Commit 1ce890e9 authored by Paul Cammish's avatar Paul Cammish
Browse files

Fix issue with expired LE certs in bundle

parent e87c2278
#!/bin/bash -e
# Workaround wrapper script for sympl-ssl to fix a bug in IPv6 only resolution of the LE API DNS.
# Workaround wrapper script for sympl-ssl to deal with bugs:
# 1. in IPv6 only resolution of the LE API DNS
# 2. with extra expired LE intermediates which sympl-ssl considers invalid
# If theres no IPv4 address assigned...
if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa | grep -c ':' ) != 0 ] ; then
......@@ -20,3 +22,10 @@ else
# Just run it nomally...
/usr/sbin/sympl-ssl.rb $@
fi
find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -exec grep -lx '^MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/$' {} \; | while read file ; do
input="$( cat "$file" | tr '\n' '\t' )"
echo -e "$input" \
| sed 's|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----\t-----BEGIN CERTIFICATE-----\tMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\t.*\tDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\t-----END CERTIFICATE-----|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----|' \
| tr '\t' '\n' > "$file"
done
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment