renamed "config.sh" to "config"

This commit is contained in:
Lukas Schauer
2016-05-22 22:34:28 +02:00
parent 722430039b
commit d5b285868e
11 changed files with 24 additions and 23 deletions
+1 -1
View File
@@ -1,7 +1,7 @@
private_key.pem private_key.pem
private_key.json private_key.json
domains.txt domains.txt
config.sh config
hook.sh hook.sh
certs/* certs/*
archive/* archive/*
+1
View File
@@ -3,6 +3,7 @@ This file contains a log of major changes in letsencrypt.sh
## [x.x.x] - xxxx-xx-xx ## [x.x.x] - xxxx-xx-xx
## Changed ## Changed
- Config is now named `config` instead of `config.sh`!
- Location of domains.txt is now configurable via DOMAINS_TXT config variable - Location of domains.txt is now configurable via DOMAINS_TXT config variable
## [0.2.0] - 2016-05-22 ## [0.2.0] - 2016-05-22
+1 -1
View File
@@ -44,7 +44,7 @@ Parameters:
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!) --domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS --force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation) --privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
--config (-f) path/to/config.sh Use specified config file --config (-f) path/to/config Use specified config file
--hook (-k) path/to/hook.sh Use specified script for hooks --hook (-k) path/to/hook.sh Use specified script for hooks
--challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported --challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported
--algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 --algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
+1 -1
View File
@@ -4,7 +4,7 @@ This script also supports the new `dns-01`-type verification. This type of verif
You need a hook script that deploys the challenge to your DNS server! You need a hook script that deploys the challenge to your DNS server!
The hook script (indicated in the config.sh file or the --hook/-k command line argument) gets four arguments: an operation name (clean_challenge, deploy_challenge, or deploy_cert) and some operands for that. For deploy_challenge $2 is the domain name for which the certificate is required, $3 is a "challenge token" (which is not needed for dns-01), and $4 is a token which needs to be inserted in a TXT record for the domain. The hook script (indicated in the config file or the --hook/-k command line argument) gets four arguments: an operation name (clean_challenge, deploy_challenge, or deploy_cert) and some operands for that. For deploy_challenge $2 is the domain name for which the certificate is required, $3 is a "challenge token" (which is not needed for dns-01), and $4 is a token which needs to be inserted in a TXT record for the domain.
Typically, you will need to split the subdomain name in two, the subdomain name and the domain name separately. For example, for "my.example.com", you'll need "my" and "example.com" separately. You then have to prefix "_acme-challenge." before the subdomain name, as in "_acme-challenge.my" and set a TXT record for that on the domain (e.g. "example.com") which has the value supplied in $4 Typically, you will need to split the subdomain name in two, the subdomain name and the domain name separately. For example, for "my.example.com", you'll need "my" and "example.com" separately. You then have to prefix "_acme-challenge." before the subdomain name, as in "_acme-challenge.my" and set a TXT record for that on the domain (e.g. "example.com") which has the value supplied in $4
@@ -2,10 +2,10 @@
# This is the main config file for letsencrypt.sh # # This is the main config file for letsencrypt.sh #
# # # #
# This file is looked for in the following locations: # # This file is looked for in the following locations: #
# $SCRIPTDIR/config.sh (next to this script) # # $SCRIPTDIR/config (next to this script) #
# /usr/local/etc/letsencrypt.sh/config.sh # # /usr/local/etc/letsencrypt.sh/config #
# /etc/letsencrypt.sh/config.sh # # /etc/letsencrypt.sh/config #
# ${PWD}/config.sh (in current working-directory) # # ${PWD}/config (in current working-directory) #
# # # #
# Default values of this config are in comments # # Default values of this config are in comments #
######################################################## ########################################################
+2 -2
View File
@@ -9,7 +9,7 @@ See below for an example on how the calls change:
### HOOK_CHAIN="no" (default behaviour) ### HOOK_CHAIN="no" (default behaviour)
``` ```
# INFO: Using main config file /etc/letsencrypt.sh/config.sh # INFO: Using main config file /etc/letsencrypt.sh/config
Processing lukas.im with alternative names: www.lukas.im Processing lukas.im with alternative names: www.lukas.im
+ Checking domain name(s) of existing cert... unchanged. + Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert... + Checking expire date of existing cert...
@@ -37,7 +37,7 @@ HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/l
### HOOK_CHAIN="yes" ### HOOK_CHAIN="yes"
``` ```
# INFO: Using main config file /etc/letsencrypt.sh/config.sh # INFO: Using main config file /etc/letsencrypt.sh/config
Processing lukas.im with alternative names: www.lukas.im Processing lukas.im with alternative names: www.lukas.im
+ Checking domain name(s) of existing cert... unchanged. + Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert... + Checking expire date of existing cert...
