style: [[ ... ]] is preferred over [, test and /usr/bin/[.

https://google.github.io/styleguide/shell.xml#Test,_%5B_and_%5B%5B

letsencrypt.sh

@@ -47,18 +47,20 @@ hex2bin() {
 
 _request() {
   temperr="$(mktemp)"
-  if [ "${1}" = "head" ]; then
-    curl -sSf -I "${2}" 2>"${temperr}"
-  elif [ "${1}" = "get" ]; then
-    curl -sSf "${2}" 2>"${temperr}"
-  elif [ "${1}" = "post" ]; then
-    curl -sSf "${2}" -d "${3}" 2>"${temperr}"
+  if [[ "${1}" = "head" ]]; then
+    curl -sSf -I "${2}" 2>${temperr}
+  elif [[ "${1}" = "get" ]]; then
+    curl -sSf "${2}" 2>${temperr}
+  elif [[ "${1}" = "post" ]]; then
+    curl -sSf "${2}" -d "${3}" 2>${temperr}
   fi
-  if [ -s "${temperr}" ]; then
-      echo "  + ERROR: An error occurred while sending ${1}-request to ${2} ($(<"${temperr}"))" >&2
-      rm -f "${temperr}"
-      exit 1
+
+  if [[ ! -z "$(<${temperr})" ]]; then
+    echo "  + ERROR: An error occured while sending ${1}-request to ${2} ($(<"${temperr}"))" >&2
+    rm -f "${temperr}"
+    exit 1
   fi
+
   rm -f "${temperr}"
 }
 
@@ -91,7 +93,7 @@ sign_domain() {
   echo "Signing domain ${1} (${*})..."
 
   # If there is no existing certificate directory we need a new private key
-  if [ ! -e "certs/${domain}" ]; then
+  if [[ ! -e "certs/${domain}" ]]; then
     mkdir -p "certs/${domain}"
     echo "  + Generating private key..."
     openssl genrsa -out "certs/${domain}/privkey.pem" 4096 2> /dev/null > /dev/null
@@ -115,7 +117,7 @@ sign_domain() {
     challenge_token="$(printf '%s\n' "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"token":\s*"[^"]*"' | cut -d'"' -f4 | sed 's/[^A-Za-z0-9_\-]/_/g')"
     challenge_uri="$(printf '%s\n' "${response}" | grep -Eo '"challenges":[^\[]*\[[^]]*]' | sed 's/{/\n{/g' | grep 'http-01' | grep -Eo '"uri":\s*"[^"]*"' | cut -d'"' -f4)"
 
-    if [ -z "${challenge_token}" ] || [ -z "${challenge_uri}" ]; then
+    if [[ -z "${challenge_token}" ]] || [[ -z "${challenge_uri}" ]]; then
       echo "  + Error: Can't retrieve challenges (${response})"
       exit 1
     fi
@@ -137,12 +139,12 @@ sign_domain() {
     result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"
 
     status="$(printf '%s\n' "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
-    if [ ! "${status}" = "pending" ] && [ ! "${status}" = "valid" ]; then
+    if [[ ! "${status}" = "pending" ]] && [[ ! "${status}" = "valid" ]]; then
       echo "  + Challenge is invalid! (${result})"
       exit 1
     fi
 
-    while [ "${status}" = "pending" ]; do
+    while [[ "${status}" = "pending" ]]; do
       status="$(_request get "${challenge_uri}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
       sleep 1
     done
@@ -160,7 +162,7 @@ sign_domain() {
 
 # Check if private key exists, if it doesn't exist yet generate a new one (4096bit rsa key)
 register="0"
-if [ ! -e "private_key.pem" ]; then
+if [[ ! -e "private_key.pem" ]]; then
   echo "+ Generating account key..."
   openssl genrsa -out "private_key.pem" 4096 2> /dev/null > /dev/null
   register="1"
@@ -173,7 +175,7 @@ pubMod64="$(printf '%s' "$(openssl rsa -in private_key.pem -noout -modulus | cut
 thumbprint="$(printf '%s' "$(printf '%s' '{"e":"'"${pubExponent64}"'","kty":"RSA","n":"'"${pubMod64}"'"}' | shasum -a 256 | awk '{print $1}')" | hex2bin | urlbase64)"
 
 # If we generated a new private key in the step above we have to register it with the acme-server
-if [ "${register}" = "1" ]; then
+if [[ "${register}" = "1" ]]; then
   echo "+ Registering account key with letsencrypt..."
   signed_request "${CA}/acme/new-reg" '{"resource": "new-reg", "agreement": "'"$LICENSE"'"}' > /dev/null
 fi