yacloud/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-05-07 18:54:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow use of a more secure _acme-challenge.$h subzone in Route53

Browse Source 
to limit scope of access if an attacker compromises your system running acme.sh
This commit is contained in:
Mark Felder 2021-10-13 11:11:38 -05:00
parent 5b0d6a1375
commit b4629864ab
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dnsapi/dns_aws.sh
View File

@ -178,7 +178,20 @@ _get_root() {
return 1
fi
if _contains "$response" "<Name>$h.</Name>"; then
if _contains "$response" "<Name>_acme-challenge.$h.</Name>"; then
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>_acme-challenge.$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
_debug hostedzone "$hostedzone"
if [ "$hostedzone" ]; then
_domain_id=$(printf "%s\n" "$hostedzone" | _egrep_o "<Id>.*<.Id>" | head -n 1 | _egrep_o ">.*<" | tr -d "<>")
if [ "$_domain_id" ]; then
_sub_domain=$(printf "%s" "$domain" | cut -d . -f 1-$p)
_domain=_acme-challenge.$h
return 0
fi
_err "Can't find domain with id: _acme-challenge.$h"
return 1
fi
elif _contains "$response" "<Name>$h.</Name>"; then
hostedzone="$(echo "$response" | sed 's/<HostedZone>/#&/g' | tr '#' '\n' | _egrep_o "<HostedZone><Id>[^<]*<.Id><Name>$h.<.Name>.*<PrivateZone>false<.PrivateZone>.*<.HostedZone>")"
_debug hostedzone "$hostedzone"
if [ "$hostedzone" ]; then