diff --git a/cm.sh b/cm.sh
index e839fe5001bea0370f4896e7c09c6b8f6fa0b165..a6b1956d1a1126ed80743af8774f921983021e50 100755
--- a/cm.sh
+++ b/cm.sh
@@ -153,14 +153,16 @@ function _certMatching(){
# If dig is not found the function skips the DNS check.
# This function is used in _gencsr
# param string fqdn to check
+# param string type of dns entry; one of a|cname
function _checkDig(){
local myfqdn=$1
+ local _type=${2:-"a"}
which dig >/dev/null
if [ $? -eq 0 ]; then
- _wd "CHECK: $myfqdn exists in DNS (using dig) ..."
- dig $myfqdn | grep -v '^;' | grep $myfqdn
+ _wd "CHECK: $myfqdn exists as [$_type] in DNS (using dig) ..."
+ dig "${myfqdn}" "${_type}" | grep "^${myfqdn}"
if [ $? -ne 0 ]; then
- echo "ERROR: not found. Was there a typo in the hostname??"
+ echo "ERROR: not found. Maybe there is a typo in the hostname or it does not exist in DNS."
exit 2
fi
_wd "OK"
@@ -175,8 +177,32 @@ function _checkDig(){
# this function is used in public_add
function _gencsr(){
- altdns=
- _checkDig $CM_fqdn
+ local altdns=
+ local _mydomain=
+ local _subdomain='_acme-challenge'
+
+ # check alt names too
+ # _checkDig $CM_fqdn
+
+ for _mydomain in $CM_fqdn $*
+ do
+ _wd "dig check - domain for cert"
+ _checkDig "$_mydomain" "a"
+
+ # if [ -n "${CM_challenge_alias}" ] && ! echo "$_mydomain" | grep "${CM_certmatch}"
+ if [ -n "${CM_challenge_alias}" ] && echo "$_mydomain" | grep "${CM_certmatch}" >/dev/null
+ then
+ _wd "dig check - domain with api access $_subdomain... "
+ _checkDig "${_subdomain}.${CM_challenge_alias}" "a"
+ _wd "dig check - alias $_subdomain... "
+ _checkDig "${_subdomain}.${_mydomain}" "cname"
+ fi
+ done
+
+echo ABORT in _gencsr Zeile 195
+exit 1
+
+
for myalt in $*
do
altdns="${altdns}DNS:$myalt,"
@@ -352,6 +378,7 @@ function public_add(){
$ACME --showcsr --csr $CM_filecsr || exit 1
_wd "--- create certificate"
+ echo $ACME --signcsr --csr $CM_filecsr $ACME_Params
$ACME --signcsr --csr $CM_filecsr $ACME_Params
if [ $? -ne 0 ]; then
echo "ERROR: adding cert failed. Trying to delete internal data ..."