remove ".well-known" folder after verification

2025-10-31 02:17:18 +00:00 · 2016-01-23 10:49:38 +08:00 · 2016-01-23 10:49:38 +08:00 · ebcf30d02f
commit ebcf30d02f
parent f074cb1036
1 changed files with 46 additions and 5 deletions
--- a/le.sh
+++ b/le.sh
@ -374,6 +374,32 @@ _clearup () {
  _restoreApache
 }

+# webroot  removelevel tokenfile
+_clearupwebbroot() {
+  __webroot="$1"
+  if [ -z "$__webroot" ] ; then
+    _debug "no webroot specified, skip"
+    return 0
+  fi
+  
+  if [ "$2" == '1' ] ; then
+    _debug "remove $__webroot/.well-known"
+    rm -rf "$__webroot/.well-known"
+  elif [ "$2" == '2' ] ; then
+    _debug "remove $__webroot/.well-known/acme-challenge"
+    rm -rf "$__webroot/.well-known/acme-challenge"
+  elif [ "$2" == '3' ] ; then
+    _debug "remove $__webroot/.well-known/acme-challenge/$3"
+    rm -rf "$__webroot/.well-known/acme-challenge/$3"
+  else
+    _err "removelevel invalid: $2"
+    return 1
+  fi
+  
+  return 0
+
+}
+
 issue() {
  if [ -z "$2" ] ; then
    _err "Usage: le  issue  webroot|no|apache|dns   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no"
@ -589,7 +615,8 @@ issue() {
    _debug "d" "$d"
    _debug "keyauthorization" "$keyauthorization"
    _debug "uri" "$uri"
-    
+    removelevel= ""
+    token=""
    if [ "$vtype" == "$VTYPE_HTTP" ] ; then
      if [ "$Le_Webroot" == "no" ] ; then
        _info "Standalone mode server"
@ -603,6 +630,14 @@ issue() {
        fi
        _debug wellknown_path "$wellknown_path"
        
+        if [ ! -d "$Le_Webroot/.well-known" ] ; then 
+          removelevel='1'
+        elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then 
+          removelevel='2'
+        else
+          removelevel='3'
+        fi
+        
        token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
        _debug "writing token:$token to $wellknown_path/$token"

@ -620,6 +655,7 @@ issue() {
    
    if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
      _err "$d:Challenge error: $resource"
+      _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
      _clearup
      return 1
    fi
@ -631,6 +667,7 @@ issue() {
      
      if ! _get $uri ; then
        _err "$d:Verify error:$resource"
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
        _clearup
        return 1
      fi
@ -638,12 +675,16 @@ issue() {
      status=$(echo $response | egrep -o  '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
      if [ "$status" == "valid" ] ; then
        _info "Success"
+        _stopserver $serverproc
+        serverproc=""
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
        break;
      fi
      
      if [ "$status" == "invalid" ] ; then
         error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
        _err "$d:Verify error:$error"
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
        _clearup
        return 1;
      fi
@ -652,13 +693,13 @@ issue() {
        _info "Pending"
      else
        _err "$d:Verify error:$response" 
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
        _clearup
        return 1
      fi
      
    done
-    _stopserver $serverproc
-    serverproc=""
+    
  done

  _clearup