starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-04-11 03:06:49 +02:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

fixed a few things after project rename

Browse Source
This commit is contained in:
Lukas Schauer
2016-09-13 19:57:14 +02:00
parent 0ae567aced
commit ec49a4433b
9 changed files with 24 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -1,5 +1,5 @@
# Change Log # Change Log
This file contains a log of major changes in dehydrated.sh This file contains a log of major changes in dehydrated
## [x.x.x] - xxxx-xx-xx ## [x.x.x] - xxxx-xx-xx
## Changed ## Changed
@@ -7,7 +7,7 @@ This file contains a log of major changes in dehydrated.sh
## [0.3.1] - 2016-09-13 ## [0.3.1] - 2016-09-13
## Changed ## Changed
- Renamed project to `dehydrated` and main script to `dehydrated.sh`. - Renamed project to `dehydrated`.
- Default WELLKNOWN location is now `/var/www/dehydrated` - Default WELLKNOWN location is now `/var/www/dehydrated`
- Config location is renamed to `dehydrated` (e.g. `/etc/dehydrated`) - Config location is renamed to `dehydrated` (e.g. `/etc/dehydrated`)

2
README.md
View File

@@ -30,7 +30,7 @@ If you have any problems take a look at our [Troubleshooting](docs/troubleshooti
## Usage: ## Usage:
```text ```text
Usage: ./dehydrated.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... Usage: ./dehydrated [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
Default command: help Default command: help

8
dehydrated.sh → dehydrated
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# dehydrated.sh by lukas2511 # dehydrated by lukas2511
# Source: https://github.com/lukas2511/dehydrated # Source: https://github.com/lukas2511/dehydrated
# #
# This script is licensed under The MIT License (see LICENSE for more information). # This script is licensed under The MIT License (see LICENSE for more information).
@@ -25,7 +25,7 @@ BASEDIR="${SCRIPTDIR}"
# Create (identifiable) temporary files # Create (identifiable) temporary files
_mktemp() { _mktemp() {
# shellcheck disable=SC2068 # shellcheck disable=SC2068
mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated.sh-XXXXXX" mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated-XXXXXX"
} }
# Check for script dependencies # Check for script dependencies
@@ -94,7 +94,7 @@ verify_config() {
load_config() { load_config() {
# Check for config in various locations # Check for config in various locations
if [[ -z "${CONFIG:-}" ]]; then if [[ -z "${CONFIG:-}" ]]; then
for check_config in "/etc/dehydrated.sh" "/usr/local/etc/dehydrated.sh" "${PWD}" "${SCRIPTDIR}"; do for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
if [[ -f "${check_config}/config" ]]; then if [[ -f "${check_config}/config" ]]; then
BASEDIR="${check_config}" BASEDIR="${check_config}"
CONFIG="${check_config}/config" CONFIG="${check_config}/config"
@@ -924,7 +924,7 @@ command_help() {
# Usage: --env (-e) # Usage: --env (-e)
# Description: Output configuration variables for use in other scripts # Description: Output configuration variables for use in other scripts
command_env() { command_env() {
echo "# dehydrated.sh configuration" echo "# dehydrated configuration"
load_config load_config
typeset -p CA LICENSE CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE typeset -p CA LICENSE CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
} }

2
docs/domains_txt.md
View File

@@ -1,6 +1,6 @@
### domains.txt ### domains.txt
dehydrated.sh uses the file `domains.txt` as configuration for which certificates should be requested. dehydrated uses the file `domains.txt` as configuration for which certificates should be requested.
The file should have the following format: The file should have the following format:

2
docs/examples/config
View File

@@ -1,5 +1,5 @@
######################################################## ########################################################
# This is the main config file for dehydrated.sh # # This is the main config file for dehydrated #
# # # #
# This file is looked for in the following locations: # # This file is looked for in the following locations: #
# $SCRIPTDIR/config (next to this script) # # $SCRIPTDIR/config (next to this script) #

2
docs/per-certificate-config.md
View File

@@ -1,6 +1,6 @@
# Config on per-certificate base # Config on per-certificate base
dehydrated.sh allows a few configuration variables to be set on a per-certificate base. dehydrated allows a few configuration variables to be set on a per-certificate base.
To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`). To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`).

4
docs/troubleshooting.md
View File

@@ -6,7 +6,7 @@ Generally if the following information doesn't provide a solution to your proble
You probably changed from staging-CA to production-CA (or the other way). You probably changed from staging-CA to production-CA (or the other way).
Currently dehydrated.sh doesn't detect a missing registration on the selected CA, Currently dehydrated doesn't detect a missing registration on the selected CA,
the current workaround is to move `private_key.pem` (and, if you care, `private_key.json`) out of the way so the scripts generates and registers a new one. the current workaround is to move `private_key.pem` (and, if you care, `private_key.json`) out of the way so the scripts generates and registers a new one.
This will hopefully be fixed in the future. This will hopefully be fixed in the future.
@@ -19,7 +19,7 @@ LICENSE1 and LICENSE2 are just placeholders for the real values in this troubles
## "Error creating new cert :: Too many certificates already issued for: [...]" ## "Error creating new cert :: Too many certificates already issued for: [...]"
This is not an issue with dehydrated.sh but an API limit with boulder (the ACME server). This is not an issue with dehydrated but an API limit with boulder (the ACME server).
At the time of writing this you can only create 5 certificates per domain in a sliding window of 7 days. At the time of writing this you can only create 5 certificates per domain in a sliding window of 7 days.

2
docs/wellknown.md
View File

@@ -5,7 +5,7 @@ It will do that for any (sub-)domain you want to sign a certificate for.
At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!). At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!).
dehydrated.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. dehydrated has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`.
If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below. If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below.

22
test.sh
View File

@@ -84,7 +84,7 @@ TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':'
TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)" TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)"
TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)" TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)"
if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then
echo "Couldn't get an url from ngrok, not a dehydrated.sh bug, tests can't continue." echo "Couldn't get an url from ngrok, not a dehydrated bug, tests can't continue."
exit 1 exit 1
fi fi
@@ -104,7 +104,7 @@ touch domains.txt
# Check if help command is working # Check if help command is working
_TEST "Checking if help command is working..." _TEST "Checking if help command is working..."
./dehydrated.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --help > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Default command: help" _CHECK_LOG "Default command: help"
_CHECK_LOG "--help (-h)" _CHECK_LOG "--help (-h)"
_CHECK_LOG "--domain (-d) domain.tld" _CHECK_LOG "--domain (-d) domain.tld"
@@ -112,7 +112,7 @@ _CHECK_ERRORLOG
# Run in cron mode with empty domains.txt (should only generate private key and exit) # Run in cron mode with empty domains.txt (should only generate private key and exit)
_TEST "First run in cron mode, checking if private key is generated and registered" _TEST "First run in cron mode, checking if private key is generated and registered"
./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Registering account key" _CHECK_LOG "Registering account key"
_CHECK_FILE accounts/*/account_key.pem _CHECK_FILE accounts/*/account_key.pem
_CHECK_ERRORLOG _CHECK_ERRORLOG
@@ -120,7 +120,7 @@ _CHECK_ERRORLOG
# Temporarily move config out of the way and try signing certificate by using temporary config location # Temporarily move config out of the way and try signing certificate by using temporary config location
_TEST "Try signing using temporary config location and with domain as command line parameter" _TEST "Try signing using temporary config location and with domain as command line parameter"
mv config tmp_config mv config tmp_config
./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_NOT_LOG "Checking domain name(s) of existing cert" _CHECK_NOT_LOG "Checking domain name(s) of existing cert"
_CHECK_LOG "Generating private key" _CHECK_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}" _CHECK_LOG "Requesting challenge for ${TMP_URL}"
@@ -133,7 +133,7 @@ mv tmp_config config
# Add third domain to command-lime, should force renewal. # Add third domain to command-lime, should force renewal.
_TEST "Run in cron mode again, this time adding third domain, should force renewal." _TEST "Run in cron mode again, this time adding third domain, should force renewal."
./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Domain name(s) are not matching!" _CHECK_LOG "Domain name(s) are not matching!"
_CHECK_LOG "Forcing renew." _CHECK_LOG "Forcing renew."
_CHECK_LOG "Generating private key" _CHECK_LOG "Generating private key"
@@ -151,7 +151,7 @@ echo "${TMP_URL} ${TMP2_URL} $(tr 'a-z' 'A-Z' <<<"${TMP3_URL}")" >> domains.txt
# Run in cron mode again (should find a non-expiring certificate and do nothing) # Run in cron mode again (should find a non-expiring certificate and do nothing)
_TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate" _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Skipping renew" _CHECK_LOG "Skipping renew"
_CHECK_ERRORLOG _CHECK_ERRORLOG
@@ -161,7 +161,7 @@ echo 'PRIVATE_KEY_RENEW="no"' >> config
# Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key) # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key)
_TEST "Run in cron mode one last time, with domain in domains.txt and force-resign" _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
./dehydrated.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Ignoring because renew was forced!" _CHECK_LOG "Ignoring because renew was forced!"
_CHECK_NOT_LOG "Generating private key" _CHECK_NOT_LOG "Generating private key"
@@ -175,7 +175,7 @@ _CHECK_ERRORLOG
# Check if signcsr command is working # Check if signcsr command is working
_TEST "Running signcsr command" _TEST "Running signcsr command"
./dehydrated.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "BEGIN CERTIFICATE" _CHECK_LOG "BEGIN CERTIFICATE"
_CHECK_LOG "END CERTIFICATE" _CHECK_LOG "END CERTIFICATE"
_CHECK_NOT_LOG "ERROR" _CHECK_NOT_LOG "ERROR"
@@ -183,7 +183,7 @@ _CHECK_NOT_LOG "ERROR"
# Check if renewal works # Check if renewal works
_TEST "Run in cron mode again, to check if renewal works" _TEST "Run in cron mode again, to check if renewal works"
echo 'RENEW_DAYS="300"' >> config echo 'RENEW_DAYS="300"' >> config
./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Renewing!" _CHECK_LOG "Renewing!"
_CHECK_ERRORLOG _CHECK_ERRORLOG
@@ -202,7 +202,7 @@ _CHECK_ERRORLOG
# Revoke certificate using certificate key # Revoke certificate using certificate key
_TEST "Revoking certificate..." _TEST "Revoking certificate..."
./dehydrated.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")" REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
_CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}" _CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
_CHECK_LOG "Done." _CHECK_LOG "Done."
@@ -211,7 +211,7 @@ _CHECK_ERRORLOG
# Test cleanup command # Test cleanup command
_TEST "Cleaning up certificates" _TEST "Cleaning up certificates"
./dehydrated.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed" ./dehydrated --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/cert-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/cert-"
_CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/chain-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/chain-"
_CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/fullchain-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/fullchain-"