starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-05-27 09:09:11 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

don't overwrite certificate files

Browse Source 
In a worst case scenario the new certificate is broken and we are left
without a working certificate (or need to restore one from our backup).

This way we only need to change the symlink to the known working cert
This commit is contained in:
Markus Germeier
2015-12-06 14:33:00 +01:00
committed by Lukas Schauer
parent 5a213f5f6a
commit b7439a83d6
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
letsencrypt.sh
+5 -2
View File
@@ -153,11 +153,14 @@ sign_domain() {
echo " + Challenge is valid!" echo " + Challenge is valid!"
done done
# Finally request certificate from the acme-server and store it in cert.pem # Finally request certificate from the acme-server and store it in cert-${timestamp}.pem and link from cert.pem
echo " + Requesting certificate..." echo " + Requesting certificate..."
timestamp="$(date +%s)"
csr64="$(openssl req -in "certs/${domain}/cert.csr" -outform DER | urlbase64)" csr64="$(openssl req -in "certs/${domain}/cert.csr" -outform DER | urlbase64)"
crt64="$(signed_request "${CA}/acme/new-cert" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | openssl base64 -e)" crt64="$(signed_request "${CA}/acme/new-cert" '{"resource": "new-cert", "csr": "'"${csr64}"'"}' | openssl base64 -e)"
printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "certs/${domain}/cert.pem" printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "certs/${domain}/cert-${timestamp}.pem"
rm -f "certs/${domain}/cert.pem"
ln -s "cert-${timestamp}.pem" "certs/${domain}/cert.pem"
echo " + Done!" echo " + Done!"
} }