mirror of
https://github.com/dehydrated-io/dehydrated.git
synced 2026-04-24 17:28:29 +02:00
remove --sign in favor of two options "--force" and "--domain" (try 2)
This commit is contained in:
@@ -30,7 +30,7 @@ script:
|
|||||||
|
|
||||||
# move config out of the way and try signing certificate by using temporary config location
|
# move config out of the way and try signing certificate by using temporary config location
|
||||||
- mv config.sh tmp_config.sh
|
- mv config.sh tmp_config.sh
|
||||||
- ./letsencrypt.sh --sign "${TMP_URL}" -f tmp_config.sh
|
- ./letsencrypt.sh --domain "${TMP_URL}" -f tmp_config.sh
|
||||||
- mv tmp_config.sh config.sh
|
- mv tmp_config.sh config.sh
|
||||||
|
|
||||||
# run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode)
|
# run in cron mode (should find a non-expiring certificate) + check running without given mode (should default to cron mode)
|
||||||
|
|||||||
@@ -26,12 +26,13 @@ Default command: cron
|
|||||||
|
|
||||||
Commands:
|
Commands:
|
||||||
--cron (-c) Sign/renew non-existant/changed(TODO)/expiring certificates.
|
--cron (-c) Sign/renew non-existant/changed(TODO)/expiring certificates.
|
||||||
--sign (-s) domain.tld Force-sign specific certificate from domains.txt, even if not yet expiring or changed.
|
|
||||||
--revoke (-r) path/to/cert.pem Revoke specified certificate
|
--revoke (-r) path/to/cert.pem Revoke specified certificate
|
||||||
--help (-h) Show help text
|
--help (-h) Show help text
|
||||||
--env (-e) Output configuration variables for use in other scripts
|
--env (-e) Output configuration variables for use in other scripts
|
||||||
|
|
||||||
Parameters:
|
Parameters:
|
||||||
|
--domain (-d) domain.tld Use specified domain name instead of domains.txt, use multiple times for certificate with SAN names
|
||||||
|
--force (-x) force renew of certificate even if it is longer valid than value in RENEW_DAYS
|
||||||
--config (-f) path/to/config.sh Use specified config file
|
--config (-f) path/to/config.sh Use specified config file
|
||||||
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
|
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
|
||||||
```
|
```
|
||||||
|
|||||||
@@ -222,6 +222,11 @@ _request() {
|
|||||||
${HOOK} "clean_challenge" '' "${challenge_token}" "${keyauth}"
|
${HOOK} "clean_challenge" '' "${challenge_token}" "${keyauth}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# remove temporary domains.txt file if used
|
||||||
|
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
|
||||||
|
rm "${DOMAINS_TXT}"
|
||||||
|
fi
|
||||||
|
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -395,13 +400,24 @@ sign_domain() {
|
|||||||
|
|
||||||
# Usage: --cron (-c)
|
# Usage: --cron (-c)
|
||||||
# Description: Sign/renew non-existant/changed(TODO)/expiring certificates.
|
# Description: Sign/renew non-existant/changed(TODO)/expiring certificates.
|
||||||
command_cron() {
|
command_sign_domains() {
|
||||||
|
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
|
||||||
|
# we are using a temporary domains.txt file so we don't need to duplicate any code
|
||||||
|
DOMAINS_TXT="$(mktemp)"
|
||||||
|
echo "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
|
||||||
|
fi
|
||||||
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
|
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
|
||||||
<"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -v '^#' | grep -v '^$' | while read -r line; do
|
<"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -v '^#' | grep -v '^$' | while read -r line; do
|
||||||
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
|
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
|
||||||
|
morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
|
||||||
cert="${BASEDIR}/certs/${domain}/cert.pem"
|
cert="${BASEDIR}/certs/${domain}/cert.pem"
|
||||||
|
|
||||||
echo "Processing ${domain}"
|
if [[ -z "${morenames}" ]];then
|
||||||
|
echo "Processing ${domain}"
|
||||||
|
else
|
||||||
|
echo "Processing ${domain} with SAN: ${morenames}"
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ -e "${cert}" ]]; then
|
if [[ -e "${cert}" ]]; then
|
||||||
echo " + Found existing cert..."
|
echo " + Found existing cert..."
|
||||||
|
|
||||||
@@ -409,33 +425,26 @@ command_cron() {
|
|||||||
|
|
||||||
echo -n " + Valid till ${valid} "
|
echo -n " + Valid till ${valid} "
|
||||||
if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then
|
if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then
|
||||||
echo "(Longer than ${RENEW_DAYS} days). Skipping!"
|
echo -n "(Longer than ${RENEW_DAYS} days). "
|
||||||
continue
|
if [[ "${PARAM_FORCE:-}" = "yes" ]]; then
|
||||||
|
echo "Ignoring because --force was specified!"
|
||||||
|
else
|
||||||
|
echo "Skipping!"
