mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-27 07:21:53 +00:00
If a domain was already verified by http-01 method, when we try to issue a cert for them same domain with dns-01 method, we just get only one challenge object of type http-01 with "valid" status, from the authz-v3 url. So, we report error that we are not able the validate the domain, because of that we don't find dns-01 challenge. This behavior is not the same as before. I believe it was changed by the letsencrypt CA.
This commit is contained in:
parent
05aa26e619
commit
4f303de00c
78
acme.sh
78
acme.sh
@ -4119,45 +4119,59 @@ $_authorizations_map"
|
|||||||
|
|
||||||
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
entry="$(echo "$response" | _egrep_o '[^\{]*"type":"'$vtype'"[^\}]*')"
|
||||||
_debug entry "$entry"
|
_debug entry "$entry"
|
||||||
|
keyauthorization=""
|
||||||
if [ -z "$entry" ]; then
|
if [ -z "$entry" ]; then
|
||||||
_err "Error, can not get domain token entry $d"
|
_err "Error, can not get domain token entry $d for $vtype"
|
||||||
_supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
|
if ! _startswith "$d" '*.'; then
|
||||||
if [ "$_supported_vtypes" ]; then
|
_debug "Not a wildcard domain, lets check whether the validation is already valid."
|
||||||
_err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
|
if echo "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
||||||
|
_debug "$d is already valid."
|
||||||
|
keyauthorization="$STATE_VERIFIED"
|
||||||
|
_debug keyauthorization "$keyauthorization"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
if [ -z "$keyauthorization" ]; then
|
||||||
|
_supported_vtypes="$(echo "$response" | _egrep_o "\"challenges\":\[[^]]*]" | tr '{' "\n" | grep type | cut -d '"' -f 4 | tr "\n" ' ')"
|
||||||
|
if [ "$_supported_vtypes" ]; then
|
||||||
|
_err "The supported validation types are: $_supported_vtypes, but you specified: $vtype"
|
||||||
|
fi
|
||||||
|
_clearup
|
||||||
|
_on_issue_err "$_post_hook"
|
||||||
|
return 1
|
||||||
fi
|
fi
|
||||||
_clearup
|
|
||||||
_on_issue_err "$_post_hook"
|
|
||||||
return 1
|
|
||||||
fi
|
fi
|
||||||
token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
|
|
||||||
_debug token "$token"
|
|
||||||
|
|
||||||
if [ -z "$token" ]; then
|
if [ -z "$keyauthorization" ]; then
|
||||||
_err "Error, can not get domain token $entry"
|
token="$(echo "$entry" | _egrep_o '"token":"[^"]*' | cut -d : -f 2 | tr -d '"')"
|
||||||
_clearup
|
_debug token "$token"
|
||||||
_on_issue_err "$_post_hook"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
if [ "$ACME_VERSION" = "2" ]; then
|
|
||||||
uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)"
|
|
||||||
else
|
|
||||||
uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)"
|
|
||||||
fi
|
|
||||||
_debug uri "$uri"
|
|
||||||
|
|
||||||
if [ -z "$uri" ]; then
|
if [ -z "$token" ]; then
|
||||||
_err "Error, can not get domain uri. $entry"
|
_err "Error, can not get domain token $entry"
|
||||||
_clearup
|
_clearup
|
||||||
_on_issue_err "$_post_hook"
|
_on_issue_err "$_post_hook"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
keyauthorization="$token.$thumbprint"
|
if [ "$ACME_VERSION" = "2" ]; then
|
||||||
_debug keyauthorization "$keyauthorization"
|
uri="$(echo "$entry" | _egrep_o '"url":"[^"]*' | cut -d '"' -f 4 | _head_n 1)"
|
||||||
|
else
|
||||||
|
uri="$(echo "$entry" | _egrep_o '"uri":"[^"]*' | cut -d '"' -f 4)"
|
||||||
|
fi
|
||||||
|
_debug uri "$uri"
|
||||||
|
|
||||||
if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
if [ -z "$uri" ]; then
|
||||||
_debug "$d is already verified."
|
_err "Error, can not get domain uri. $entry"
|
||||||
keyauthorization="$STATE_VERIFIED"
|
_clearup
|
||||||
|
_on_issue_err "$_post_hook"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
keyauthorization="$token.$thumbprint"
|
||||||
_debug keyauthorization "$keyauthorization"
|
_debug keyauthorization "$keyauthorization"
|
||||||
|
|
||||||
|
if printf "%s" "$response" | grep '"status":"valid"' >/dev/null 2>&1; then
|
||||||
|
_debug "$d is already verified."
|
||||||
|
keyauthorization="$STATE_VERIFIED"
|
||||||
|
_debug keyauthorization "$keyauthorization"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot"
|
dvlist="$d$sep$keyauthorization$sep$uri$sep$vtype$sep$_currentRoot"
|
||||||
|
Loading…
Reference in New Issue
Block a user