clear the pending authz when issue error

fix bug https://github.com/Neilpang/acme.sh/issues/663
This commit is contained in:
neilpang 2017-02-26 12:07:06 +08:00
parent 4fd63f4e30
commit 58e4d337e4

59
acme.sh
View File

@ -2819,6 +2819,7 @@ _on_before_issue() {
_on_issue_err() { _on_issue_err() {
_chk_post_hook="$1" _chk_post_hook="$1"
_chk_vlist="$2"
_debug _on_issue_err _debug _on_issue_err
if [ "$LOG_FILE" ]; then if [ "$LOG_FILE" ]; then
_err "Please check log file for more details: $LOG_FILE" _err "Please check log file for more details: $LOG_FILE"
@ -2827,10 +2828,6 @@ _on_issue_err() {
_err "See: $_DEBUG_WIKI" _err "See: $_DEBUG_WIKI"
fi fi
if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then
_debug "$(_dlg_versions)"
fi
#run the post hook #run the post hook
if [ "$_chk_post_hook" ]; then if [ "$_chk_post_hook" ]; then
_info "Run post hook:'$_chk_post_hook'" _info "Run post hook:'$_chk_post_hook'"
@ -2841,6 +2838,28 @@ _on_issue_err() {
return 1 return 1
fi fi
fi fi
#trigger the validation to flush the pending authz
if [ "$_chk_vlist" ]; then
(
_debug2 "_chk_vlist" "$_chk_vlist"
_debug2 "start to deactivate authz"
ventries=$(echo "$_chk_vlist" | tr "$dvsep" ' ')
for ventry in $ventries; do
d=$(echo "$ventry" | cut -d "$sep" -f 1)
keyauthorization=$(echo "$ventry" | cut -d "$sep" -f 2)
uri=$(echo "$ventry" | cut -d "$sep" -f 3)
vtype=$(echo "$ventry" | cut -d "$sep" -f 4)
_currentRoot=$(echo "$ventry" | cut -d "$sep" -f 5)
__trigger_validaton "$uri" "$keyauthorization"
done
)
fi
if [ "$DEBUG" ] && [ "$DEBUG" -gt "0" ]; then
_debug "$(_dlg_versions)"
fi
} }
_on_issue_success() { _on_issue_success() {
@ -3053,6 +3072,16 @@ __get_domain_new_authz() {
} }
#uri keyAuthorization
__trigger_validaton() {
_debug2 "tigger domain validation."
_t_url="$1"
_debug2 _t_url "$_t_url"
_t_key_authz="$2"
_debug2 _t_key_authz "$_t_key_authz"
_send_signed_request "$_t_url" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$_t_key_authz\"}"
}
#webroot, domain domainlist keylength #webroot, domain domainlist keylength
issue() { issue() {
if [ -z "$2" ]; then if [ -z "$2" ]; then
@ -3366,7 +3395,7 @@ issue() {
_startserver "$keyauthorization" "$_ncaddr" & _startserver "$keyauthorization" "$_ncaddr" &
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
serverproc="$!" serverproc="$!"
@ -3382,7 +3411,7 @@ issue() {
BACKUP_NGINX_CONF="" BACKUP_NGINX_CONF=""
if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then if ! _setNginx "$d" "$_currentRoot" "$thumbprint"; then
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3417,7 +3446,7 @@ issue() {
_err "$d:Can not write token to file : $wellknown_path/$token" _err "$d:Can not write token to file : $wellknown_path/$token"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3462,16 +3491,16 @@ issue() {
_err "Start tls server error." _err "Start tls server error."
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
fi fi
if ! _send_signed_request "$uri" "{\"resource\": \"challenge\", \"keyAuthorization\": \"$keyauthorization\"}"; then if ! __trigger_validaton "$uri" "$keyauthorization"; then
_err "$d:Can not get challenge: $response" _err "$d:Can not get challenge: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3479,7 +3508,7 @@ issue() {
_err "$d:Challenge error: $response" _err "$d:Challenge error: $response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3494,7 +3523,7 @@ issue() {
_err "$d:Timeout" _err "$d:Timeout"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3506,7 +3535,7 @@ issue() {
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
_debug2 original "$response" _debug2 original "$response"
@ -3541,7 +3570,7 @@ issue() {
fi fi
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi
@ -3551,7 +3580,7 @@ issue() {
_err "$d:Verify error:$response" _err "$d:Verify error:$response"
_clearupwebbroot "$_currentRoot" "$removelevel" "$token" _clearupwebbroot "$_currentRoot" "$removelevel" "$token"
_clearup _clearup
_on_issue_err "$_post_hook" _on_issue_err "$_post_hook" "$vlist"
return 1 return 1
fi fi