make openssl keysize configurable

2026-03-30 13:51:49 +02:00 · 2015-12-06 12:14:51 +01:00
parent 96d7eabed4
commit 5a213f5f6a
2 changed files with 5 additions and 3 deletions
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,6 +2,7 @@

 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+#KEYSIZE=4096

 # program called before responding to the challenge, arguments: path/to/token
 # token; can be used to e.g. upload the challenge if this script doesn't run
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -8,6 +8,7 @@ set -o pipefail
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 HOOK_CHALLENGE=
+KEYSIZE="4096"

 . ./config.sh

@@ -96,7 +97,7 @@ sign_domain() {
  if [[ ! -e "certs/${domain}" ]]; then
    mkdir -p "certs/${domain}"
    echo "  + Generating private key..."
-    openssl genrsa -out "certs/${domain}/privkey.pem" 4096 2> /dev/null > /dev/null
+    openssl genrsa -out "certs/${domain}/privkey.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
  fi

  # Generate signing request config and the actual signing request
@@ -160,11 +161,11 @@ sign_domain() {
  echo "  + Done!"
 }

-# Check if private key exists, if it doesn't exist yet generate a new one (4096bit rsa key)
+# Check if private key exists, if it doesn't exist yet generate a new one (rsa key)
 register="0"
 if [[ ! -e "private_key.pem" ]]; then
  echo "+ Generating account key..."
-  openssl genrsa -out "private_key.pem" 4096 2> /dev/null > /dev/null
+  openssl genrsa -out "private_key.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
  register="1"
 fi