remove ".well-known" folder after verification

le.sh

@@ -374,6 +374,32 @@ _clearup () {
   _restoreApache
 }
 
+# webroot  removelevel tokenfile
+_clearupwebbroot() {
+  __webroot="$1"
+  if [ -z "$__webroot" ] ; then
+    _debug "no webroot specified, skip"
+    return 0
+  fi
+  
+  if [ "$2" == '1' ] ; then
+    _debug "remove $__webroot/.well-known"
+    rm -rf "$__webroot/.well-known"
+  elif [ "$2" == '2' ] ; then
+    _debug "remove $__webroot/.well-known/acme-challenge"
+    rm -rf "$__webroot/.well-known/acme-challenge"
+  elif [ "$2" == '3' ] ; then
+    _debug "remove $__webroot/.well-known/acme-challenge/$3"
+    rm -rf "$__webroot/.well-known/acme-challenge/$3"
+  else
+    _err "removelevel invalid: $2"
+    return 1
+  fi
+  
+  return 0
+
+}
+
 issue() {
   if [ -z "$2" ] ; then
     _err "Usage: le  issue  webroot|no|apache|dns   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no"
@@ -589,7 +615,8 @@ issue() {
     _debug "d" "$d"
     _debug "keyauthorization" "$keyauthorization"
     _debug "uri" "$uri"
-    
+    removelevel= ""
+    token=""
     if [ "$vtype" == "$VTYPE_HTTP" ] ; then
       if [ "$Le_Webroot" == "no" ] ; then
         _info "Standalone mode server"
@@ -602,7 +629,15 @@ issue() {
           wellknown_path="$Le_Webroot/.well-known/acme-challenge"
         fi
         _debug wellknown_path "$wellknown_path"
-
+        
+        if [ ! -d "$Le_Webroot/.well-known" ] ; then 
+          removelevel='1'
+        elif [ ! -d "$Le_Webroot/.well-known/acme-challenge" ] ; then 
+          removelevel='2'
+        else
+          removelevel='3'
+        fi
+        
         token="$(echo -e -n "$keyauthorization" | cut -d '.' -f 1)"
         _debug "writing token:$token to $wellknown_path/$token"
 
@@ -620,6 +655,7 @@ issue() {
     
     if [ ! -z "$code" ] && [ ! "$code" == '202' ] ; then
       _err "$d:Challenge error: $resource"
+      _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
       _clearup
       return 1
     fi
@@ -631,6 +667,7 @@ issue() {
       
       if ! _get $uri ; then
         _err "$d:Verify error:$resource"
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
         _clearup
         return 1
       fi
@@ -638,12 +675,16 @@ issue() {
       status=$(echo $response | egrep -o  '"status":"[^"]+"' | cut -d : -f 2 | sed 's/"//g')
       if [ "$status" == "valid" ] ; then
         _info "Success"
+        _stopserver $serverproc
+        serverproc=""
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
         break;
       fi
       
       if [ "$status" == "invalid" ] ; then
          error=$(echo $response | egrep -o '"error":{[^}]*}' | grep -o '"detail":"[^"]*"' | cut -d '"' -f 4)
         _err "$d:Verify error:$error"
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
         _clearup
         return 1;
       fi
@@ -652,13 +693,13 @@ issue() {
         _info "Pending"
       else
         _err "$d:Verify error:$response" 
+        _clearupwebbroot "$Le_Webroot" "$removelevel" "$token"
         _clearup
         return 1
       fi
       
     done
-    _stopserver $serverproc
-    serverproc=""
+    
   done
 
   _clearup
@@ -669,7 +710,7 @@ issue() {
   
   Le_LinkCert="$(grep -i -o '^Location.*' $CURL_HEADER |sed 's/\r//g'| cut -d " " -f 2)"
   _setopt "$DOMAIN_CONF"  "Le_LinkCert"           "="  "$Le_LinkCert"
-  
+
   if [ "$Le_LinkCert" ] ; then
     echo -----BEGIN CERTIFICATE----- > "$CERT_PATH"
     curl --silent "$Le_LinkCert" | base64  >> "$CERT_PATH"