Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in / Register
Toggle navigation
Menu
Open sidebar
Sympl
Sympl
Commits
bad21db0
Commit
bad21db0
authored
Dec 13, 2021
by
Paul Cammish
Browse files
Updated workaround for Let's Encrypt cross-signed intermediate
parent
ebff9fdc
Changes
3
Pipelines
99
Hide whitespace changes
Inline
Side-by-side
CHANGELOG
View file @
bad21db0
CHANGELOG
---------
2021-12-13
sympl-core
* Updated workaround for Let's Encrypt cross-signed intermediate
2021-10-03
sympl-core
* Workaround for Let's Encrypt cross-signed intermediate
...
...
core/debian/changelog
View file @
bad21db0
sympl-core (9.20211213.0) stable; urgency=medium
* Updated workaround for Let's Encrypt cross-signed intermediate
-- Paul Cammish <sympl@kelduum.net> Mon, 13 Dec 2021 10:23:00 +0000
sympl-core (9.20211003.0) stable; urgency=medium
* Workaround for Let's Encrypt cross-signed intermediate
...
...
core/sbin/sympl-ssl
View file @
bad21db0
...
...
@@ -4,6 +4,8 @@
# 1. in IPv6 only resolution of the LE API DNS
# 2. with extra expired LE intermediates which sympl-ssl considers invalid
exit_code
=
0
# If theres no IPv4 address assigned...
if
[
$(
sympl-ip
-a
|
grep
-c
'\.'
)
==
0
]
||
[
$(
getent hosts ipv4only.arpa |
grep
-c
':'
)
!=
0
]
;
then
if
[[
$@
==
*
'--verbose'
*
]]
;
then
echo
'Applying IPv6 only workaround...'
;
fi
...
...
@@ -13,14 +15,24 @@ if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa |
# ... and add it to /etc/hosts
echo
-e
"
$ipv6
\f
acme-v02.api.letsencrypt.org # sympl-ssl workaround"
>>
/etc/hosts
# run sympl-ssl with all the parameters passed
# stop exiting on errors, and store the result for the end
set
+e
/usr/sbin/sympl-ssl.rb
$@
exit_code
=
"
$?
"
# re-enable exiting on errors
set
-e
# and then remove the line from /etc/hosts
sed
-i
-n
'/# sympl-ssl workaround/!p'
/etc/hosts
if
[[
$@
==
*
'--verbose'
*
]]
;
then
echo
'Removed IPv6 only workaround'
;
fi
else
# Just run it nomally...
# stop exiting on errors, and store the result for the end
set
+e
/usr/sbin/sympl-ssl.rb
$@
exit_code
=
"
$?
"
# re-enable exiting on errors
set
-e
fi
find /srv/
*
/config/ssl/sets/
\(
-name
'ssl.bundle'
-o
-name
'ssl.combined'
\)
-exec
grep
-lx
'^MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/$'
{}
\;
|
while
read
file
;
do
...
...
@@ -28,4 +40,6 @@ find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -e
echo
-e
"
$input
"
\
|
sed
's|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----\t-----BEGIN CERTIFICATE-----\tMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\t.*\tDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\t-----END CERTIFICATE-----|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----|'
\
|
tr
'\t'
'\n'
>
"
$file
"
done
\ No newline at end of file
done
exit
$exit_code
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment