starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-03-29 13:21:53 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

also store csr with timestamp and symlink to default location

Browse Source
This commit is contained in:
Lukas Schauer
2015-12-07 12:41:03 +01:00
parent 1f08fda757
commit 3cc587c224
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
letsencrypt.sh
View File

@@ -111,6 +111,8 @@ sign_domain() {
altnames="${*}"
echo " + Signing domains..."
timestamp="$(date +%s)"
# If there is no existing certificate directory => make it
if [[ ! -e "${BASEDIR}/certs/${domain}" ]]; then
echo " + make directory ${BASEDIR}/certs/${domain} ..."
@@ -120,7 +122,6 @@ sign_domain() {
# generate a new private key if we need or want one
if [[ ! -f "${BASEDIR}/certs/${domain}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
echo " + Generating private key..."
timestamp="$(date +%s)"
openssl genrsa -out "${BASEDIR}/certs/${domain}/privkey-${timestamp}.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
rm -f "${BASEDIR}/certs/${domain}/privkey.pem"
ln -s "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
@@ -133,7 +134,9 @@ sign_domain() {
done
SAN="${SAN%%, }"
echo " + Generating signing request..."
openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert-${timestamp}.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
rm -f "${BASEDIR}/certs/${domain}/cert.csr"
ln -s "cert-${timestamp}.csr" "${BASEDIR}/certs/${domain}/cert.csr"
# Request and respond to challenges
for altname in $altnames; do
@@ -188,7 +191,6 @@ sign_domain() {
# Finally request certificate from the acme-server and store it in cert-${timestamp}.pem and link from cert.pem
echo " + Requesting certificate..."
timestamp="$(date +%s)"
csr64="$(openssl req -in "${BASEDIR}/certs/${domain}/cert.csr" -outform DER | urlbase64)"
crt64="$(signed_request "${CA}/acme/new-cert" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | openssl base64 -e)"
printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"