check-challenge.sh Source

#!/bin/bash
ZONE="$1"
CHALLENGE_TOKEN="$2"
nsservers="$(dig +noall +authority ns1.enimihil.net)"
if [ -z "$nsservers" ]; then
    echo "No records in ns1.enimihil.net?"
    nsservers="$(dig +short ns $ZONE)"
fi
if [ $(echo "$nsservers" | egrep -c "[ \t\*SOA[ \t]*") -eq 1 ]; then
    echo "No SOA?"
    auth_zone="$(echo "$nsservers" | sed -e "s/[ \t]\+.*#//" -e "s/\.$//")"
    nsservers="$(dig +noall +authority ${auth_zone})"
fi
nsservers="$(echo "$nsservers" | sed -e "s/^.*\t//g" -e "s/\.#//")"
if [ -z "$nsservers" ]; then
    echo "No authoritative nameservers found for enimihil.net (via ns1.enimihil.net or otherwise)"
    exit 2
fi
any_not_ok=0
for ns in $nsservers; do
    echo "Got NS: $ns"
    msg="$(dig +short "_acme-challenge.${ZONE}" TXT @${ns})"
    if [ $? -eq 0 -a "$msg" = "\"${CHALLENGE_TOKEN}\"" ]; then
        echo "$ns OK, $msg"
    else
        echo "$ns NOT OK, $msg"
        any_not_ok=1
    fi
done
exit $any_not_ok