Skip to content

Instantly share code, notes, and snippets.

  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
What would you like to do?
Check multiple domains for LetsEncrypt CAA Rechecking Bug on Nginx servers

On 29th February 2020, LetsEncrypt found a bug "CAA rechecking".

This script has been made to help admins to check multiple domains on their Nginx web servers.

All my domains where fine, so I didn't bother to automate renewals. However, it can be added in the script.

Quick Usage:

wget -O - | bash

Fair wairning tho, double check the url(click on ROW and copy url from the address bar) to avoid tampered url.

#some debugging. feel free to delete that
#exec 7> debug_output.txt
#PS4='$LINENO: '
#set -x
#looking for the list domains in the nginx config
for d in `nginx -T | grep "server_name " | sed 's/.*server_name \(.*\);/\1/' | sed 's/ /\n/'`; do
#requesting domain status from the site that LetsEncrypt provided.
echo checking $d with LetsEncrypt...
RESULT=`curl -s -XPOST -d "fqdn=$d"`
if echo "$RESULT" | grep -q "needs renewal"; then
echo $d is $(tput setaf 1)vulnerable$(tput sgr0).
echo $d >> $HOME/vulnerable_domains.txt #save vulnerable domains into a file
else echo $d is $(tput setaf 2)grand!$(tput sgr0)
echo "List of your vulnerable domains(if you have any) saved in $HOME/vulnerable_domains.txt"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment