starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-01 06:33:15 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Added option to run letsencrypt.sh without locks

Browse Source 
This should only be used when letsencrypt.sh is under control by a
different script which makes sure that no two processes are touching the
same files.
This commit is contained in:
Lukas Schauer
2016-07-21 12:34:40 +02:00
parent 194464b04b
commit bd9cc5b0c4
3 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG
View File

@@ -15,6 +15,7 @@ This file contains a log of major changes in letsencrypt.sh
- Initial support for configuration on per-certificate base - Initial support for configuration on per-certificate base
- Support for per-CA account keys and custom config for output cert directory, license, etc. - Support for per-CA account keys and custom config for output cert directory, license, etc.
- Added option to select IP version of name to address resolution - Added option to select IP version of name to address resolution
- Added option to run letsencrypt.sh without locks
## Fixed ## Fixed
- letsencrypt.sh no longer stores account keys from invalid registrations - letsencrypt.sh no longer stores account keys from invalid registrations

1
README.md
View File

@@ -45,6 +45,7 @@ Parameters:
--ipv6 (-6) Resolve names to IPv6 addresses only --ipv6 (-6) Resolve names to IPv6 addresses only
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!) --domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS --force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--no-lock (-n) Don't use lockfile (potentially dangerous!)
--ocsp Sets option in CSR indicating OCSP stapling to be mandatory --ocsp Sets option in CSR indicating OCSP stapling to be mandatory
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation) --privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
--config (-f) path/to/config Use specified config file --config (-f) path/to/config Use specified config file

10
letsencrypt.sh
View File

@@ -183,6 +183,7 @@ load_config() {
[[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
[[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt" [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
[[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
[[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}" [[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}"
[[ -n "${PARAM_CERTDIR:-}" ]] && CERTDIR="${PARAM_CERTDIR}" [[ -n "${PARAM_CERTDIR:-}" ]] && CERTDIR="${PARAM_CERTDIR}"
@@ -200,11 +201,13 @@ init_system() {
load_config load_config
# Lockfile handling (prevents concurrent access) # Lockfile handling (prevents concurrent access)
if [[ -n "${LOCKFILE}" ]]; then
LOCKDIR="$(dirname "${LOCKFILE}")" LOCKDIR="$(dirname "${LOCKFILE}")"
[[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting." [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting."
( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting." ( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting."
remove_lock() { rm -f "${LOCKFILE}"; } remove_lock() { rm -f "${LOCKFILE}"; }
trap 'remove_lock' EXIT trap 'remove_lock' EXIT
fi
# Get CA URLs # Get CA URLs
CA_DIRECTORY="$(http_request get "${CA}")" CA_DIRECTORY="$(http_request get "${CA}")"
@@ -992,13 +995,18 @@ main() {
fi fi
;; ;;
# PARAM_Usage: --force (-x) # PARAM_Usage: --force (-x)
# PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS # PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--force|-x) --force|-x)
PARAM_FORCE="yes" PARAM_FORCE="yes"
;; ;;
# PARAM_Usage: --no-lock (-n)
# PARAM_Description: Don't use lockfile (potentially dangerous!)
--no-lock|-n)
PARAM_NO_LOCK="yes"
;;
# PARAM_Usage: --ocsp # PARAM_Usage: --ocsp
# PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory # PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory
--ocsp) --ocsp)