From de17389245afc03ed938aac12aed1b47ace76759 Mon Sep 17 00:00:00 2001 From: Lukas Schauer Date: Fri, 8 Jan 2016 22:51:57 +0100 Subject: [PATCH] cleanup for dns-01-challenge-support code --- letsencrypt.sh | 46 ++++++++++++++++++---------------------------- 1 file changed, 18 insertions(+), 28 deletions(-) diff --git a/letsencrypt.sh b/letsencrypt.sh index 091ee95..91ff2fc 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -33,7 +33,7 @@ load_config() { # Default values CA="https://acme-v01.api.letsencrypt.org/directory" LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf" - CHALLENGETYPE="http-01" + CHALLENGETYPE="http-01" HOOK= RENEW_DAYS="30" PRIVATE_KEY="${BASEDIR}/private_key.pem" @@ -63,22 +63,12 @@ load_config() { # Check BASEDIR and set default variables [[ -d "${BASEDIR}" ]] || _exiterr "BASEDIR does not exist: ${BASEDIR}" - if [[ -n "${PARAM_HOOK:-}" ]]; then - HOOK="${PARAM_HOOK}" - fi - - if [[ -n "${PARAM_CHALLENGETYPE:-}" ]]; then - CHALLENGETYPE="${PARAM_CHALLENGETYPE}" - fi - - case "${CHALLENGETYPE}" in - http-01|dns-01) ;; # We suppport these types - *) echo "Unknown challenge type ${CHALLENGETYPE} ... can not continue"; exit 1;; - esac + [[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}" + [[ -n "${PARAM_CHALLENGETYPE:-}" ]] && CHALLENGETYPE="${PARAM_CHALLENGETYPE}" + [[ "${CHALLENGETYPE}" =~ (http-01|dns-01) ]] || _exiterr "Unknown challenge type ${CHALLENGETYPE}... can not continue." if [[ "${CHALLENGETYPE}" = "dns-01" ]] && [[ -z "${HOOK}" ]]; then - echo "Challenge type dns-01 needs a hook script for deployment ... can not continue" - exit 1 + _exiterr "Challenge type dns-01 needs a hook script for deployment... can not continue." fi } @@ -296,16 +286,18 @@ sign_domain() { # Challenge response consists of the challenge token and the thumbprint of our public certificate keyauth="${challenge_token}.${thumbprint}" - if [[ "${CHALLENGETYPE}" = "http-01" ]]; then - # Store challenge response in well-known location and make world-readable (so that a webserver can access it) - printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}" - chmod a+r "${WELLKNOWN}/${challenge_token}" - fi - - keyauth_hook="${keyauth}" - if [[ "${CHALLENGETYPE}" = "dns-01" ]]; then - keyauth_hook="$(printf '%s' "${keyauth}" | openssl sha -sha256 -binary | urlbase64)" - fi + case "${CHALLENGETYPE}" in + "http-01") + # Store challenge response in well-known location and make world-readable (so that a webserver can access it) + printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}" + chmod a+r "${WELLKNOWN}/${challenge_token}" + keyauth_hook="${keyauth}" + ;; + "dns-01") + # Generate DNS entry content for dns-01 validation + keyauth_hook="$(printf '%s' "${keyauth}" | openssl sha -sha256 -binary | urlbase64)" + ;; + esac # Wait for hook script to deploy the challenge if used [[ -n "${HOOK}" ]] && ${HOOK} "deploy_challenge" "${altname}" "${challenge_token}" "${keyauth_hook}" @@ -321,9 +313,7 @@ sign_domain() { status="$(http_request get "${challenge_uri}" | get_json_string_value status)" done - if [[ "${CHALLENGETYPE}" = "http-01" ]]; then - rm -f "${WELLKNOWN}/${challenge_token}" - fi + [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_token}" # Wait for hook script to clean the challenge if used if [[ -n "${HOOK}" ]] && [[ -n "${challenge_token}" ]]; then -- 2.39.5