From cd21b314057bbdf49e674bb8eae80e60b08ef7b3 Mon Sep 17 00:00:00 2001 From: Serghey Rodin Date: Mon, 4 Dec 2017 19:34:34 +0200 Subject: [PATCH] LetsEncrypt support for IDN domains --- bin/v-add-letsencrypt-domain | 3 +++ bin/v-check-letsencrypt-domain | 8 +++++--- bin/v-generate-ssl-cert | 24 +++++++++++------------- bin/v-sign-letsencrypt-csr | 4 +--- 4 files changed, 20 insertions(+), 19 deletions(-) diff --git a/bin/v-add-letsencrypt-domain b/bin/v-add-letsencrypt-domain index 602c3c24..0246d222 100755 --- a/bin/v-add-letsencrypt-domain +++ b/bin/v-add-letsencrypt-domain @@ -26,6 +26,9 @@ source $VESTA/func/main.sh source $VESTA/func/domain.sh source $VESTA/conf/vesta.conf +# Additional argument formatting +format_domain_idn + #----------------------------------------------------------# # Verifications # diff --git a/bin/v-check-letsencrypt-domain b/bin/v-check-letsencrypt-domain index 6b835ec3..97e24878 100755 --- a/bin/v-check-letsencrypt-domain +++ b/bin/v-check-letsencrypt-domain @@ -11,8 +11,7 @@ # Argument definition user=$1 -domain=$(idn -t --quiet -u "$2" ) -domain=$(echo $domain | tr '[:upper:]' '[:lower:]') +domain=$2 # Includes source $VESTA/func/main.sh @@ -23,6 +22,9 @@ encode_base64() { cat |base64 |tr '+/' '-_' |tr -d '\r\n=' } +# Additional argument formatting +format_domain_idn + #----------------------------------------------------------# # Verifications # @@ -64,7 +66,7 @@ protected=$(echo -n '{"nonce":"'"$nonce"'"}' |encode_base64) # Defining ACME query (request challenge) query='{"resource":"new-authz","identifier"' -query=$query':{"type":"dns","value":"'"$domain"'"}}' +query=$query':{"type":"dns","value":"'"$domain_idn"'"}}' payload=$(echo -n "$query" |encode_base64) signature=$(printf "%s" "$protected.$payload" |\ openssl dgst -sha256 -binary -sign "$key" |encode_base64) diff --git a/bin/v-generate-ssl-cert b/bin/v-generate-ssl-cert index b87a2d65..9f75f9d8 100755 --- a/bin/v-generate-ssl-cert +++ b/bin/v-generate-ssl-cert @@ -54,6 +54,11 @@ shell_list_ssl() { echo -e "\nDirectory: $workdir" } +# Additional argument formatting +format_domain_idn +if [[ "$email" = *[![:ascii:]]* ]]; then + email=$(idn -t --quiet -a $email) +fi #----------------------------------------------------------# @@ -69,15 +74,6 @@ is_format_valid 'domain_alias' 'format' # Action # #----------------------------------------------------------# -if [[ "$domain" = *[![:ascii:]]* ]]; then - domain_idn=$(idn -t --quiet -a $domain) -else - domain_idn=$domain -fi -if [[ "$email" = *[![:ascii:]]* ]]; then - email=$(idn -t --quiet -a $email) -fi - # Create temporary work directory workdir=$(mktemp -d) cd $workdir @@ -98,10 +94,12 @@ if [ -z "$aliases" ]; then -out $domain.csr #>/dev/null 2>&1 else for alias in $(echo $domain,$aliases |tr ',' '\n' |sort -u); do + if [[ "$alias" = *[![:ascii:]]* ]]; then + alias=$(idn -t --quiet -a $alias) + fi dns_aliases="${dns_aliases}DNS:$alias," done dns_aliases=$(echo $dns_aliases |sed "s/,$//") - if [ -e "/etc/ssl/openssl.cnf" ]; then ssl_conf='/etc/ssl/openssl.cnf' else @@ -129,15 +127,15 @@ openssl x509 -req -sha256 \ # Listing certificates if [ -e "$domain.crt" ]; then - crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g' ) + crt=$(cat $domain.crt |sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.key" ]; then - key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g' ) + key=$(cat $domain.key |sed ':a;N;$!ba;s/\n/\\n/g' ) fi if [ -e "$domain.csr" ]; then - csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g' ) + csr=$(cat $domain.csr |sed ':a;N;$!ba;s/\n/\\n/g' ) fi case $format in diff --git a/bin/v-sign-letsencrypt-csr b/bin/v-sign-letsencrypt-csr index c0d4eceb..414eb8b3 100755 --- a/bin/v-sign-letsencrypt-csr +++ b/bin/v-sign-letsencrypt-csr @@ -11,8 +11,7 @@ # Argument definition user=$1 -domain=$(idn -t --quiet -u "$2" ) -domain=$(echo $domain | tr '[:upper:]' '[:lower:]') +domain=$2 csr="$3/$domain.csr" format=$4 @@ -53,7 +52,6 @@ fi source $USER_DATA/ssl/le.conf api='https://acme-v01.api.letsencrypt.org' -r_domain=$(echo "$check_domain" |cut -f 2 -d \') key="$USER_DATA/ssl/user.key" exponent="$EXPONENT" modulus="$MODULUS"