revoke: follow symlink, exit with error on non-existing certificate file

diff --git a/letsencrypt.sh b/letsencrypt.sh
index d0aa6a020f9c11175c0d80fa623299429fff06a7..3960ef7e2d3ae7420377d603129c92e39e22fde5 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -481,8 +481,21 @@ command_sign_domains() {
 # Description: Revoke specified certificate
 command_revoke() {
   cert="${1}"
+  if [[ -L "${cert}" ]]; then
+    # follow symlink and use real certificate name (so we move the real file and not the symlink at the end)
+    local link_target="$(readlink -n "${cert}")"
+    if [[ "${link_target}" =~ "/" ]]; then
+      cert="${link_target}"
+    else
+      cert="$(dirname "${cert}")/${link_target}"
+    fi
+  fi
+  if [[ ! -f "${cert}" ]]; then
+    echo "ERROR: Could not find certificate ${cert}"
+    exit 1
+  fi
   echo "Revoking ${cert}"
-  if [ -z "${CA_REVOKE_CERT}" ]; then
+  if [[ -z "${CA_REVOKE_CERT}" ]]; then
     echo " + ERROR: Certificate authority doesn't allow certificate revocation." >&2
     exit 1
   fi

diff --git a/test.sh b/test.sh
index 16017cfcf74d9513ddcdea2076c6da322eaa8bfa..c40a75fde35ad038fa4ecb7a46f8f4546f43bebf 100755 (executable)
--- a/test.sh
+++ b/test.sh
@@ -182,9 +182,10 @@ _CHECK_ERRORLOG
 # Revoke certificate using certificate key
 _TEST "Revoking certificate..."
 ./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
-_CHECK_LOG "Revoking certs/${TMP_URL}/cert.pem"
+REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
+_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
 _CHECK_LOG "SUCCESS"
-_CHECK_FILE "certs/${TMP_URL}/cert.pem-revoked"
+_CHECK_FILE "certs/${TMP_URL}/${REAL_CERT}-revoked"
 _CHECK_ERRORLOG
 
 # All done