|
176 | 176 | # 2017-01-02 Added option to limit amount of old versions to keep (2.01) |
177 | 177 | # 2017-01-03 Created check_config function to list all obvious config issues (2.02) |
178 | 178 | # 2017-01-10 force renew if FORCE_RENEWAL file exists (2.03) |
| 179 | +# 2017-01-12 added drill, dig or host as alternatives to nslookup (2.04) |
179 | 180 | # ---------------------------------------------------------------------------------------- |
180 | 181 |
|
181 | 182 | PROGNAME=${0##*/} |
182 | | -VERSION="2.03" |
| 183 | +VERSION="2.04" |
183 | 184 |
|
184 | 185 | # defaults |
185 | 186 | ACCOUNT_KEY_LENGTH=4096 |
@@ -369,15 +370,29 @@ check_config() { # check the config files for all obvious errors |
369 | 370 | config_errors=true |
370 | 371 | fi |
371 | 372 | # check domain exist |
372 | | - if [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then |
| 373 | + if [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then |
| 374 | + if [[ "$($DNS_CHECK_FUNC "${d}" SOA|grep -c "^${d}")" -ge 1 ]]; then |
| 375 | + debug "found IP for ${d}" |
| 376 | + else |
| 377 | + info "${DOMAIN}: DNS lookup failed for ${d}" |
| 378 | + config_errors=true |
| 379 | + fi |
| 380 | + elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then |
| 381 | + if [[ "$($DNS_CHECK_FUNC "${d}" |grep -c "^${d}")" -ge 1 ]]; then |
| 382 | + debug "found IP for ${d}" |
| 383 | + else |
| 384 | + info "${DOMAIN}: DNS lookup failed for ${d}" |
| 385 | + config_errors=true |
| 386 | + fi |
| 387 | + elif [[ "$(nslookup -query=AAAA "${d}"|grep -c "^${d}.*has AAAA address")" -ge 1 ]]; then |
373 | 388 | debug "found IPv6 record for ${d}" |
374 | 389 | elif [[ "$(nslookup "${d}"| grep -c ^Name)" -ge 1 ]]; then |
375 | 390 | debug "found IPv4 record for ${d}" |
376 | 391 | else |
377 | 392 | info "${DOMAIN}: DNS lookup failed for $d" |
378 | 393 | config_errors=true |
379 | 394 | fi |
380 | | - fi # end http-01 check |
| 395 | + fi # end using http-01 challenge |
381 | 396 | ((dn++)) |
382 | 397 | done |
383 | 398 |
|
@@ -675,7 +690,53 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n |
675 | 690 | return |
676 | 691 | fi |
677 | 692 |
|
678 | | - res=$(nslookup -debug=1 -type=soa -type=ns "$1" ${gad_s}) |
| 693 | + if [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then |
| 694 | + if [[ -z "$gad_s" ]]; then #checking for CNAMEs |
| 695 | + res=$($DNS_CHECK_FUNC CNAME "$gad_d"| grep "^$gad_d") |
| 696 | + else |
| 697 | + res=$($DNS_CHECK_FUNC CNAME "$gad_d" "@$gad_s"| grep "^$gad_d") |
| 698 | + fi |
| 699 | + if [[ ! -z "$res" ]]; then # domain is a CNAME so get main domain |
| 700 | + gad_d=$(echo "$res"| awk '{print $5}' |sed 's/\.$//g') |
| 701 | + fi |
| 702 | + if [[ -z "$gad_s" ]]; then #checking for CNAMEs |
| 703 | + res=$($DNS_CHECK_FUNC NS "$gad_d"| grep "^$gad_d") |
| 704 | + else |
| 705 | + res=$($DNS_CHECK_FUNC NS "$gad_d" "@$gad_s"| grep "^$gad_d") |
| 706 | + fi |
| 707 | + if [[ -z "$res" ]]; then |
| 708 | + error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config" |
| 709 | + else |
| 710 | + all_auth_dns_servers=$(echo "$res" | awk '$4 ~ "NS" {print $5}' | sed 's/\.$//g'|tr '\n' ' ') |
| 711 | + fi |
| 712 | + if [[ $CHECK_ALL_AUTH_DNS == "true" ]]; then |
| 713 | + primary_ns="$all_auth_dns_servers" |
| 714 | + else |
| 715 | + primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}') |
| 716 | + fi |
| 717 | + return |
| 718 | + fi |
| 719 | + |
| 720 | + if [[ "$DNS_CHECK_FUNC" == "host" ]]; then |
| 721 | + if [[ -z "$gad_s" ]]; then |
| 722 | + res=$($DNS_CHECK_FUNC -t NS "$gad_d"| grep "name server") |
| 723 | + else |
