remove ".well-known" folder after verification

This commit is contained in:
neil 2016-01-23 10:49:38 +08:00
parent f074cb1036
commit ebcf30d02f

47
le.sh
View File

@ -374,6 +374,32 @@ _clearup () {
_restoreApache _restoreApache
} }
# webroot removelevel tokenfile
_clearupwebbroot() {
__webroot="$1"
if [ -z "$__webroot" ] ; then
_debug "no webroot specified, skip"
return 0
fi
if [ "$2" == '1' ] ; then
_debug "remove $__webroot/.well-known"
rm -rf "$__webroot/.well-known"
elif [ "$2" == '2' ] ; then
_debug "remove $__webroot/.well-known/acme-challenge"
rm -rf "$__webroot/.well-known/acme-challenge"
elif [ "$2" == '3' ] ; then
_debug "remove $__webroot/.well-known/acme-challenge/$3"
rm -rf "$__webroot/.well-known/acme-challenge/$3"
else
_err "removelevel invalid: $2"
return 1
fi
return 0
}
issue() { issue() {
if [ -z "$2" ] ; then if [ -z "$2" ] ; then
_err "Usage: le issue webroot|no|apache|dns a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no" _err "Usage: le issue webroot|no|apache|dns a.com [www.a.com,b.com,c.com]|no [key-length]|no [cert-file-path]|no [key-file-path]|no [ca-cert-file-path]|no [reloadCmd]|no"
@ -589,7 +615,8 @@ issue() {
_debug "d" "$d" _debug "d" "$d"
_debug "keyauthorization" "$keyauthorization" _debug "keyauthorization" "$keyauthorization"
_debug "uri" "$uri" _debug "uri" "$uri"
removelevel= ""
token=""
if [ "$vtype" == "$VTYPE_HTTP" ] ; then if [ "$vtype" == "$VTYPE_HTTP" ] ; then
if [ "$Le_Webroot" == "no" ] ; then if [ "$Le_Webroot" == "no" ] ; then
_info "Standalone mode server" _info "Standalone mode server"
@ -603,6 +630,14 @@ issue() {
fi fi
_debug wellknown_path "$wellknown_path" _debug wellknown_path "$wellknown_path"
if [ ! -d "$Le_Webroot/.well-known" ] ; then
removelevel='1'
elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then
removelevel='2'
else
removelevel='3'
fi
token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)" token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
_debug "writing token:$token to $wellknown_path/$token" _debug "writing token:$token to $wellknown_path/$token"
@ -620,6 +655,7 @@ issue() {
if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
_err "$d:Challenge error: $resource" _err "$d:Challenge error: $resource"
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
_clearup _clearup
return 1 return 1
fi fi
@ -631,6 +667,7 @@ issue() {
if ! _get $uri ; then if ! _get $uri ; then
_err "$d:Verify error:$resource" _err "$d:Verify error:$resource"
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
_clearup _clearup
return 1 return 1
fi fi
@ -638,12 +675,16 @@ issue() {
status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g') status=$(echo $response | egrep -o '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
if [ "$status" == "valid" ] ; then if [ "$status" == "valid" ] ; then
_info "Success" _info "Success"
_stopserver $serverproc
serverproc=""
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
break; break;
fi fi
if [ "$status" == "invalid" ] ; then if [ "$status" == "invalid" ] ; then
error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4) error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
_err "$d:Verify error:$error" _err "$d:Verify error:$error"
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
_clearup _clearup
return 1; return 1;
fi fi
@ -652,13 +693,13 @@ issue() {
_info "Pending" _info "Pending"
else else
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
_clearup _clearup
return 1 return 1
fi fi
done done
_stopserver $serverproc
serverproc=""
done done
_clearup _clearup