Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
executable file 65 lines (49 sloc) 1.86 KB
#!/usr/bin/env sh
# Overwrite unusual splitting
IFS=" "
# Set the following variable to "1" if you want to allow all thumbprints,
# this is usualy a bad idea.
ALLOW_ALL_THUMBPRINTS=
# This value must be set to the output of
# letsencrypt.sh thumbprint -a account.key
STATIC_THUMBPRINT=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# verfication of configured thumbprint
[ "$ALLOW_ALL_THUMBPRINTS" = "1" ] || [ "$STATIC_THUMBPRINT" = "`printf '%s\n' "$STATIC_THUMBPRINT" | sed -e '/^[-_a-zA-Z0-9]\{43\}$/ ! d'`" ] || exit 1
if [ -n "$SSH_ORIGINAL_COMMAND" ]; then
[ "$SSH_ORIGINAL_COMMAND" = "`printf "%s\n" "$SSH_ORIGINAL_COMMAND" | sed -e 's/[^-_a-zA-Z0-9. ]*//'`" ] || exit 1
set -- $SSH_ORIGINAL_COMMAND
fi
# We need exactly 4 arguments
[ "$#" -eq 4 ] || exit 1
ACTION="$1"
DOMAIN="$2"
TOKEN="$3"
THUMBPRINT="$4"
[ "$ACTION" = "install" ] || [ "$ACTION" = "remove" ] || [ "$ACTION" = "installkey" ] || exit 1
[ "$DOMAIN" = "`printf "%s\n" "$DOMAIN" | sed -e '/^.\{4,253\}$/ ! d; /^\([a-zA-Z0-9]\([-a-zA-Z0-9]\{0,61\}[a-zA-Z0-9]\)\?\.\)\+[a-zA-Z]\{2,63\}$/ ! d;'`" ] || exit 1
[ "$TOKEN" = "`printf "%s\n" "$TOKEN" | sed -e '/^[-_a-zA-Z0-9]*$/ ! d'`" ] || exit 1
[ "$THUMBPRINT" = "`printf "%s\n" "$THUMBPRINT" | sed -e '/^[-_a-zA-Z0-9]\{43\}$/ ! d'`" ] || exit 1
[ "$ALLOW_ALL_THUMBPRINTS" = "1" ] || [ "$THUMBPRINT" = "$STATIC_THUMBPRINT" ] || exit 1
# Adjust as needed
# TOKEN_DIR="/var/www/$DOMAIN/.well-known/acme-challenge"
TOKEN_DIR="/var/www/.well-known/acme-challenge"
TOKEN_FILE="$TOKEN_DIR/$TOKEN"
[ -d "$TOKEN_DIR" ] || exit 6
case $ACTION in
install)
# Install the token
printf "%s.%s\n" "$TOKEN" "$THUMBPRINT" > "$TOKEN_FILE" || exit 1
;;
remove)
# Remove the token
rm -f "$TOKEN_FILE"
;;
installkey)
# Install from stdin into a temporary location. Adjust as needed.
umask 0066
cat > /tmp/server.pem.$$
;;
*)
exit 1
;;
esac