starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-23 16:58:28 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

force a renew if given domain name(s) don't match the domain name(s) of the existing cert

Browse Source
This commit is contained in:
Markus Germeier
2015-12-16 21:36:23 +01:00
committed by Lukas Schauer
parent ed2db8e416
commit 2d097c928c
2 changed files with 24 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
letsencrypt.sh
View File

@@ -413,6 +413,8 @@ command_sign_domains() {
morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)" morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
cert="${BASEDIR}/certs/${domain}/cert.pem" cert="${BASEDIR}/certs/${domain}/cert.pem"
force_renew="${PARAM_FORCE:-no}"
if [[ -z "${morenames}" ]];then if [[ -z "${morenames}" ]];then
echo "Processing ${domain}" echo "Processing ${domain}"
else else
@@ -420,15 +422,33 @@ command_sign_domains() {
fi fi
if [[ -e "${cert}" ]]; then if [[ -e "${cert}" ]]; then
echo " + Found existing cert..." echo -n " + Checking domain name(s) of existing cert..."
certnames="$(openssl x509 -in "${cert}" -text -noout | grep DNS: | sed 's/DNS://g' | tr -d ' ' | tr ',' '\n' | sort -u | tr '\n' ' ' | sed 's/ $//')"
givennames="$(echo "${domain}" "${morenames}"| tr ' ' '\n' | sort -u | tr '\n' ' ' | sed 's/ $//' | sed 's/^ //')"
if [[ "${certnames}" = "${givennames}" ]]; then
echo " unchanged."
else
echo " changed!"
echo " + Domain name(s) are not matching!"
echo " + Names in old certificate: ${certnames}"
echo " + Configured names: ${givennames}"
echo " + Forcing renew."
force_renew="yes"
fi
fi
if [[ -e "${cert}" ]]; then
echo " + Checking expire date of existing cert..."
valid="$(openssl x509 -enddate -noout -in "${cert}" | cut -d= -f2- )" valid="$(openssl x509 -enddate -noout -in "${cert}" | cut -d= -f2- )"
echo -n " + Valid till ${valid} " echo -n " + Valid till ${valid} "
if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then
echo -n "(Longer than ${RENEW_DAYS} days). " echo -n "(Longer than ${RENEW_DAYS} days). "
if [[ "${PARAM_FORCE:-}" = "yes" ]]; then if [[ "${force_renew}" = "yes" ]]; then
echo "Ignoring because --force was specified!" echo "Ignoring because renew was forced!"
else else
echo "Skipping!" echo "Skipping!"
continue continue

2
test.sh
View File

@@ -138,7 +138,7 @@ _CHECK_ERRORLOG
_TEST "Run in cron mode one last time, with domain in domains.txt and force-resign" _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
echo "${TMP_URL}" >> domains.txt echo "${TMP_URL}" >> domains.txt
./letsencrypt.sh --cron --force > tmplog 2> errorlog ./letsencrypt.sh --cron --force > tmplog 2> errorlog
_CHECK_LOG "Ignoring because --force was specified" _CHECK_LOG "Ignoring because renew was forced!"
_CHECK_NOT_LOG "Generating private key" _CHECK_NOT_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}" _CHECK_LOG "Requesting challenge for ${TMP_URL}"
_CHECK_LOG "Challenge is valid!" _CHECK_LOG "Challenge is valid!"