| 724 | + res=$($DNS_CHECK_FUNC -t NS "$gad_d" "$gad_s"| grep "name server") |
| 725 | + fi |
| 726 | + if [[ -z "$res" ]]; then |
| 727 | + error_exit "couldn't find primary DNS server - please set AUTH_DNS_SERVER in config" |
| 728 | + else |
| 729 | + all_auth_dns_servers=$(echo "$res" | awk '{print $4}' | sed 's/\.$//g'|tr '\n' ' ') |
| 730 | + fi |
| 731 | + if [[ $CHECK_ALL_AUTH_DNS == "true" ]]; then |
| 732 | + primary_ns="$all_auth_dns_servers" |
| 733 | + else |
| 734 | + primary_ns=$(echo "$all_auth_dns_servers" | awk '{print $1}') |
| 735 | + fi |
| 736 | + return |
| 737 | + fi |
| 738 | + |
| 739 | + res=$(nslookup -debug=1 -type=soa -type=ns "$gad_d" ${gad_s}) |
679 | 740 |
|
680 | 741 | if [[ "$(echo "$res" | grep -c "Non-authoritative")" -gt 0 ]]; then |
681 | 742 | # this is a Non-authoritative server, need to check for an authoritative one. |
@@ -975,10 +1036,25 @@ revoke_certificate() { # revoke a certificate |
975 | 1036 | } |
976 | 1037 |
|
977 | 1038 | requires() { # check if required function is available |
978 | | - result=$(which "$1" 2>/dev/null) |
979 | | - debug "checking for required $1 ... $result" |
980 | | - if [[ -z "$result" ]]; then |
981 | | - error_exit "This script requires $1 installed" |
| 1039 | + if [[ "$#" -gt 1 ]]; then # if more than 1 value, check list |
| 1040 | + for i in "$@"; do |
| 1041 | + if [[ "$i" == "${!#}" ]]; then # if on last variable then exit as not found |
| 1042 | + error_exit "this script requires one of: ${*:1:$(($#-1))}" |
| 1043 | + fi |
| 1044 | + res=$(which "$i" 2>/dev/null) |
| 1045 | + debug "checking for $i ... $res" |
| 1046 | + if [[ ! -z "$res" ]]; then # if function found, then set variable to function and return |
| 1047 | + debug "function $i found at $res - setting ${!#} to $i" |
| 1048 | + eval "${!#}=\$i" |
| 1049 | + return |
| 1050 | + fi |
| 1051 | + done |
| 1052 | + else # only one value, so check it. |
| 1053 | + result=$(which "$1" 2>/dev/null) |
| 1054 | + debug "checking for required $1 ... $result" |
| 1055 | + if [[ -z "$result" ]]; then |
| 1056 | + error_exit "This script requires $1 installed" |
| 1057 | + fi |
982 | 1058 | fi |
983 | 1059 | } |
984 | 1060 |
|
@@ -1338,13 +1414,14 @@ get_os |
1338 | 1414 | requires which |
1339 | 1415 | requires openssl |
1340 | 1416 | requires curl |
1341 | | -requires nslookup |
| 1417 | +requires nslookup drill dig host DNS_CHECK_FUNC |
1342 | 1418 | requires awk |
1343 | 1419 | requires tr |
1344 | 1420 | requires date |
1345 | 1421 | requires grep |
1346 | 1422 | requires sed |
1347 | 1423 | requires sort |
| 1424 | +requires mktemp |
1348 | 1425 |
|
1349 | 1426 | # Check if upgrades are available (unless they have specified -U to ignore Upgrade checks) |
1350 | 1427 | if [[ $_UPGRADE_CHECK -eq 1 ]]; then |
@@ -1868,6 +1945,12 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then |
1868 | 1945 | check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \ |
1869 | 1946 | | grep ^_acme -A2\ |
1870 | 1947 | | grep '"'|awk -F'"' '{ print $2}') |
| 1948 | + elif [[ "$DNS_CHECK_FUNC" == "drill" ]] || [[ "$DNS_CHECK_FUNC" == "dig" ]]; then |
| 1949 | + check_result=$($DNS_CHECK_FUNC TXT "_acme-challenge.${d}" "@${ns}" \ |
| 1950 | + | grep ^_acme|awk -F'"' '{ print $2}') |
| 1951 | + elif [[ "$DNS_CHECK_FUNC" == "host" ]]; then |
| 1952 | + check_result=$($DNS_CHECK_FUNC -t TXT "_acme-challenge.${d}" "${ns}" \ |
| 1953 | + | grep ^_acme|awk -F'"' '{ print $2}') |
1871 | 1954 | else |
1872 | 1955 | check_result=$(nslookup -type=txt "_acme-challenge.${d}" "${ns}" \ |
1873 | 1956 | | grep ^_acme|awk -F'"' '{ print $2}') |
|
0 commit comments