@@ -283,11 +283,11 @@ check_challenge_completion() { # checks with the ACME server if our challenge is
283283
284284 # check response from our request to perform challenge
285285 if [[ $API -eq 1 ]]; then
286- if [[ ! -z " $code " && [[ ! " $code " == ' 202' ; then
286+ if [[ -n " $code " && [[ ! " $code " == ' 202' ; then
287287 error_exit " $domain :Challenge error: $code "
288288 fi
289289 else # APIv2
290- if [[ ! -z " $code " && [[ ! " $code " == ' 200' ; then
290+ if [[ -n " $code " && [[ ! " $code " == ' 200' ; then
291291 error_exit " $domain :Challenge error: $code "
292292 fi
293293 fi
@@ -468,12 +468,13 @@ check_getssl_upgrade() { # check if a more recent version of code is available a
468468 # Obtain all locally stored old versions in getssl_versions
469469 declare -a getssl_versions
470470 shopt -s nullglob
471- for getssl_version in $0 .v* ; do
471+ for getssl_version in " $0 " * ; do
472472 getssl_versions[${# getssl_versions[@]} ]=" $getssl_version "
473473 done
474474 shopt -u nullglob
475475 # Explicitly sort the getssl_versions array to make sure
476476 shopt -s -o noglob
477+ # shellcheck disable=SC2207
477478 IFS=$' \n ' $( sort <<< " ${getssl_versions[*]}" )
478479 shopt -u -o noglob
479480 # Remove entries until given number of old versions to keep is reached
@@ -499,18 +500,18 @@ clean_up() { # Perform pre-exit housekeeping
499500 if [[ $VALIDATE_VIA_DNS == " true" ; then
500501 # Tidy up DNS entries if things failed part way though.
501502 shopt -s nullglob
502- for dnsfile in $TEMP_DIR /dns_verify/* ; do
503+ for dnsfile in " $TEMP_DIR " * ; do
503504 # shellcheck source=/dev/null
504505 . " $dnsfile "
505506 debug " attempting to clean up DNS entry for $d "
506507 eval " $DNS_DEL_COMMAND " " $d " " $auth_key "
507508 done
508509 shopt -u nullglob
509510 fi
510- if [[ ! -z " $DOMAIN_DIR " ; then
511+ if [[ -n " $DOMAIN_DIR " ; then
511512 rm -rf " ${TEMP_DIR:? } "
512513 fi
513- if [[ ! -z " $TEMP_UPGRADE_FILE " && [[ -f " $TEMP_UPGRADE_FILE " ; then
514+ if [[ -n " $TEMP_UPGRADE_FILE " && [[ -f " $TEMP_UPGRADE_FILE " ; then
514515 rm -f " $TEMP_UPGRADE_FILE "
515516 fi
516517}
@@ -530,7 +531,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
530531 scp $from ${to: 4} "
531532 fi
532533 debug " userid $TOKEN_USER_ID "
533- if [[ " $cert " == " challenge token" && [[ ! -z " $TOKEN_USER_ID " ; then
534+ if [[ " $cert " == " challenge token" && [[ -n " $TOKEN_USER_ID " ; then
534535 servername=$( echo " $to " | awk -F" :" ' {print $2}' )
535536 tofile=$( echo " $to " | awk -F" :" ' {print $3}' )
536537 debug " servername $servername "
@@ -591,7 +592,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
591592 error_exit " cannot copy $from to $to "
592593 fi
593594 fi
594- if [[ " $cert " == " challenge token" && [[ ! -z " $TOKEN_USER_ID " ; then
595+ if [[ " $cert " == " challenge token" && [[ -n " $TOKEN_USER_ID " ; then
595596 chown " $TOKEN_USER_ID " " $to "
596597 fi
597598 fi
@@ -736,7 +737,7 @@ get_auth_dns() { # get the authoritative dns server for a domain (sets primary_n
736737 else
737738 res=$( $DNS_CHECK_FUNC CNAME " $gad_d " " @$gad_s " | grep " ^$gad_d " )
738739 fi
739- if [[ ! -z " $res " ; then # domain is a CNAME so get main domain
740+ if [[ -n " $res " ; then # domain is a CNAME so get main domain
740741 gad_d=$( echo " $res " | awk ' {print $5}' | sed ' s/\.$//g' )
741742 fi
742743 if [[ -z " $gad_s " ; then # checking for CNAMEs
@@ -1152,7 +1153,7 @@ json_get() { # get values from json
11521153 # remove newlines, so it's a single chunk of JSON
11531154 json_data=$( echo " $1 " | tr ' \n' ' ' )
11541155 # if $3 is defined, this is the section which the item is in.
