|
292 | 292 | # 2024-03-16 Use FTP_PORT when deleting ftp tokens. Delete tokens when using sftp, davfs, ftpes, ftps (#693,#839) (tlhackque) |
293 | 293 | # 2024 03-16 Fix dns-01's CNAME processing. (#840) (tlhackque) |
294 | 294 | # 2024-03-17 Automatically update the ACCOUNT_EMAIL (#827) (tlhackque) |
295 | | -# 2024-03-18 Refresh the TXT record if a CNAME is found (JoergBruce #828) (2.49) |
296 | | -# 2024-08-18 Implement --new-account-key and --DEACTIVATE-account (tlhackque) |
| 295 | +# 2024-03-18 Implement --new-account-key and --DEACTIVATE-account (tlhackque) |
| 296 | +# 2024-03-18 Implement token substitution in ACLs (#267) (tlhackque) |
297 | 297 | # ---------------------------------------------------------------------------------------- |
298 | 298 |
|
299 | 299 | case :$SHELLOPTS: in |
@@ -728,6 +728,10 @@ check_config() { # check the config files for all obvious errors |
728 | 728 | else |
729 | 729 | DOMAIN_ACL="${ACL[$dn]}" |
730 | 730 | fi |
| 731 | + # shellcheck disable=SC2016 |
| 732 | + DOMAIN_ACL="$(sed -e's/\${DOMAIN}\|\$DOMAIN/'"$DOMAIN"'/g' <<<"$DOMAIN_ACL")" |
| 733 | + # shellcheck disable=SC2016 |
| 734 | + DOMAIN_ACL="$(sed -e's/\${SAN}\|\$SAN/'"$d"'/g' <<<"$DOMAIN_ACL")" |
731 | 735 |
|
732 | 736 | if [[ $VALIDATE_VIA_DNS != "true" ]]; then # using http-01 challenge |
733 | 737 | if [[ -z "${DOMAIN_ACL}" ]]; then |
@@ -1382,6 +1386,10 @@ for d in "${alldomains[@]}"; do |
1382 | 1386 | else |
1383 | 1387 | DOMAIN_ACL="${ACL[$dn]}" |
1384 | 1388 | fi |
| 1389 | + # shellcheck disable=SC2016 |
| 1390 | + DOMAIN_ACL="$(sed -e's/\${DOMAIN}\|\$DOMAIN/'"$DOMAIN"'/g' <<<"$DOMAIN_ACL")" |
| 1391 | + # shellcheck disable=SC2016 |
| 1392 | + DOMAIN_ACL="$(sed -e's/\${SAN}\|\$SAN/'"$d"'/g' <<<"$DOMAIN_ACL")" |
1385 | 1393 |
|
1386 | 1394 | # request a challenge token from ACME server |
1387 | 1395 | if [[ $API -eq 1 ]]; then |
@@ -2763,11 +2771,13 @@ write_domain_template() { # write out a template file for a domain. |
2763 | 2771 | # You can also user WebDAV over HTTPS as transport mechanism. To do so, start with davs: followed by username, |
2764 | 2772 | # password, host, port (explicitly needed even if using default port 443) and path on the server. |
2765 | 2773 | # Multiple locations can be defined for a file by separating the locations with a semi-colon. |
| 2774 | + # The tokens '\$DOMAIN', '\${DOMAIN}', '\$SAN', and '\${SAN}' can be used to minimize the number of ACL |
| 2775 | + # entries when the challenge location follows a pattern (Often true with multiple vertual hosts). Also "USE_SINGLE_ACL": |
2766 | 2776 | #ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
2767 | 2777 | # 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
2768 | 2778 | # 'ssh:sshuserid@server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge' |
2769 | 2779 | # 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge' |
2770 | | - # 'davs:davsuserid:davspassword:{DOMAIN}:443:/web/.well-known/acme-challenge' |
| 2780 | + # 'davs:davsuserid:davspassword:${DOMAIN}:443:/web/.well-known/acme-challenge' |
2771 | 2781 | # 'ftps:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge' |
2772 | 2782 | # 'ftpes:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge') |
2773 | 2783 |
|
@@ -2882,7 +2892,7 @@ write_getssl_template() { # write out the main template file |
2882 | 2892 | # PUBLIC_DNS_SERVER="8.8.8.8" |
2883 | 2893 |
|
2884 | 2894 | # If getssl is unable to determine the authoritative nameserver for a domain |
2885 | | - # it will as you to enter AUTH_DNS_SERVER. This is a server that |
| 2895 | + # it will ask you to enter AUTH_DNS_SERVER. This is a server that |
2886 | 2896 | # can answer queries for the zone - a master or a slave, not a recursive server. |
2887 | 2897 | # AUTH_DNS_SERVER="10.0.0.14" |
2888 | 2898 | _EOF_getssl_ |
|
0 commit comments