mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-07-02 11:11:45 +02:00
added config option to set path for openssl config file (currently only used for generating a signing request)
This commit is contained in:
@@ -4,6 +4,7 @@
|
|||||||
#WELLKNOWN=".acme-challenges"
|
#WELLKNOWN=".acme-challenges"
|
||||||
#KEYSIZE=4096
|
#KEYSIZE=4096
|
||||||
#BASEDIR=./
|
#BASEDIR=./
|
||||||
|
#OPENSSL_CNF=.... # system default (see openssl version -d)
|
||||||
|
|
||||||
# program called before responding to the challenge, arguments: path/to/token
|
# program called before responding to the challenge, arguments: path/to/token
|
||||||
# token; can be used to e.g. upload the challenge if this script doesn't run
|
# token; can be used to e.g. upload the challenge if this script doesn't run
|
||||||
|
|||||||
+2
-1
@@ -13,6 +13,7 @@ KEYSIZE="4096"
|
|||||||
WELLKNOWN=".acme-challenges"
|
WELLKNOWN=".acme-challenges"
|
||||||
PRIVATE_KEY_RENEW=no
|
PRIVATE_KEY_RENEW=no
|
||||||
BASEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
BASEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
|
||||||
|
OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"
|
||||||
|
|
||||||
# If exists load config from same directory as this script
|
# If exists load config from same directory as this script
|
||||||
if [[ -e "${BASEDIR}/config.sh" ]]; then
|
if [[ -e "${BASEDIR}/config.sh" ]]; then
|
||||||
@@ -131,7 +132,7 @@ sign_domain() {
|
|||||||
done
|
done
|
||||||
SAN="${SAN%%, }"
|
SAN="${SAN%%, }"
|
||||||
echo " + Generating signing request..."
|
echo " + Generating signing request..."
|
||||||
openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
|
openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
|
||||||
|
|
||||||
# Request and respond to challenges
|
# Request and respond to challenges
|
||||||
for altname in $altnames; do
|
for altname in $altnames; do
|
||||||
|
|||||||
Reference in New Issue
Block a user