1155- if [[ ! -z " $3 " ; then
1156+ if [[ -n " $3 " ; then
11561157 jg_section=$( echo " $json_data " | awk -F" [}]" ' {for(i=1;i<=NF;i++){if($i~/\"' " ${3} " ' \"/){print $i}}}' )
11571158 if [[ " $2 " == " uri" ; then
11581159 jg_subsect=$( echo " $jg_section " | awk -F" [,]" ' {for(i=1;i<=NF;i++){if($i~/\"' " ${2} " ' \"/){print $(i)}}}' )
@@ -1172,17 +1173,17 @@ json_get() { # get values from json
11721173 echo " $jg_result "
11731174 fi
11741175 else
1175- if [[ ! -z " $6 " ; then
1176+ if [[ -n " $6 " ; then
11761177 full=$( json_awk " $1 " )
11771178 section=$( echo " $full " | grep " \" $2 \" " | grep " \" $3 \" " | grep " \" $4 \" " | awk -F" ," ' {print $2}' )
11781179 echo " $full " | grep " ^..${5} \" ,$section " | awk ' {print $2}' | tr -d ' "'
1179- elif [[ ! -z " $5 " ; then
1180+ elif [[ -n " $5 " ; then
11801181 full=$( json_awk " $1 " )
11811182 section=$( echo " $full " | grep " \" $2 \" " | grep " \" $3 \" " | grep " \" $4 \" " | awk -F" ," ' {print $2}' )
11821183 echo " $full " | grep " ^..${2} \" ,$section " | grep " $5 " | awk ' {print $2}' | tr -d ' "'
1183- elif [[ ! -z " $3 " ; then
1184+ elif [[ -n " $3 " ; then
11841185 json_awk " $1 " | grep " ^..${2} ...${3} " | awk ' {print $2}' | tr -d ' "'
1185- elif [[ ! -z " $2 " ; then
1186+ elif [[ -n " $2 " ; then
11861187 json_awk " $1 " | grep " ^..${2} " | awk ' {print $2}' | tr -d ' "'
11871188 else
11881189 json_awk " $1 "
@@ -1203,7 +1204,7 @@ os_esed() { # Use different sed version for different os types (extended regex)
12031204purge_archive () { # purge archive of old, invalid, certificates
12041205 arcdir=" $1 /archive"
12051206 debug " purging archives in ${arcdir} /"
1206- for padir in $arcdir /???? _?? _?? _?? _?? ; do
1207+ for padir in " $arcdir " ???? _?? _?? _?? _?? ; do
12071208 # check each directory
12081209 if [[ -d " $padir " ; then
12091210 tstamp=$( basename " $padir " | awk -F" _" ' {print $1"-"$2"-"$3" "$4":"$5}' )
@@ -1226,7 +1227,7 @@ purge_archive() { # purge archive of old, invalid, certificates
12261227}
12271228
12281229reload_service () { # Runs a command to reload services ( via ssh if needed)
1229- if [[ ! -z " $RELOAD_CMD " ; then
1230+ if [[ -n " $RELOAD_CMD " ; then
12301231 info " reloading SSL services"
12311232 if [[ " ${RELOAD_CMD: 0: 4} " == " ssh:" ; then
12321233 sshhost=$( echo " $RELOAD_CMD " | awk -F: ' {print $2}' )
@@ -1270,16 +1271,16 @@ requires() { # check if required function is available
12701271 if [[ " $i " == " ${!# } " ; then # if on last variable then exit as not found
12711272 error_exit " this script requires one of: ${*: 1: $(($# -1))} "
12721273 fi
1273- res=$( which " $i " 2> /dev/null)
1274+ res=$( command -v " $i " 2> /dev/null)
12741275 debug " checking for $i ... $res "
1275- if [[ ! -z " $res " ; then # if function found, then set variable to function and return
1276+ if [[ -n " $res " ; then # if function found, then set variable to function and return
12761277 debug " function $i found at $res - setting ${!# } to $i "
12771278 eval " ${!# } =\$ i"
12781279 return
12791280 fi
12801281 done
12811282 else # only one value, so check it.
