[ACME] Better HTTP verification

2019-06-29 20:28:03 +02:00 · 2019-06-29 20:28:03 +02:00 · 014a0c7af5
parent 7665cc2ae7
commit 014a0c7af5
2 changed files with 6 additions and 6 deletions
--- a/data/Dockerfiles/acme/docker-entrypoint.sh
+++ b/data/Dockerfiles/acme/docker-entrypoint.sh
@ -133,16 +133,16 @@ get_ipv6(){

 verify_challenge_path(){
  # verify_challenge_path URL 4|6
-  RAND_FILE=${RANDOM}${RANDOM}${RANDOM}
-  touch /var/www/acme/${RAND_FILE}
+  RANDOM_N=${RANDOM}${RANDOM}${RANDOM}
+  echo ${RANDOM_N} > /var/www/acme/${RANDOM_N}
  if [[ ${SKIP_HTTP_VERIFICATION} == "y" ]]; then
    echo '(skipping check, returning 0)'
    return 0
-  elif [[ "$(curl -${2} http://${1}/.well-known/acme-challenge/${RAND_FILE} --write-out %{http_code} --silent --output /dev/null)" =~ ^(2|3)  ]]; then
-    rm /var/www/acme/${RAND_FILE}
+  elif [[ "$(curl -${2} -L http://${1}/.well-known/acme-challenge/${RANDOM_N} --silent)" == "${RANDOM_N}"  ]]; then
+    rm /var/www/acme/${RANDOM_N}
    return 0
  else
-    rm /var/www/acme/${RAND_FILE}
+    rm /var/www/acme/${RANDOM_N}
    return 1
  fi
 }
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -311,7 +311,7 @@ services:
    acme-mailcow:
      depends_on:
        - nginx-mailcow
-      image: mailcow/acme:1.57
+      image: mailcow/acme:1.58
      build: ./data/Dockerfiles/acme
      dns:
        - ${IPV4_NETWORK:-172.22.1}.254