fixed logic to check status from our challenge

the old code had a problem and would interpret a challenge that returned "pending" and then "invalid" as valid. This code actually has another problem. The RFC defines: "status (optional, string): The status of this authorization. Possible values are: "pending", "valid", and "invalid". If this field is missing, then the default value is "pending"." So actually the correct way to implement this would be: while [[ -z "${status}" ]] || [[ "${status}" = "pending" ]]; do But without further checks this might lead to an endless loop. So this is "good enough(tm)". ;)
2026-03-24 01:51:05 +01:00 · 2015-12-06 15:51:38 +01:00
parent e300c0a173
commit 76a37834be
1 changed files with 11 additions and 8 deletions
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -141,17 +141,20 @@ sign_domain() {
    result="$(signed_request "${challenge_uri}" '{"resource": "challenge", "keyAuthorization": "'"${keyauth}"'"}')"

    status="$(printf '%s\n' "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
-    if [[ ! "${status}" = "pending" ]] && [[ ! "${status}" = "valid" ]]; then
-      echo "  + Challenge is invalid! (${result})"
+
+    # get status until it a result is reached => not pending anymore    
+    while [[ "${status}" = "pending" ]]; do
+      sleep 1
+      status="$(_request get "${challenge_uri}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
+    done
+
+    if [[ "${status}" = "valid" ]]; then
+      echo "  + Challenge is valid!"
+    else
+      echo "  + Challenge is invalid! (returned: ${status})"
      exit 1
    fi

-    while [[ "${status}" = "pending" ]]; do
-      status="$(_request get "${challenge_uri}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
-      sleep 1
-    done
-
-    echo "  + Challenge is valid!"
  done

  # Finally request certificate from the acme-server and store it in cert-${timestamp}.pem and link from cert.pem