Browse Source

Update authenticator from TLS to HTTP since TLS is no longer working due to security concerns

Brielle Bruns 2 months ago
parent
commit
40f71b3579
1 changed files with 5 additions and 4 deletions
  1. 5
    4
      gen-unifi-cert.sh

+ 5
- 4
gen-unifi-cert.sh View File

@@ -2,8 +2,8 @@
2 2
 # Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
3 3
 # Modified by: Brielle Bruns <bruns@2mbit.com>
4 4
 # Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
5
-# Version: 1.6
6
-# Last Changed: 05/29/2018
5
+# Version: 1.7
6
+# Last Changed: 09/26/2018
7 7
 # 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
8 8
 # 02/27/2016: More verbose progress report
9 9
 # 03/08/2016: Add renew option, reformat code, command line options
@@ -11,6 +11,7 @@
11 11
 # 10/23/2017: Apparently don't need the ace.jar parts, so disable them
12 12
 # 02/04/2018: LE disabled tls-sni-01, so switch to just tls-sni, as certbot 0.22 and later automatically fall back to http/80 for auth
13 13
 # 05/29/2018: Integrate patch from Donald Webster <fryfrog[at]gmail.com> to cleanup and improve tests
14
+# 09/26/2018: Change from TLS to HTTP authenticator
14 15
 
15 16
 # Location of LetsEncrypt binary we use.  Leave unset if you want to let it find automatically
16 17
 #LEBINARY="/usr/src/letsencrypt/certbot-auto"
@@ -103,9 +104,9 @@ else
103 104
 fi
104 105
 
105 106
 if [[ ${onlyinsert} != "yes" ]]; then
106
-  echo "Firing up standalone authenticator on TCP port 443 and requesting cert..."
107
+  echo "Firing up standalone authenticator on TCP port 80 and requesting cert..."
107 108
   ${LEBINARY} --server https://acme-v01.api.letsencrypt.org/directory \
108
-              --agree-tos --standalone --preferred-challenges tls-sni ${LEOPTIONS}
109
+              --agree-tos --standalone --preferred-challenges http ${LEOPTIONS}
109 110
 fi
110 111
 
111 112
 if [[ ${onlyinsert} != "yes" ]] && md5sum -c "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5" &>/dev/null; then

Loading…
Cancel
Save