1282- result=$( which " $1 " 2> /dev/null)
1283+ result=$( command -v " $1 " 2> /dev/null)
12831284 debug " checking for required $1 ... $result "
12841285 if [[ -z " $result " ; then
12851286 error_exit " This script requires $1 installed"
@@ -1339,6 +1340,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
13391340 dp=" $TEMP_DIR /curl.dump"
13401341
13411342 CURL=" curl "
1343+ # shellcheck disable=SC2072
13421344 if [[ " $( $CURL -V | head -1 | cut -d' ' ) " > " 7.33" ; then
13431345 CURL=" $CURL --http1.1 "
13441346 fi
@@ -1672,11 +1674,11 @@ while [[ -n ${1+defined} ]]; do
16721674 _UPGRADE_CHECK=0 ;;
16731675 -w)
16741676 shift ; WORKING_DIR=" $1 "
1675- -* | -- * )
1677+ -* )
16761678 usage
16771679 error_exit " Unknown option $1 "
16781680 * )
1679- if [[ ! -z $DOMAIN ]]; then
1681+ if [[ -n $DOMAIN ]]; then
16801682 error_exit " invalid command line $DOMAIN - it appears to contain more than one domain"
16811683 fi
16821684 DOMAIN=" $1 "
@@ -1784,7 +1786,7 @@ if [[ ${_CHECK_ALL} -eq 1 ]]; then
17841786 error_exit " DOMAIN_STORAGE not found - $DOMAIN_STORAGE "
17851787 fi
17861788
1787- for dir in ${DOMAIN_STORAGE} /* ; do
1789+ for dir in " ${DOMAIN_STORAGE} " * ; do
17881790 if [[ -d " $dir " ; then
17891791 debug " Checking $dir "
17901792 cmd=" $0 -U" # No update checks when calling recursively
@@ -1832,7 +1834,7 @@ if [[ ${_CREATE_CONFIG} -eq 1 ]]; then
18321834 | openssl s_client -servername " ${DOMAIN} " " ${DOMAIN} :443" 2> /dev/null \
18331835 | openssl x509 2> /dev/null)
18341836 EX_SANS=" www.${DOMAIN} "
1835- if [[ ! -z " ${EX_CERT} " ; then
1837+ if [[ -n " ${EX_CERT} " ; then
18361838 EX_SANS=$( echo " $EX_CERT "
18371839 | openssl x509 -noout -text 2> /dev/null| grep " Subject Alternative Name"
18381840 | grep -Eo " DNS:[a-zA-Z 0-9.-]*" | sed " s@DNS:$DOMAIN @@g" | grep -v ' ^$' | cut -c 5-)
@@ -1902,9 +1904,9 @@ if [[ -z "$URL_new_reg" ]] && [[ -z "$URL_newAccount" ]]; then
19021904 URL_newOrder=$( echo " $ca_all_loc " | grep " newOrder" | awk -F' "' ' {print $4}' )
19031905fi
19041906
1905- if [[ ! -z " $URL_new_reg " ; then
1907+ if [[ -n " $URL_new_reg " ; then
19061908 API=1
1907- elif [[ ! -z " $URL_newAccount " ; then
1909+ elif [[ -n " $URL_newAccount " ; then
19081910 API=2
19091911else
19101912 info " unknown API version"
@@ -1918,7 +1920,7 @@ if [[ "${CHECK_REMOTE}" == "true" ]] && [[ $_FORCE_RENEW -eq 0 ]]; then
19181920 EX_CERT=$( echo \
19191921 | openssl s_client -servername " ${DOMAIN} " " ${DOMAIN} :${REMOTE_PORT} " ${REMOTE_EXTRA} 2> /dev/null \
19201922 | openssl x509 2> /dev/null)
1921- if [[ ! -z " $EX_CERT " ; then # if obtained a cert
1923+ if [[ -n " $EX_CERT " ; then # if obtained a cert
19221924 if [[ -s " $CERT_FILE " ; then # if local exists
19231925 CERT_LOCAL=$( openssl x509 -noout -fingerprint < " $CERT_FILE " 2> /dev/null)
19241926 else # since local doesn't exist leave empty so that the domain validation will happen
@@ -2151,7 +2153,7 @@ for d in $alldomains; do
21512153 debug " completed send_signed_request"
21522154
21532155 # check if we got a valid response and token, if not then error exit
2154- if [[ ! -z " $code " && [[ ! " $code " == ' 201' ; then
2156+ if [[ -n " $code " && [[ ! " $code " == ' 201' ; then
