From 518304449ffc476ec4508d3470aa74ea21ec1dd7 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 6 Feb 2017 14:41:36 +0100 Subject: [PATCH] Adjust hook script and add output in case of certification failure. --- install_dehydrated.sh | 109 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 98 insertions(+), 11 deletions(-) diff --git a/install_dehydrated.sh b/install_dehydrated.sh index c4bef5a..94935cb 100755 --- a/install_dehydrated.sh +++ b/install_dehydrated.sh @@ -5,7 +5,10 @@ _DH_CONF_DIR=/etc/dehydrated _DH_BASE_DIR=/var/lib/dehydrated _DH_WELL_KNOWN_DIR=/var/www/dehydrated +STR_PROCESSED="marked to be validated" STR_SUCCESS="Certificate has been produced" +STR_INVALID_CHALLENGE="Error: Invalid Challenge" +STR_HTTP_REQUEST_FAILED="Error: HTTP-Request failed" # ------------- # --- Some functions @@ -772,17 +775,35 @@ if [[ -f "$HOOK_OUT_FILE" ]] ; then fi fi -found=false +found_deploy_challenge=false +found_deployed=false +found_request_failure=false +found_invalid_challenge=false old_IFS=$IFS IFS='' > $HOOK_OUT_FILE #regex_deploy="deploy_cert\s*()" echononl " Writing file ${HOOK_OUT_FILE}.." while read -r line || [[ -n "$line" ]]; do - if [[ $line =~ deploy_cert\s*() ]]; then - found=true + + if [[ $line =~ deploy_challenge\s*\(\) ]]; then + found_deploy_challenge=true else - if $found ; then + if $found_deploy_challenge ; then + if [[ $line =~ ^"}"$ ]]; then + + echo "" >> $HOOK_OUT_FILE + echo " echo \" + Hook: \$DOMAIN - $STR_PROCESSED\"" >> $HOOK_OUT_FILE + echo "" >> $HOOK_OUT_FILE + found_deploy_challenge=false + fi + fi + fi + + if [[ $line =~ deploy_cert\s*\(\) ]]; then + found_deployed=true + else + if $found_deployed ; then if [[ $line =~ ^"}"$ ]]; then echo "" >> $HOOK_OUT_FILE @@ -802,7 +823,35 @@ while read -r line || [[ -n "$line" ]]; do echo " ln -s \"privkey_cert_chain-\${TIMESTAMP}.pem\" \"\${BASEDIR}/certs/\${DOMAIN}/privkey_cert_chain.pem\"" >>$HOOK_OUT_FILE echo " echo \" + Hook: \$DOMAIN - $STR_SUCCESS\"" >> $HOOK_OUT_FILE echo "" >> $HOOK_OUT_FILE - found=false + found_deployed=false + fi + fi + fi + + if [[ $line =~ request_failure\s*\(\) ]]; then + found_request_failure=true + else + if $found_request_failure ; then + if [[ $line =~ ^"}"$ ]]; then + + echo "" >> $HOOK_OUT_FILE + echo " echo \" + Hook: \$DOMAIN - $STR_HTTP_REQUEST_FAILED\"" >> $HOOK_OUT_FILE + echo "" >> $HOOK_OUT_FILE + found_request_failure=false + fi + fi + fi + + if [[ $line =~ invalid_challenge\s*\(\) ]]; then + found_invalid_challenge=true + else + if $found_invalid_challenge ; then + if [[ $line =~ ^"}"$ ]]; then + + echo "" >> $HOOK_OUT_FILE + echo " echo \" + Hook: \$DOMAIN - $STR_INVALID_CHALLENGE\"" >> $HOOK_OUT_FILE + echo "" >> $HOOK_OUT_FILE + found_invalid_challenge=false fi fi fi @@ -1430,14 +1479,21 @@ declare -a zone_to_reload_arr declare -a _tmp_arr certs_updated=false -_processed_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')" +certs_processed=false +_hosts_processed="\$(cat \$_logfile | grep "$STR_PROCESSED" 2> /dev/null | awk '{print\$3}')" +_successfully_created_hosts="\$(cat \$_logfile | grep "$STR_SUCCESS" 2> /dev/null | awk '{print\$3}')" +_invalid_challenge="\$(cat \$_logfile | grep "$STR_INVALID_CHALLENGE" 2> /dev/null | awk '{print\$3}')" +_http_request_failed="\$(cat \$_logfile | grep "$STR_HTTP_REQUEST_FAILED" 2> /dev/null | awk '{print\$3}')" +if [[ -n "\$_hosts_processed" ]] ; then + certs_processed=true +fi # - Evaluate dehydrated's output - see if certificates where created # - -if [[ -n "\$_processed_hosts" ]] ; then +if [[ -n "\$_successfully_created_hosts" ]] ; then certs_updated=true - for hostname in \$_processed_hosts ; do + for hostname in \$_successfully_created_hosts ; do # --- # - Services to restart after changing/adding the certificate @@ -1736,7 +1792,8 @@ fi # - Nothing to do if al is up tp date # - -if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then +#if ! \$certs_updated && ! grep -q -i "error:" \$_logfile 2> /dev/null ; then +if ! \$certs_updated && ! \$certs_processed ; then if \$verbose ; then info "All Certificates are up to date." @@ -1969,7 +2026,7 @@ if \$certs_updated ; then fi fi -if [[ -n "\$_processed_hosts" ]] ; then +if [[ -n "\$_successfully_created_hosts" ]] ; then echo "" echo "" @@ -1977,7 +2034,37 @@ if [[ -n "\$_processed_hosts" ]] ; then echo "==================================" echo "" - for _hostname in \$_processed_hosts ; do + for _hostname in \$_successfully_created_hosts ; do + echo " \$_hostname" + done + + echo "" +fi + +if [[ -n "\$_invalid_challenge" ]] ; then + + echo "" + echo "" + echo "Certificates NOT been created - invalid challenge:" + echo "==================================================" + echo "" + + for _hostname in \$_invalid_challenge ; do + echo " \$_hostname" + done + + echo "" +fi + +if [[ -n "\$_http_request_failed" ]] ; then + + echo "" + echo "" + echo "Certificates NOT been created - http request failed:" + echo "====================================================" + echo "" + + for _hostname in \$__http_request_failed ; do echo " \$_hostname" done