Fixes for http-01 stray tokens, dns-01 CNAMEs, contact e-mail format and updates; account security operations; misc

README

@@ -100,7 +100,10 @@ domain(s) -X –experimental tag Allow upgrade to a specified version of
 getssl -U, –nocheck Do not check if a more recent version is available
 -v –version Display current version of getssl -w working_dir “Working
 directory” –preferred-chain “chain” Use an alternate chain for the
-certificate ```
+certificate --account-id Display account id and exit  --new-account-key
+Replace the account key with a new one   --DEACTIVATE-account
+Permanently deactivate account
+```
 
 
 Quick Start Guide

README.md

@@ -93,6 +93,9 @@ Options:
   -v  --version      Display current version of getssl
   -w working_dir "Working directory"
     --preferred-chain "chain" Use an alternate chain for the certificate
+    --account-id       Display account id and exit
+    --new-account-key  Replace the account key with a new one
+    --DEACTIVATE-account Permanently deactivate account
 ```
 
 ## Quick Start Guide 

dns_scripts/dns_add_nsupdate

@@ -11,7 +11,7 @@ token="$2"
 # DNS_NSUPDATE_GETKEY  - command to execute if access to the key file requires
 #                        some special action: mounting a disk, decrypting a file..
 #                        Called with the operation 'add' and action 'open" / 'close'
-
+# DNS_NSUPDATE_LOCALIP - IP source address for update (TSIG is preferred)  Can be address<space>port.
 
 if [ -n "${DNS_NSUPDATE_KEYFILE}" ]; then
   if [ -n "${DNS_NSUPDATE_KEY_HOOK}" ] && ! ${DNS_NSUPDATE_KEY_HOOK} 'add' 'open' "${fulldomain}" ; then
@@ -26,6 +26,7 @@ if [ -n "${DNS_SERVER}" ]; then
   cmd+="server ${DNS_SERVER}\n"
 fi
 
+[ -n "$DNS_NSUPDATE_LOCALIP" ] && cmd+="local ${DNS_NSUPDATE_LOCALIP}\n"
 cmd+="update add  ${DNS_ZONE:-"_acme-challenge.${fulldomain}."} 300 in TXT \"${token}\"\n"
 cmd+="\n" # blank line is a "send" command to nsupdate
 

dns_scripts/dns_del_nsupdate

@@ -12,6 +12,7 @@ token="$2"
 #                        some special action: dismounting a disk, encrypting a
 #                         file... Called with the operation 'del' and action
 #                          'open" / 'close'
+# DNS_NSUPDATE_LOCALIP - IP source address for update (TSIG is preferred)  Can be address<space>port.
 
 if [ -n "${DNS_NSUPDATE_KEYFILE}" ]; then
   if [ -n "${DNS_NSUPDATE_KEY_HOOK}" ] && ! "${DNS_NSUPDATE_KEY_HOOK}" 'del' 'open' "${fulldomain}" ; then
@@ -26,6 +27,7 @@ if [ -n "${DNS_SERVER}" ]; then
   cmd+="server ${DNS_SERVER}\n"
 fi
 
+[ -n "$DNS_NSUPDATE_LOCALIP" ] && cmd+="local ${DNS_NSUPDATE_LOCALIP}\n"
 cmd+="update delete  ${DNS_ZONE:-"_acme-challenge.${fulldomain}."} 300 in TXT \"${token}\"\n"
 cmd+="\n" # blank line is a "send" command to nsupdate
 

dns_scripts/dns_nodelete

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# For debugging, use this as the DNS update "delete" driver
+#
+# It will log whatever seems interesting in /tmp/dns_nodelete.log, but
+# it will NOT delete the tokens.  Currently used with nsupdate, but
+# variables for other drivers are welcome.  This is mainly for debugging
+# CNAME aliasing & token cleanup tools.
+
+(
+NOLOG="/tmp/dns_nodelete.log"
+NOSTAMP="$(date +'%a, %d-%b-%Y %T.%N'): "
+NODOMAIN="$1"
+NOTOKEN="$2"
+NOVARS="DNS_.*|*NODOMAIN|NOTOKEN*"
+
+set | grep -E "^($NOVARS)=" | while read -r ; do echo "${NOSTAMP}$REPLY" >>$NOLOG; done
+
+echo "${NOSTAMP}update delete  ${DNS_ZONE:-"_acme-challenge.${NODOMAIN}."} 300 in TXT \"${NOTOKEN}\"\n" >>"$NOLOG"
+)