1
0
Fork 0

script_refresh-proxied-certs: fix: don't overwrite when host is unavailable

This commit is contained in:
Chl 2020-01-21 22:47:23 +01:00
parent 9da2d8701e
commit 266b15b535

View file

@ -30,7 +30,8 @@ for i in *.crt; do
sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE" sed -n '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' > "$TMPFILE"
# Check that the new cert still match the local key # Check that the new cert still match the local key
if [ "$( ( openssl x509 -noout -modulus -in "$FQDN_HOSTNAME.crt"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then # (it should also fail safely when the host wasn't reachable)
if [ "$( ( openssl x509 -noout -modulus -in "$TMPFILE"; openssl rsa -noout -modulus -in "$FQDN_HOSTNAME.key" ) | uniq | wc -l )" -ne 1 ]; then
# Mismatch : raise an alert # Mismatch : raise an alert
echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2 echo "WARNING: retrieved certificate does not match '$FQDN_HOSTNAME.key'" >&2
EXIT_STATUS=1 EXIT_STATUS=1