Browse Source

script should create world-readable verification files

This closes #32.
pull/32/head
Samuel Tardieu 9 years ago
parent
commit
8da4ec8b09
  1. 50
      le.sh

50
le.sh

@ -384,6 +384,33 @@ _clearup () {
_restoreApache
}
# webroot removelevel tokenfile
_tokenlevel() {
__path="$1/.well-known"
if [ "$2" != '1' ]; then
__path="$__path/acme-challenge"
if [ "$2" == '3' ]; then
__path="$__path/$3"
elif [ "$2" != '2' ]; then
_err "removelevel invalid: $2"
return 1
fi
fi
echo "$__path"
}
# webroot removelevel tokenfile
_fixtokenperms() {
__path=$(_tokenlevel "$@")
_debug "Setting world-readable permissions on $__path"
chmod -R og=u-w "$__path"
if [ "$EUID" == '0' ]; then
webroot_owner=$(stat -c '%U:%G' "$1")
_debug "Changing owner/group of $__path to $webroot_owner"
chown -R "$webroot_owner" "$__path"
fi
}
# webroot removelevel tokenfile
_clearupwebbroot() {
__webroot="$1"
@ -392,21 +419,9 @@ _clearupwebbroot() {
return 0
fi
if [ "$2" == '1' ] ; then
_debug "remove $__webroot/.well-known"
rm -rf "$__webroot/.well-known"
elif [ "$2" == '2' ] ; then
_debug "remove $__webroot/.well-known/acme-challenge"
rm -rf "$__webroot/.well-known/acme-challenge"
elif [ "$2" == '3' ] ; then
_debug "remove $__webroot/.well-known/acme-challenge/$3"
rm -rf "$__webroot/.well-known/acme-challenge/$3"
else
_info "skip for removelevel:$2"
fi
return 0
__path=$(_tokenlevel "$@")
_debug "remove $__path"
rm -rf "$__path"
}
issue() {
@ -652,10 +667,7 @@ issue() {
mkdir -p "$wellknown_path"
echo -n "$keyauthorization" > "$wellknown_path/$token"
webroot_owner=$(stat -c '%U:%G' $Le_Webroot)
_debug "Changing owner/group of .well-known to $webroot_owner"
chown -R $webroot_owner "$Le_Webroot/.well-known"
_fixtokenperms "$Le_Webroot" "$removelevel" "$token"
fi
fi

Loading…
Cancel
Save