search

srvrco / getssl

obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
GNU General Public License v3.0
2.08k stars 372 forks source link

can tokens be uploaded via FTPS? #396

Open nickwelsh1 opened 6 years ago

nickwelsh1 commented 6 years ago

Hi,

My web hosting provides an FTPS connection using TLS encryption. Is it possible to upload my tokens to my server via FTPS with this script?

I've tried modifying the getssl.cfg for the ACL line to ftps -

ACL=('ftps:user:password:www.domain.com:/.well-known/acme-challenge')

however this hasn't been successful.

Uploading a file manually with curl using the following works for me -

curl -k -v ftps://ftp.domainftp.com/.well-known/acme-challenge/ -u user:password -T testfile.txt

My hosting provides a self-signed certificate during the FTPS handshake which I must accept hence the -k option.

Thank you, Nick

killerbees19 commented 6 years ago

Forget my last comment. Sorry… 😔

I've missed that you're talking about the challenge token.

nickwelsh1 commented 6 years ago

I wrote a fix to add in FTPS functionality myself. Depending on how the FTPS server is setup this may work for you too.

Before line 550. elif [[ "${to:0:5}" == "sftp:" ]] ; then insert the following -

echo "in-ftps-loop" if [[ "$cert" != "challenge token" ]] ; then error_exit "ftps has only been tested for challenge tokens" fi debug "using ftps to copy the file from $from" ftpuser=$(echo "$to"| awk -F: '{print $2}') ftppass=$(echo "$to"| awk -F: '{print $3}') ftphost=$(echo "$to"| awk -F: '{print $4}') ftplocn=$(echo "$to"| awk -F: '{print $5}') ftpdirn=$(dirname "$ftplocn") ftpfile=$(basename "$ftplocn") fromdir=$(dirname "$from") fromfile=$(basename "$from") debug "ftps user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile" debug "from dir=$fromdir file=$fromfile" echo " " echo "Using CURL to upload challenge token to webserver via FTPS" echo " " curl -k ftps://$ftphost$ftpdirn/ -u $ftpuser:$ftppass -T $fromdir/$fromfile echo " " echo "after curl statement" echo " "

If you also want to add some useful colour to the script to help highlight when intermediate CA cert's have been downloaded successfully you could also add

echo -e ${GREEN}The intermediate CA cert is in${NC} $gc_cafile

after line 836
info "The intermediate CA cert is in $gc_cafile"

and insert

#colors RED='\033[0;31m' NC='\033[0m' # No Color GREEN='\033[0;32m'

after line 240.

Cheers, Nick