Check multiple domains for LetsEncrypt CAA Rechecking Bug on Nginx servers

Check nginx domains for CAA Rechecking bug.md

On 29th February 2020, LetsEncrypt found a bug "CAA rechecking". https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864

This script has been made to help admins to check multiple domains on their Nginx web servers.

All my domains where fine, so I didn't bother to automate renewals. However, it can be added in the script.

Quick Usage:

wget -O - https://gist.githubusercontent.com/sashareds/98095b8b7b322c8283dc7afbec658690/raw/019fcc59f92ada15ae6eebd80d544db6828caeb0/checkforcaa.sh | bash

Fair wairning tho, double check the url(click on ROW and copy url from the address bar) to avoid tampered url.

checkforcaa.sh

#!/bin/bash


#some debugging. feel free to delete that
#exec 7> debug_output.txt
#BASH_XTRACEFD=7
#PS4='$LINENO: '
#set -x 

#looking for the list domains in the nginx config
for d in `nginx -T | grep "server_name " | sed 's/.*server_name \(.*\);/\1/' | sed 's/ /\n/'`; do

    #requesting domain status from the site that LetsEncrypt provided.
    echo checking $d with LetsEncrypt...
        RESULT=`curl -s -XPOST -d "fqdn=$d" https://checkhost.unboundtest.com/checkhost`
    if echo "$RESULT" | grep -q "needs renewal"; then
        echo $d is $(tput setaf 1)vulnerable$(tput sgr0).
        echo $d >> $HOME/vulnerable_domains.txt #save vulnerable domains into a file
    else echo $d is $(tput setaf 2)grand!$(tput sgr0)
    fi
done

echo "List of your vulnerable domains(if you have any) saved in $HOME/vulnerable_domains.txt"