Rewrite to use a hook script only.

e0b94a68 · Kazuhiko Shiozaki · ba3ee2e0 · e0b94a68 · e0b94a68 · e0b94a68
Commit e0b94a68 authored May 25, 2016 by Kazuhiko Shiozaki
Hide whitespace changes
Inline Side-by-side

Showing with 40 additions and 7 deletions

README-zope.md README-zope.md +8 -5

letsencrypt.sh letsencrypt.sh +0 -2

zope-hook.sh zope-hook.sh +32 -0

No files found.
--- a/README-zope.md
+++ b/README-zope.md
 First, prepare target Zope folder beforehand so that URL like http://example.com/.well-known/acme-challenge/xxx works.
-Set following values in the config file:
+Next, you need to provide Zope's username and password in ~/.netrc like :
- URL=http://example.com/.well-known/acme-challenge
- USER=zope_user
+```text
- PASSWORD=zope_password
+machine example.com
+login zope_username
+password zope_password
+```
 Now you can invoke the script like :
 ```text
-./letsencrypt.sh --cron --domain example.com --config path/to/config
+./letsencrypt.sh --cron --domain example.com --hook ./zope-hook.sh
 ```
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -403,7 +403,6 @@ sign_csr() {
        # Store challenge response in well-known location and make world-readable (so that a webserver can access it)
        printf '%s' "${keyauth}" > "${WELLKNOWN}/${challenge_token}"
        chmod a+r "${WELLKNOWN}/${challenge_token}"
-        curl -u "${USER}:${PASSWORD}" -F "id=${challenge_token}" -F "file=@${WELLKNOWN}/${challenge_token}" "${URL}/manage_addFile"
        keyauth_hook="${keyauth}"
        ;;
      "dns-01")
@@ -447,7 +446,6 @@ sign_csr() {
    done
    [[ "${CHALLENGETYPE}" = "http-01" ]] && rm -f "${WELLKNOWN}/${challenge_token}"
-    [[ "${CHALLENGETYPE}" = "http-01" ]] && curl -u "${USER}:${PASSWORD}" -F "ids:list=${challenge_token}" "${URL}/manage_delObjects"
    # Wait for hook script to clean the challenge if used
    if [[ -n "${HOOK}" ]] && [[ "${HOOK_CHAIN}" != "yes" ]] && [[ -n "${challenge_token}" ]]; then

--- a/zope-hook.sh
+++ b/zope-hook.sh
+#!/usr/bin/env bash
+set -e
+set -u
+set -o pipefail
+domain="${2}"
+challenge_token="${3}"
+case "${1}" in
+    "deploy_challenge")
+        url_effective="$(curl -s -n -L -o /dev/null -w "%{url_effective}" -F "id=${challenge_token}" -F "file=@${WELLKNOWN}/${challenge_token}" "https://${domain}/.well-known/acme-challenge/manage_addFile")"
+        if [[ "${url_effective}" != "https://${domain}/.well-known/acme-challenge/manage_main" ]]; then
+            url_effective="$(curl -s -n -L -o /dev/null -w "%{url_effective}" -F "id=${challenge_token}" -F "file=@${WELLKNOWN}/${challenge_token}" "http://${domain}/.well-known/acme-challenge/manage_addFile")"
+            if [[ "${url_effective}" != "http://${domain}/.well-known/acme-challenge/manage_main" ]]; then
+		echo 'Failed'
+		exit 1
+	    fi
+	fi
+    ;;
+    "clean_challenge")
+        url_effective="$(curl -s -n -L -o /dev/null -w "%{url_effective}" -F "ids:list=${challenge_token}" "https://${domain}/.well-known/acme-challenge/manage_delObjects")"
+        if [[ "${url_effective}" != "https://${domain}/.well-known/acme-challenge/manage_delObjects" ]]; then
+            url_effective="$(curl -s -n -L -o /dev/null -w "%{url_effective}" -F "ids:list=${challenge_token}" "http://${domain}/.well-known/acme-challenge/manage_delObjects")"
+            if [[ "${url_effective}" != "http://${domain}/.well-known/acme-challenge/manage_delObjects" ]]; then
+		echo 'Failed'
+		exit 1
+	    fi
+	fi
+    ;;
+esac
+exit 0