New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Skip private hosted zones correctly #1069

Closed
wants to merge 1 commit into
base: dev
from

Conversation

Projects
None yet
2 participants
@ksperling
Contributor

ksperling commented Oct 11, 2017

This fixes the cases where a private zone is a sub-domain of a
public zone, e.g. foo.com (public) and vpc.foo.com (private).

Skip private hosted zones correctly
This fixes the cases where a private zone is a sub-domain of a
public zone, e.g. foo.com (public) and vpc.foo.com (private).
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Oct 11, 2017

Owner

Can you please give me more details about this case ?

Owner

Neilpang commented Oct 11, 2017

Can you please give me more details about this case ?

@ksperling

This comment has been minimized.

Show comment
Hide comment
@ksperling

ksperling Oct 11, 2017

Contributor

Let's say I have hosted zones foo.com (public) and vpc.foo.com (private), and want to get a cert for xyz.vpc.foo.com. The current code will start by looking for a hosted zone for vpc.foo.com, and _contains "$response" "<Name>$h.</Name>" returns true. Extracting the actual hosted zone ID from the response then fails, because only at that point does the code check that the zone it's about to return is not private. It then logs that as "Error, can not get hostedzone." and gives up.

With my change, vpc.foo.com will be checked first as before, but no hosted zone id will be extracted (the matching zone is private). The loop then continues on to check foo.com, and correctly finds and uses that zone.

Contributor

ksperling commented Oct 11, 2017

Let's say I have hosted zones foo.com (public) and vpc.foo.com (private), and want to get a cert for xyz.vpc.foo.com. The current code will start by looking for a hosted zone for vpc.foo.com, and _contains "$response" "<Name>$h.</Name>" returns true. Extracting the actual hosted zone ID from the response then fails, because only at that point does the code check that the zone it's about to return is not private. It then logs that as "Error, can not get hostedzone." and gives up.

With my change, vpc.foo.com will be checked first as before, but no hosted zone id will be extracted (the matching zone is private). The loop then continues on to check foo.com, and correctly finds and uses that zone.

Neilpang pushed a commit that referenced this pull request Oct 11, 2017

neilpang
@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Oct 11, 2017

Owner

@ksperling
got it. thanks.

I just made a fix 872bfe4

Can you please try branch fix1069 ?

export BRANCH=fix1069

acme.sh --upgrade

please check if it works for you in your case and in a normal case.

Thanks.

Owner

Neilpang commented Oct 11, 2017

@ksperling
got it. thanks.

I just made a fix 872bfe4

Can you please try branch fix1069 ?

export BRANCH=fix1069

acme.sh --upgrade

please check if it works for you in your case and in a normal case.

Thanks.

@ksperling

This comment has been minimized.

Show comment
Hide comment
@ksperling

ksperling Oct 12, 2017

Contributor

Yep, works for me in both cases. Thanks!

Contributor

ksperling commented Oct 12, 2017

Yep, works for me in both cases. Thanks!

@Neilpang

This comment has been minimized.

Show comment
Hide comment
@Neilpang

Neilpang Oct 12, 2017

Owner

fixed, please try the latest code.

acme.sh --upgrade
Owner

Neilpang commented Oct 12, 2017

fixed, please try the latest code.

acme.sh --upgrade

@Neilpang Neilpang closed this Oct 12, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment