mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
If a domain was already verified by http-01 method, when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge. This behavior is not the same as before. I believe it was changed by the letsencrypt CA.
This commit is contained in:
parent
05aa26e619
commit
4f303de00c
78
acme.sh
78
acme.sh
@ -4119,45 +4119,59 @@ $_authorizations_map"
|
||||
|
||||
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
||||
_debug entry "$entry"
|
||||
keyauthorization=""
|
||||
if [ -z "$entry" ]; then
|
||||
_err "Error, can not get domain token entry $d"
|
||||
_supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
|
||||
if [ "$_supported_vtypes" ]; then
|
||||
_err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
|
||||
_err "Error, can not get domain token entry $d for $vtype"
|
||||
if ! _startswith "$d" '*.'; then
|
||||
_debug "Not a wildcard domain, lets check whether the validation is already valid."
|
||||
if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
||||
_debug "$d is already valid."
|
||||
keyauthorization="$STATE_VERIFIED"
|
||||
_debug keyauthorization "$keyauthorization"
|
||||
fi
|
||||
fi
|
||||
if [ -z "$keyauthorization" ]; then
|
||||
_supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
|
||||
if [ "$_supported_vtypes" ]; then
|
||||
_err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
|
||||
fi
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
|
||||
_debug token "$token"
|
||||
|
||||
if [ -z "$token" ]; then
|
||||
_err "Error, can not get domain token $entry"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
if [ "$ACME_VERSION" = "2" ]; then
|
||||
uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)"
|
||||
else
|
||||
uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)"
|
||||
fi
|
||||
_debug uri "$uri"
|
||||
if [ -z "$keyauthorization" ]; then
|
||||
token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
|
||||
_debug token "$token"
|
||||
|
||||
if [ -z "$uri" ]; then
|
||||
_err "Error, can not get domain uri. $entry"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
keyauthorization="$token.$thumbprint"
|
||||
_debug keyauthorization "$keyauthorization"
|
||||
if [ -z "$token" ]; then
|
||||
_err "Error, can not get domain token $entry"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
if [ "$ACME_VERSION" = "2" ]; then
|
||||
uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)"
|
||||
else
|
||||
uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)"
|
||||
fi
|
||||
_debug uri "$uri"
|
||||
|
||||
if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
||||
_debug "$d is already verified."
|
||||
keyauthorization="$STATE_VERIFIED"
|
||||
if [ -z "$uri" ]; then
|
||||
_err "Error, can not get domain uri. $entry"
|
||||
_clearup
|
||||
_on_issue_err "$_post_hook"
|
||||
return 1
|
||||
fi
|
||||
keyauthorization="$token.$thumbprint"
|
||||
_debug keyauthorization "$keyauthorization"
|
||||
|
||||
if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
||||
_debug "$d is already verified."
|
||||
keyauthorization="$STATE_VERIFIED"
|
||||
_debug keyauthorization "$keyauthorization"
|
||||
fi
|
||||
fi
|
||||
|
||||
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot"
|
||||
|
Loading…
Reference in New Issue
Block a user