to IPv6 addresses only
+ --ipv6|-6)
+ PARAM_IP_VERSION="6"
+ ;;
+
# PARAM_Usage: --domain (-d) domain.tld
# PARAM_Description: Use specified domain name(s) instead of domains.txt entry (one certificate!)
--domain|-d)