starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-20 23:41:21 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

sign_domain: Use existing CSR with matching timestamp

Browse Source
This commit is contained in:
Lukas Schauer
2018-02-06 20:41:26 +01:00
parent 73a116e879
commit b5de2e26eb
1 changed files with 53 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
dehydrated
View File

@@ -880,8 +880,8 @@ sign_domain() {
_exiterr "Certificate authority doesn't allow certificate signing" _exiterr "Certificate authority doesn't allow certificate signing"
fi fi
local privkey="privkey.pem"
privkey="privkey.pem" if [[ ! -e "${certdir}/cert-${timestamp}.csr" ]]; then
# generate a new private key if we need or want one # generate a new private key if we need or want one
if [[ ! -r "${certdir}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then if [[ ! -r "${certdir}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
echo " + Generating private key..." echo " + Generating private key..."
@@ -934,6 +934,7 @@ sign_domain() {
fi fi
"${OPENSSL}" req -new -sha256 -key "${certdir}/${privkey}" -out "${certdir}/cert-${timestamp}.csr" -subj "${SUBJ}" -reqexts SAN -config "${tmp_openssl_cnf}" "${OPENSSL}" req -new -sha256 -key "${certdir}/${privkey}" -out "${certdir}/cert-${timestamp}.csr" -subj "${SUBJ}" -reqexts SAN -config "${tmp_openssl_cnf}"
rm -f "${tmp_openssl_cnf}" rm -f "${tmp_openssl_cnf}"
fi
crt_path="${certdir}/cert-${timestamp}.pem" crt_path="${certdir}/cert-${timestamp}.pem"
# shellcheck disable=SC2086 # shellcheck disable=SC2086