Commit 3ac76f8d authored by Paul Cammish's avatar Paul Cammish
Browse files

Workaround for Let's Encrypt cross-signed intermediate

parent 92916f06
CHANGELOG
---------
2021-10-03
sympl-core
* Workaround for Let's Encrypt cross-signed intermediate
2021-04-09
sympl-core
* Update sympl.host to sympl.io
......
sympl-core (10.20211003.0) stable; urgency=medium
* Workaround for Let's Encrypt cross-signed intermediate
-- Paul Cammish <sympl@kelduum.net> Sun, 03 Oct 2021 12:27:00 +0100
sympl-core (10.20210409.0) stable; urgency=medium
* Updated sympl.host to sympl.io
......
#!/bin/bash -e
# Workaround wrapper script for sympl-ssl to fix a bug in IPv6 only resolution of the LE API DNS.
# Workaround wrapper script for sympl-ssl to deal with bugs:
# 1. in IPv6 only resolution of the LE API DNS
# 2. with extra expired LE intermediates which sympl-ssl considers invalid
# If theres no IPv4 address assigned...
if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa | grep -c ':' ) != 0 ] ; then
......@@ -20,3 +22,10 @@ else
# Just run it nomally...
/usr/sbin/sympl-ssl.rb $@
fi
find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -exec grep -lx '^MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/$' {} \; | while read file ; do
input="$( cat "$file" | tr '\n' '\t' )"
echo -e "$input" \
| sed 's|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----\t-----BEGIN CERTIFICATE-----\tMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\t.*\tDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\t-----END CERTIFICATE-----|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----|' \
| tr '\t' '\n' > "$file"
done
\ No newline at end of file
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment