starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-11 22:30:44 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

Checking domain name of existing cert may fail #115

New Issue
Closed
opened 2025-12-29 00:25:10 +01:00 by adam · 1 comment
adam commented 2025-12-29 00:25:10 +01:00
Owner
Copy Link

Originally created by @jlesage on GitHub (Jun 27, 2016).

I have a scenario where, during server deployment, ${CERTDIR}/${domain}/cert.pem is pointing to a self-signed certificate. This is done to make sure applications won't complain about missing certificate if letsencrypt.sh didn't ran yet.

When running letsencrypt.sh in this scenario, the script fails because the existing certificate doesn't contains the string DNS:.

The problem is with the following line:

certnames="$(openssl x509 -in "${cert}" -text -noout | grep DNS: | _sed 's/DNS://g' | tr -d ' ' | tr ',' '\n' | sort -u | tr '\n' ' ' | _sed 's/ $//')"

I guess that not finding the DNS: string should not be considered as an error and should force a renew.

Originally created by @jlesage on GitHub (Jun 27, 2016). I have a scenario where, during server deployment, ${CERTDIR}/${domain}/cert.pem is pointing to a self-signed certificate. This is done to make sure applications won't complain about missing certificate if letsencrypt.sh didn't ran yet. When running letsencrypt.sh in this scenario, the script fails because the existing certificate doesn't contains the string `DNS:`. The problem is with the following line: ``` certnames="$(openssl x509 -in "${cert}" -text -noout | grep DNS: | _sed 's/DNS://g' | tr -d ' ' | tr ',' '\n' | sort -u | tr '\n' ' ' | _sed 's/ $//')" ``` I guess that not finding the `DNS:` string should not be considered as an error and should force a renew.
adam closed this issue 2025-12-29 00:25:10 +01:00
adam commented 2025-12-29 00:25:11 +01:00
Author
Owner
Copy Link

@lukas2511 commented on GitHub (Jan 30, 2017):

Not going to fix this, if this is really necessary I suggest putting your certificate in fullchain.pem, as that is what you'd want to use later anyway and the script should work fine that way.

@lukas2511 commented on GitHub (Jan 30, 2017): Not going to fix this, if this is really necessary I suggest putting your certificate in fullchain.pem, as that is what you'd want to use later anyway and the script should work fine that way.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#115
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?