From ebcf30d02ffcfd2839f599876603cc69052275de Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 23 Jan 2016 10:49:38 +0800 Subject: [PATCH] remove ".well-known" folder after verification --- le.sh | 51 ++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 46 insertions(+), 5 deletions(-) diff --git a/le.sh b/le.sh index e024395a..3badaa3c 100755 --- a/le.sh +++ b/le.sh @@ -374,6 +374,32 @@ _clearup () { _restoreApache } +# webroot removelevel tokenfile +_clearupwebbroot() { + __webroot="$1" + if [ -z "$__webroot" ] ; then + _debug "no webroot specified, skip" + return 0 + fi + + if [ "$2" == '1' ] ; then + _debug "remove $__webroot/.well-known" + rm -rf "$__webroot/.well-known" + elif [ "$2" == '2' ] ; then + _debug "remove $__webroot/.well-known/acme-challenge" + rm -rf "$__webroot/.well-known/acme-challenge" + elif [ "$2" == '3' ] ; then + _debug "remove $__webroot/.well-known/acme-challenge/$3" + rm -rf "$__webroot/.well-known/acme-challenge/$3" + else + _err "removelevel invalid: $2" + return 1 + fi + + return 0 + +} + issue() { if [ -z "$2" ] ; then _err "Usage: le issue webroot|no|apache|dns a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no" @@ -589,7 +615,8 @@ issue() { _debug "d" "$d" _debug "keyauthorization" "$keyauthorization" _debug "uri" "$uri" - + removelevel= "" + token="" if [ "$vtype" == "$VTYPE_HTTP" ] ; then if [ "$Le_Webroot" == "no" ] ; then _info "Standalone mode server" @@ -602,7 +629,15 @@ issue() { wellknown_path="$Le_Webroot/.well-known/acme-challenge" fi _debug wellknown_path "$wellknown_path" - + + if [ ! -d "$Le_Webroot/.well-known" ] ; then + removelevel='1' + elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then + removelevel='2' + else + removelevel='3' + fi + token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)" _debug "writing token:$token to $wellknown_path/$token" @@ -620,6 +655,7 @@ issue() { if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then _err "$d:Challenge error: $resource" + _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1 fi @@ -631,6 +667,7 @@ issue() { if ! _get $uri ; then _err "$d:Verify error:$resource" + _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1 fi @@ -638,12 +675,16 @@ issue() { status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g') if [ "$status" == "valid" ] ; then _info "Success" + _stopserver $serverproc + serverproc="" + _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" break; fi if [ "$status" == "invalid" ] ; then error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) _err "$d:Verify error:$error" + _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1; fi @@ -652,13 +693,13 @@ issue() { _info "Pending" else _err "$d:Verify error:$response" + _clearupwebbroot "$Le_Webroot" "$removelevel" "$token" _clearup return 1 fi done - _stopserver $serverproc - serverproc="" + done _clearup @@ -669,7 +710,7 @@ issue() { Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)" _setopt "$DOMAIN_CONF" "Le_LinkCert" "=" "$Le_LinkCert" - + if [ "$Le_LinkCert" ] ; then echo -----BEGIN CERTIFICATE----- > "$CERT_PATH" curl --silent "$Le_LinkCert" | base64 >> "$CERT_PATH"