|
||||||
|
continue
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "(Less than ${RENEW_DAYS} days). Renewing!"
|
||||||
fi
|
fi
|
||||||
echo "(Less than ${RENEW_DAYS} days). Renewing!"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
# shellcheck disable=SC2086
|
||||||
sign_domain $line
|
sign_domain $line
|
||||||
done
|
done
|
||||||
}
|
|
||||||
|
|
||||||
# Usage: --sign (-s) domain.tld
|
# remove temporary domains.txt file if used
|
||||||
# Description: Force-sign specific certificate from domains.txt, even if not yet expiring or changed.
|
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
|
||||||
command_sign() {
|
rm "${DOMAINS_TXT}"
|
||||||
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
|
fi
|
||||||
<"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -E "^${1}($|\s)" | head -1 | while read -r line; do
|
|
||||||
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
|
|
||||||
cert="${BASEDIR}/certs/${domain}/cert.pem"
|
|
||||||
|
|
||||||
echo "Processing ${domain}"
|
|
||||||
if [[ -e "${cert}" ]]; then
|
|
||||||
echo " + Found existing cert... ignoring."
|
|
||||||
fi
|
|
||||||
|
|
||||||
# shellcheck disable=SC2086
|
|
||||||
sign_domain $line
|
|
||||||
done || (echo "No entry for ${1} found in ${DOMAINS_TXT}."; exit 1)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
# Usage: --revoke (-r) path/to/cert.pem
|
# Usage: --revoke (-r) path/to/cert.pem
|
||||||
@@ -509,7 +518,8 @@ for arg; do
|
|||||||
case "${arg}" in
|
case "${arg}" in
|
||||||
--help) args="${args}-h ";;
|
--help) args="${args}-h ";;
|
||||||
--cron) args="${args}-c ";;
|
--cron) args="${args}-c ";;
|
||||||
--sign) args="${args}-s ";;
|
--domain) args="${args}-d ";;
|
||||||
|
--force ) args="${args}-x ";;
|
||||||
--revoke) args="${args}-r ";;
|
--revoke) args="${args}-r ";;
|
||||||
--privkey) args="${args}-p ";;
|
--privkey) args="${args}-p ";;
|
||||||
--config) args="${args}-f ";;
|
--config) args="${args}-f ";;
|
||||||
@@ -547,7 +557,7 @@ check_parameters() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
while getopts ":hcer:s:f:p:" option; do
|
while getopts ":hcer:d:xf:p:" option; do
|
||||||
case "${option}" in
|
case "${option}" in
|
||||||
h)
|
h)
|
||||||
command_help
|
command_help
|
||||||
@@ -564,10 +574,20 @@ while getopts ":hcer:s:f:p:" option; do
|
|||||||
check_parameters "${OPTARG:-}"
|
check_parameters "${OPTARG:-}"
|
||||||
revoke_me="${OPTARG}"
|
revoke_me="${OPTARG}"
|
||||||
;;
|
;;
|
||||||
s)
|
d)
|
||||||
set_command sign
|
# PARAM_Usage: --domain (-d) domain.tld
|
||||||
|
# PARAM_Description: Use specified domain name instead of domains.txt, use multiple times for certificate with SAN names
|
||||||
check_parameters "${OPTARG:-}"
|
check_parameters "${OPTARG:-}"
|
||||||
sign_me="${OPTARG}"
|
if [[ -z "${PARAM_DOMAIN:-}" ]]; then
|
||||||
|
PARAM_DOMAIN="${OPTARG}"
|
||||||
|
else
|
||||||
|
PARAM_DOMAIN="${PARAM_DOMAIN} ${OPTARG}"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
|
x)
|
||||||
|
# PARAM_Usage: --force (-x)
|
||||||
|
# PARAM_Description: force renew of certificate even if it is longer valid than value in RENEW_DAYS
|
||||||
|
PARAM_FORCE="yes"
|
||||||
;;
|
;;
|
||||||
f)
|
f)
|
||||||
# PARAM_Usage: --config (-f) path/to/config.sh
|
# PARAM_Usage: --config (-f) path/to/config.sh
|
||||||
@@ -598,14 +618,11 @@ init_system
|
|||||||
|
|
||||||
case "${COMMAND}" in
|
case "${COMMAND}" in
|
||||||
cron)
|
cron)
|
||||||
command_cron
|
command_sign_domains
|
||||||
;;
|
;;
|
||||||
env)
|
env)
|
||||||
command_env
|
command_env
|
||||||
;;
|
;;
|
||||||
sign)
|
|
||||||
command_sign "${sign_me}"
|
|
||||||
;;
|
|
||||||
revoke)
|
revoke)
|
||||||
command_revoke "${revoke_me}"
|
command_revoke "${revoke_me}"
|
||||||
;;
|
;;
|
||||||
|
|||||||
Reference in New Issue
Block a user