|
173 | 173 | # 2016-12-28 tidied up upgrade tmpfile handling (1.95) |
174 | 174 | # 2017-01-01 update comments |
175 | 175 | # 2017-01-01 create stable release 2.0 (2.00) |
176 | | -# 2017-01-02 Added option to limit amount of old versions to keep (2.01) |
| 176 | +# 2017-01-02 Added option to limit number of old versions to keep (2.01) |
177 | 177 | # 2017-01-03 Created check_config function to list all obvious config issues (2.02) |
178 | 178 | # 2017-01-10 force renew if FORCE_RENEWAL file exists (2.03) |
179 | 179 | # 2017-01-12 added drill, dig or host as alternatives to nslookup (2.04) |
|
185 | 185 | # 2017-01-30 issue #243 additional compatibility with bash 3.0 (2.09) |
186 | 186 | # 2017-02-18 add OCSP Must-Staple to the domain csr generation (2.10) |
187 | 187 | # 2019-09-30 issue #423 Use HTTP 1.1 as workaround atm (2.11) |
| 188 | +# 2019-10-02 issue #425 Case insensitive processing of agreement url because of HTTP/2 (2.12) |
| 189 | +# 2019-10-07 update DNS checks to allow use of CNAMEs (2.13) |
188 | 190 | # ---------------------------------------------------------------------------------------- |
189 | 191 |
|
190 | 192 | PROGNAME=${0##*/} |
191 | | -VERSION="2.11" |
| 193 | +VERSION="2.13" |
192 | 194 |
|
193 | 195 | # defaults |
194 | 196 | ACCOUNT_KEY_LENGTH=4096 |
@@ -464,7 +466,7 @@ check_getssl_upgrade() { # check if a more recent version of code is available a |
464 | 466 | shopt -s -o noglob |
465 | 467 | IFS=$'\n' getssl_versions=($(sort <<< "${getssl_versions[*]}")) |
466 | 468 | shopt -u -o noglob |
467 | | - # Remove entries until given amount of old versions to keep is reached |
| 469 | + # Remove entries until given number of old versions to keep is reached |
468 | 470 | while [[ ${#getssl_versions[@]} -gt $_KEEP_VERSIONS ]]; do |
469 | 471 | debug "removing old version ${getssl_versions[0]}" |
470 | 472 | rm "${getssl_versions[0]}" |
@@ -938,15 +940,15 @@ help_message() { # print out the help message |
938 | 940 |
|
939 | 941 | Options: |
940 | 942 | -a, --all Check all certificates |
941 | | - -d, --debug Outputs debug information |
| 943 | + -d, --debug Output debug information |
942 | 944 | -c, --create Create default config files |
943 | 945 | -f, --force Force renewal of cert (overrides expiry checks) |
944 | 946 | -h, --help Display this help message and exit |
945 | 947 | -q, --quiet Quiet mode (only outputs on error, success of new cert, or getssl was upgraded) |
946 | | - -Q, --mute Like -q, but mutes notification about successful upgrade |
| 948 | + -Q, --mute Like -q, but also mute notification about successful upgrade |
947 | 949 | -r, --revoke "cert" "key" [CA_server] Revoke a certificate (the cert and key are required) |
948 | 950 | -u, --upgrade Upgrade getssl if a more recent version is available |
949 | | - -k, --keep "#" Maximum amount of old getssl versions to keep when upgrading |
| 951 | + -k, --keep "#" Maximum number of old getssl versions to keep when upgrading |
950 | 952 | -U, --nocheck Do not check if a more recent version is available |
951 | 953 | -w working_dir "Working directory" |
952 | 954 |
|
@@ -1483,7 +1485,7 @@ if [[ $_REVOKE -eq 1 ]]; then |
1483 | 1485 | fi |
1484 | 1486 |
|
1485 | 1487 | # get latest agreement from CA (as default) |
1486 | | -AGREEMENT=$(curl -I "${CA}/terms" 2>/dev/null | awk '$1 ~ "Location:" {print $2}'|tr -d '\r') |
| 1488 | +AGREEMENT=$(curl -I "${CA}/terms" 2>/dev/null | awk 'tolower($1) ~ "location:" {print $2}'|tr -d '\r') |
1487 | 1489 |
|
1488 | 1490 | # if nothing in command line, print help and exit. |
1489 | 1491 | if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]]; then |
@@ -1989,13 +1991,13 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then |
1989 | 1991 | | grep '"'|awk -F'"' '{ print $2}') |
1990 | 1992 | elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then |
1991 | 1993 | check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${d}" "@${ns}" \ |
1992 | | - | grep ^_acme|awk -F'"' '{ print $2}') |
| 1994 | + | grep '300 IN TXT'|awk -F'"' '{ print $2}') |
1993 | 1995 | elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then |
1994 | 1996 | check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${d}" "${ns}" \ |
1995 | | - | grep ^_acme|awk -F'"' '{ print $2}') |
| 1997 | + | grep 'descriptive text'|awk -F'"' '{ print $2}') |
1996 | 1998 | else |
1997 | 1999 | check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \ |
1998 | | - | grep ^_acme|awk -F'"' '{ print $2}') |
| 2000 | + | grep 'text ='|awk -F'"' '{ print $2}') |
1999 | 2001 | fi |
2000 | 2002 | debug "expecting $auth_key" |
2001 | 2003 | debug "${ns} gave ... $check_result" |
|
0 commit comments