Skip to content
Snippets Groups Projects
Commit d39fe885 authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

WIP: detect if dns alias mode is needed

parent 12786cf3
No related branches found
No related tags found
1 merge request!1Handle dns alias domain
Hide whitespace changes
Inline Side-by-side
Showing
with 32 additions and 5 deletions
cm.sh
+ 32
5
View file @ d39fe885
...@@ -153,14 +153,16 @@ function _certMatching(){ ...@@ -153,14 +153,16 @@ function _certMatching(){
# If dig is not found the function skips the DNS check. # If dig is not found the function skips the DNS check.
# This function is used in _gencsr # This function is used in _gencsr
# param string fqdn to check # param string fqdn to check
# param string type of dns entry; one of a|cname
function _checkDig(){ function _checkDig(){
local myfqdn=$1 local myfqdn=$1
local _type=${2:-"a"}
which dig >/dev/null which dig >/dev/null
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
_wd "CHECK: $myfqdn exists in DNS (using dig) ..." _wd "CHECK: $myfqdn exists as [$_type] in DNS (using dig) ..."
dig $myfqdn | grep -v '^;' | grep $myfqdn dig "${myfqdn}" "${_type}" | grep "^${myfqdn}"
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR: not found. Was there a typo in the hostname??" echo "ERROR: not found. Maybe there is a typo in the hostname or it does not exist in DNS."
exit 2 exit 2
fi fi
_wd "OK" _wd "OK"
...@@ -175,8 +177,32 @@ function _checkDig(){ ...@@ -175,8 +177,32 @@ function _checkDig(){
# this function is used in public_add # this function is used in public_add
function _gencsr(){ function _gencsr(){
altdns= local altdns=
_checkDig $CM_fqdn local _mydomain=
local _subdomain='_acme-challenge'
# check alt names too
# _checkDig $CM_fqdn
for _mydomain in $CM_fqdn $*
do
_wd "dig check - domain for cert"
_checkDig "$_mydomain" "a"
# if [ -n "${CM_challenge_alias}" ] && ! echo "$_mydomain" | grep "${CM_certmatch}"
if [ -n "${CM_challenge_alias}" ] && echo "$_mydomain" | grep "${CM_certmatch}" >/dev/null
then
_wd "dig check - domain with api access $_subdomain... "
_checkDig "${_subdomain}.${CM_challenge_alias}" "a"
_wd "dig check - alias $_subdomain... "
_checkDig "${_subdomain}.${_mydomain}" "cname"
fi
done
echo ABORT in _gencsr Zeile 195
exit 1
for myalt in $* for myalt in $*
do do
altdns="${altdns}DNS:$myalt," altdns="${altdns}DNS:$myalt,"
...@@ -352,6 +378,7 @@ function public_add(){ ...@@ -352,6 +378,7 @@ function public_add(){
$ACME --showcsr --csr $CM_filecsr || exit 1 $ACME --showcsr --csr $CM_filecsr || exit 1
_wd "--- create certificate" _wd "--- create certificate"
echo $ACME --signcsr --csr $CM_filecsr $ACME_Params
$ACME --signcsr --csr $CM_filecsr $ACME_Params $ACME --signcsr --csr $CM_filecsr $ACME_Params
if [ $? -ne 0 ]; then if [ $? -ne 0 ]; then
echo "ERROR: adding cert failed. Trying to delete internal data ..." echo "ERROR: adding cert failed. Trying to delete internal data ..."
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment