Commit bad21db0 authored by Paul Cammish's avatar Paul Cammish
Browse files

Updated workaround for Let's Encrypt cross-signed intermediate

parent ebff9fdc
CHANGELOG
---------
2021-12-13
sympl-core
* Updated workaround for Let's Encrypt cross-signed intermediate
2021-10-03
sympl-core
* Workaround for Let's Encrypt cross-signed intermediate
......
sympl-core (9.20211213.0) stable; urgency=medium
* Updated workaround for Let's Encrypt cross-signed intermediate
-- Paul Cammish <sympl@kelduum.net> Mon, 13 Dec 2021 10:23:00 +0000
sympl-core (9.20211003.0) stable; urgency=medium
* Workaround for Let's Encrypt cross-signed intermediate
......
......@@ -4,6 +4,8 @@
# 1. in IPv6 only resolution of the LE API DNS
# 2. with extra expired LE intermediates which sympl-ssl considers invalid
exit_code=0
# If theres no IPv4 address assigned...
if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa | grep -c ':' ) != 0 ] ; then
if [[ $@ == *'--verbose'* ]]; then echo 'Applying IPv6 only workaround...'; fi
......@@ -13,14 +15,24 @@ if [ $( sympl-ip -a | grep -c '\.' ) == 0 ] || [ $( getent hosts ipv4only.arpa |
# ... and add it to /etc/hosts
echo -e "$ipv6\facme-v02.api.letsencrypt.org # sympl-ssl workaround" >> /etc/hosts
# run sympl-ssl with all the parameters passed
# stop exiting on errors, and store the result for the end
set +e
/usr/sbin/sympl-ssl.rb $@
exit_code="$?"
# re-enable exiting on errors
set -e
# and then remove the line from /etc/hosts
sed -i -n '/# sympl-ssl workaround/!p' /etc/hosts
if [[ $@ == *'--verbose'* ]]; then echo 'Removed IPv6 only workaround'; fi
else
# Just run it nomally...
# stop exiting on errors, and store the result for the end
set +e
/usr/sbin/sympl-ssl.rb $@
exit_code="$?"
# re-enable exiting on errors
set -e
fi
find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -exec grep -lx '^MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/$' {} \; | while read file ; do
......@@ -28,4 +40,6 @@ find /srv/*/config/ssl/sets/ \( -name 'ssl.bundle' -o -name 'ssl.combined' \) -e
echo -e "$input" \
| sed 's|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----\t-----BEGIN CERTIFICATE-----\tMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\t.*\tDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\t-----END CERTIFICATE-----|\tnLRbwHOoq7hHwg==\t-----END CERTIFICATE-----|' \
| tr '\t' '\n' > "$file"
done
\ No newline at end of file
done
exit $exit_code
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment