search

srvrco / getssl

obtain free SSL certificates from letsencrypt ACME server Suitable for automating the process on remote servers.
GNU General Public License v3.0
2.07k stars 372 forks source link

DNS CNAME check failed #828

Closed JoergBruce closed 4 months ago

JoergBruce commented 7 months ago

Describe the bug getssl recognizes a CNAME record, but do not a new DNS request for getting the TXT record from it.

To Reproduce

dig ANY _acme-challenge.www.host.de @ns.server.de
;; ANSWER SECTION:
_acme-challenge.www.host.de. 604800 IN CNAME acme-challenge.dyn.mydomain.de.

dig ANY acme-challenge.dyn.mydomain.de. @ns.server.de
;; ANSWER SECTION:
acme-challenge.dyn.mydomain.de. 60 IN   A   217.x.x.x
acme-challenge.dyn.mydomain.de. 60 IN   TXT "vE1fivXE7nftB-........"

Expected behavior Refresh the $check_output variable by doing a new DNS-request with the CNAME

Fix At line 600 I added a "refreshing" the output and it works.

if [[ -n "$rr_cname" ]]; then
   check_output=$($DNS_CHECK_FUNC $DNS_CHECK_OPTIONS TXT "${rr_cname}" "@${ns}")
   check_result=$(grep -i "^${rr_cname}"<<<"${check_output}"|grep 'IN\WTXT'|awk -F'"' '{ print $2}' | uniq)
fi

edited by timkimber to put code into code block

timkimber commented 6 months ago

Hi @JoergBruce Thanks for reporting this - I'll update the code and assuming all the tests work, add this to the next release