mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-22 13:11:41 +00:00
remove ".well-known" folder after verification
This commit is contained in:
parent
f074cb1036
commit
ebcf30d02f
51
le.sh
51
le.sh
@ -374,6 +374,32 @@ _clearup () {
|
|||||||
_restoreApache
|
_restoreApache
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# webroot removelevel tokenfile
|
||||||
|
_clearupwebbroot() {
|
||||||
|
__webroot="$1"
|
||||||
|
if [ -z "$__webroot" ] ; then
|
||||||
|
_debug "no webroot specified, skip"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$2" == '1' ] ; then
|
||||||
|
_debug "remove $__webroot/.well-known"
|
||||||
|
rm -rf "$__webroot/.well-known"
|
||||||
|
elif [ "$2" == '2' ] ; then
|
||||||
|
_debug "remove $__webroot/.well-known/acme-challenge"
|
||||||
|
rm -rf "$__webroot/.well-known/acme-challenge"
|
||||||
|
elif [ "$2" == '3' ] ; then
|
||||||
|
_debug "remove $__webroot/.well-known/acme-challenge/$3"
|
||||||
|
rm -rf "$__webroot/.well-known/acme-challenge/$3"
|
||||||
|
else
|
||||||
|
_err "removelevel invalid: $2"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
return 0
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
issue() {
|
issue() {
|
||||||
if [ -z "$2" ] ; then
|
if [ -z "$2" ] ; then
|
||||||
_err "Usage: le issue webroot|no|apache|dns a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
|
_err "Usage: le issue webroot|no|apache|dns a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
|
||||||
@ -589,7 +615,8 @@ issue() {
|
|||||||
_debug "d" "$d"
|
_debug "d" "$d"
|
||||||
_debug "keyauthorization" "$keyauthorization"
|
_debug "keyauthorization" "$keyauthorization"
|
||||||
_debug "uri" "$uri"
|
_debug "uri" "$uri"
|
||||||
|
removelevel= ""
|
||||||
|
token=""
|
||||||
if [ "$vtype" == "$VTYPE_HTTP" ] ; then
|
if [ "$vtype" == "$VTYPE_HTTP" ] ; then
|
||||||
if [ "$Le_Webroot" == "no" ] ; then
|
if [ "$Le_Webroot" == "no" ] ; then
|
||||||
_info "Standalone mode server"
|
_info "Standalone mode server"
|
||||||
@ -602,7 +629,15 @@ issue() {
|
|||||||
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
wellknown_path="$Le_Webroot/.well-known/acme-challenge"
|
||||||
fi
|
fi
|
||||||
_debug wellknown_path "$wellknown_path"
|
_debug wellknown_path "$wellknown_path"
|
||||||
|
|
||||||
|
if [ ! -d "$Le_Webroot/.well-known" ] ; then
|
||||||
|
removelevel='1'
|
||||||
|
elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then
|
||||||
|
removelevel='2'
|
||||||
|
else
|
||||||
|
removelevel='3'
|
||||||
|
fi
|
||||||
|
|
||||||
token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
|
token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
|
||||||
_debug "writing token:$token to $wellknown_path/$token"
|
_debug "writing token:$token to $wellknown_path/$token"
|
||||||
|
|
||||||
@ -620,6 +655,7 @@ issue() {
|
|||||||
|
|
||||||
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
|
||||||
_err "$d:Challenge error: $resource"
|
_err "$d:Challenge error: $resource"
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -631,6 +667,7 @@ issue() {
|
|||||||
|
|
||||||
if ! _get $uri ; then
|
if ! _get $uri ; then
|
||||||
_err "$d:Verify error:$resource"
|
_err "$d:Verify error:$resource"
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
@ -638,12 +675,16 @@ issue() {
|
|||||||
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
|
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
|
||||||
if [ "$status" == "valid" ] ; then
|
if [ "$status" == "valid" ] ; then
|
||||||
_info "Success"
|
_info "Success"
|
||||||
|
_stopserver $serverproc
|
||||||
|
serverproc=""
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
break;
|
break;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$status" == "invalid" ] ; then
|
if [ "$status" == "invalid" ] ; then
|
||||||
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
|
||||||
_err "$d:Verify error:$error"
|
_err "$d:Verify error:$error"
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
return 1;
|
return 1;
|
||||||
fi
|
fi
|
||||||
@ -652,13 +693,13 @@ issue() {
|
|||||||
_info "Pending"
|
_info "Pending"
|
||||||
else
|
else
|
||||||
_err "$d:Verify error:$response"
|
_err "$d:Verify error:$response"
|
||||||
|
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
|
||||||
_clearup
|
_clearup
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done
|
done
|
||||||
_stopserver $serverproc
|
|
||||||
serverproc=""
|
|
||||||
done
|
done
|
||||||
|
|
||||||
_clearup
|
_clearup
|
||||||
@ -669,7 +710,7 @@ issue() {
|
|||||||
|
|
||||||
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
|
Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
|
||||||
_setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert"
|
_setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert"
|
||||||
|
|
||||||
if [ "$Le_LinkCert" ] ; then
|
if [ "$Le_LinkCert" ] ; then
|
||||||
echo -----BEGIN CERTIFICATE----- > "$CERT_PATH"
|
echo -----BEGIN CERTIFICATE----- > "$CERT_PATH"
|
||||||
curl --silent "$Le_LinkCert" | base64 >> "$CERT_PATH"
|
curl --silent "$Le_LinkCert" | base64 >> "$CERT_PATH"
|
||||||
|
Loading…
Reference in New Issue
Block a user