+1 -1
View File
@@ -5,7 +5,7 @@ Lets Encrypt has stringent rate limits in place during the public beta period
If you start testing using the production endpoint (which is the default), If you start testing using the production endpoint (which is the default),
you will quickly hit these limits and find yourself locked out. you will quickly hit these limits and find yourself locked out.
To avoid this, please set the CA property to the Lets Encrypt staging server URL in your `config.sh` file: To avoid this, please set the CA property to the Lets Encrypt staging server URL in your config file:
```bash ```bash
CA="https://acme-staging.api.letsencrypt.org/directory" CA="https://acme-staging.api.letsencrypt.org/directory"
+3 -3
View File
@@ -51,9 +51,9 @@ load_config() {
# Check for config in various locations # Check for config in various locations
if [[ -z "${CONFIG:-}" ]]; then if [[ -z "${CONFIG:-}" ]]; then
for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
if [[ -e "${check_config}/config.sh" ]]; then if [[ -e "${check_config}/config" ]]; then
BASEDIR="${check_config}" BASEDIR="${check_config}"
CONFIG="${check_config}/config.sh" CONFIG="${check_config}/config"
break break
fi fi
done done
@@ -859,7 +859,7 @@ main() {
PARAM_ACCOUNT_KEY="${1}" PARAM_ACCOUNT_KEY="${1}"
;; ;;
# PARAM_Usage: --config (-f) path/to/config.sh # PARAM_Usage: --config (-f) path/to/config
# PARAM_Description: Use specified config file # PARAM_Description: Use specified config file
--config|-f) --config|-f)
shift 1 shift 1
+10 -10
View File
@@ -96,10 +96,10 @@ mkdir -p .acme-challenges/.well-known/acme-challenge
) & ) &
# Generate config and create empty domains.txt # Generate config and create empty domains.txt
echo 'CA="https://testca.kurz.pw/directory"' > config.sh echo 'CA="https://testca.kurz.pw/directory"' > config
echo 'LICENSE="https://testca.kurz.pw/terms/v1"' >> config.sh echo 'LICENSE="https://testca.kurz.pw/terms/v1"' >> config
echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config
echo 'RENEW_DAYS="14"' >> config.sh echo 'RENEW_DAYS="14"' >> config
touch domains.txt touch domains.txt
# Check if help command is working # Check if help command is working
@@ -119,8 +119,8 @@ _CHECK_ERRORLOG
# Temporarily move config out of the way and try signing certificate by using temporary config location # Temporarily move config out of the way and try signing certificate by using temporary config location
_TEST "Try signing using temporary config location and with domain as command line parameter" _TEST "Try signing using temporary config location and with domain as command line parameter"
mv config.sh tmp_config.sh mv config tmp_config
./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config.sh > tmplog 2> errorlog || _FAIL "Script execution failed" ./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_NOT_LOG "Checking domain name(s) of existing cert" _CHECK_NOT_LOG "Checking domain name(s) of existing cert"
_CHECK_LOG "Generating private key" _CHECK_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}" _CHECK_LOG "Requesting challenge for ${TMP_URL}"
@@ -129,11 +129,11 @@ _CHECK_LOG "Challenge is valid!"
_CHECK_LOG "Creating fullchain.pem" _CHECK_LOG "Creating fullchain.pem"
_CHECK_LOG "Done!" _CHECK_LOG "Done!"
_CHECK_ERRORLOG _CHECK_ERRORLOG
mv tmp_config.sh config.sh mv tmp_config config
# Move private key and add new location to config # Move private key and add new location to config
mv private_key.pem account_key.pem mv private_key.pem account_key.pem
echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh echo 'PRIVATE_KEY="./account_key.pem"' >> config
# Add third domain to command-lime, should force renewal. # Add third domain to command-lime, should force renewal.
_TEST "Run in cron mode again, this time adding third domain, should force renewal." _TEST "Run in cron mode again, this time adding third domain, should force renewal."
@@ -161,7 +161,7 @@ _CHECK_LOG "Skipping renew"
_CHECK_ERRORLOG _CHECK_ERRORLOG
# Disable private key renew # Disable private key renew
echo 'PRIVATE_KEY_RENEW="no"' >> config.sh echo 'PRIVATE_KEY_RENEW="no"' >> config
# Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key) # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key)
_TEST "Run in cron mode one last time, with domain in domains.txt and force-resign" _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
@@ -189,7 +189,7 @@ rm account_key.pem
# Check if renewal works # Check if renewal works
_TEST "Run in cron mode again, to check if renewal works" _TEST "Run in cron mode again, to check if renewal works"
echo 'RENEW_DAYS="300"' >> config.sh echo 'RENEW_DAYS="300"' >> config
./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" ./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Renewing!" _CHECK_LOG "Renewing!"