21552157 error_exit " new-authz error: $response "
21562158 fi
21572159 else
@@ -2319,7 +2321,7 @@ done # end of ... loop through domains for cert ( from SANS list)
23192321# perform validation if via DNS challenge
23202322if [[ $VALIDATE_VIA_DNS == " true" ; then
23212323 # loop through dns-variable files to check if dns has been changed
2322- for dnsfile in $TEMP_DIR /dns_verify/* ; do
2324+ for dnsfile in " $TEMP_DIR " * ; do
23232325 if [[ -e " $dnsfile " ; then
23242326 debug " loading DNSfile: $dnsfile "
23252327 # shellcheck source=/dev/null
@@ -2372,7 +2374,7 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
23722374 fi
23732375
23742376 # loop through dns-variable files to let the ACME server check the challenges
2375- for dnsfile in $TEMP_DIR /dns_verify/* ; do
2377+ for dnsfile in " $TEMP_DIR " * ; do
23762378 if [[ -e " $dnsfile " ; then
23772379 debug " loading DNSfile: $dnsfile "
23782380 # shellcheck source=/dev/null
@@ -2415,25 +2417,25 @@ copy_file_to_location "domain certificate" "$CERT_FILE" "$DOMAIN_CERT_LOCATION"
24152417copy_file_to_location " private key" " $DOMAIN_DIR /${DOMAIN} .key" " $DOMAIN_KEY_LOCATION "
24162418copy_file_to_location " CA certificate" " $CA_CERT " " $CA_CERT_LOCATION "
24172419if [[ " $DUAL_RSA_ECDSA " == " true" ; then
2418- if [[ ! -z " $DOMAIN_CERT_LOCATION " ; then
2420+ if [[ -n " $DOMAIN_CERT_LOCATION " ; then
24192421 copy_file_to_location " ec domain certificate"
24202422 " ${CERT_FILE% .* } .ec.crt"
24212423 " ${DOMAIN_CERT_LOCATION% .* } .ec.crt"
24222424 fi
2423- if [[ ! -z " $DOMAIN_KEY_LOCATION " ; then
2425+ if [[ -n " $DOMAIN_KEY_LOCATION " ; then
24242426 copy_file_to_location " ec private key"
24252427 " $DOMAIN_DIR /${DOMAIN} .ec.key"
24262428 " ${DOMAIN_KEY_LOCATION% .* } .ec.key"
24272429 fi
2428- if [[ ! -z " $CA_CERT_LOCATION " ; then
2430+ if [[ -n " $CA_CERT_LOCATION " ; then
24292431 copy_file_to_location " ec CA certificate"
24302432 " ${CA_CERT% .* } .ec.crt"
24312433 " ${CA_CERT_LOCATION% .* } .ec.crt"
24322434 fi
24332435fi
24342436
24352437# if DOMAIN_CHAIN_LOCATION is not blank, then create and copy file.
2436- if [[ ! -z " $DOMAIN_CHAIN_LOCATION " ; then
2438+ if [[ -n " $DOMAIN_CHAIN_LOCATION " ; then
24372439 if [[ " $( dirname " $DOMAIN_CHAIN_LOCATION " ) " == " ." ; then
24382440 to_location=" ${DOMAIN_DIR} /${DOMAIN_CHAIN_LOCATION} "
24392441 else
@@ -2447,7 +2449,7 @@ if [[ ! -z "$DOMAIN_CHAIN_LOCATION" ]]; then
24472449 fi
24482450fi
24492451# if DOMAIN_KEY_CERT_LOCATION is not blank, then create and copy file.
2450- if [[ ! -z " $DOMAIN_KEY_CERT_LOCATION " ; then
2452+ if [[ -n " $DOMAIN_KEY_CERT_LOCATION " ; then
24512453 if [[ " $( dirname " $DOMAIN_KEY_CERT_LOCATION " ) " == " ." ; then
24522454 to_location=" ${DOMAIN_DIR} /${DOMAIN_KEY_CERT_LOCATION} "
24532455 else
@@ -2461,7 +2463,7 @@ if [[ ! -z "$DOMAIN_KEY_CERT_LOCATION" ]]; then
24612463 fi
24622464fi
24632465# if DOMAIN_PEM_LOCATION is not blank, then create and copy file.
2464- if [[ ! -z " $DOMAIN_PEM_LOCATION " ; then
2466+ if [[ -n " $DOMAIN_PEM_LOCATION " ; then
24652467 if [[ " $( dirname " $DOMAIN_PEM_LOCATION " ) " == " ." ; then
24662468 to_location=" ${DOMAIN_DIR} /${DOMAIN_PEM_LOCATION} "
24672469 else
0 commit comments