add ca cert
parent
cd3cdb5453
commit
d4df6ad178
36
le.sh
36
le.sh
|
@ -3,22 +3,11 @@
|
||||||
|
|
||||||
WORKING_DIR=~/.le
|
WORKING_DIR=~/.le
|
||||||
|
|
||||||
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
|
|
||||||
|
|
||||||
CERT_KEY_PATH=$WORKING_DIR/domain.key
|
|
||||||
|
|
||||||
CSR_PATH=$WORKING_DIR/domain.csr
|
|
||||||
|
|
||||||
CERT_PATH=$WORKING_DIR/domain.cer
|
|
||||||
|
|
||||||
DOMAIN_CONF=$WORKING_DIR/domain.conf
|
|
||||||
|
|
||||||
CURL_HEADER=""
|
CURL_HEADER=""
|
||||||
|
|
||||||
HEADER=""
|
HEADER=""
|
||||||
HEADERPLACE=""
|
HEADERPLACE=""
|
||||||
|
|
||||||
ACCOUNT_EMAIL=""
|
ACCOUNT_EMAIL=""
|
||||||
|
|
||||||
DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
|
DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
|
||||||
|
|
||||||
API=$DEFAULT_CA
|
API=$DEFAULT_CA
|
||||||
|
@ -58,7 +47,7 @@ createAccountKey() {
|
||||||
echo Use default length 2048
|
echo Use default length 2048
|
||||||
length=2048
|
length=2048
|
||||||
fi
|
fi
|
||||||
|
_initpath
|
||||||
mkdir -p $WORKING_DIR
|
mkdir -p $WORKING_DIR
|
||||||
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
|
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
|
||||||
|
|
||||||
|
@ -85,7 +74,7 @@ createDomainKey() {
|
||||||
echo Use default length 2048
|
echo Use default length 2048
|
||||||
length=2048
|
length=2048
|
||||||
fi
|
fi
|
||||||
|
_initpath $domain
|
||||||
mkdir -p $WORKING_DIR/$domain
|
mkdir -p $WORKING_DIR/$domain
|
||||||
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
|
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
|
||||||
|
|
||||||
|
@ -185,10 +174,10 @@ _send_signed_request() {
|
||||||
_get() {
|
_get() {
|
||||||
url="$1"
|
url="$1"
|
||||||
_debug url $url
|
_debug url $url
|
||||||
response=$(curl --silent $url)
|
response="$(curl --silent $url)"
|
||||||
ret=$?
|
ret=$?
|
||||||
_debug response "$response"
|
_debug response "$response"
|
||||||
code=$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)
|
code="$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)"
|
||||||
_debug code $code
|
_debug code $code
|
||||||
return $ret
|
return $ret
|
||||||
}
|
}
|
||||||
|
@ -229,13 +218,13 @@ _initpath() {
|
||||||
|
|
||||||
mkdir -p $WORKING_DIR/$domain
|
mkdir -p $WORKING_DIR/$domain
|
||||||
|
|
||||||
|
|
||||||
CSR_PATH=$WORKING_DIR/$domain/$domain.csr
|
CSR_PATH=$WORKING_DIR/$domain/$domain.csr
|
||||||
|
|
||||||
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
|
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
|
||||||
|
|
||||||
CERT_PATH=$WORKING_DIR/$domain/$domain.cer
|
CERT_PATH=$WORKING_DIR/$domain/$domain.cer
|
||||||
|
|
||||||
|
CA_CERT_PATH=$WORKING_DIR/$domain/ca.cer
|
||||||
}
|
}
|
||||||
|
|
||||||
#issue webroot a.com [www.a.com,b.com,c.com] [key-length] [cert-file-path] [key-file-path] [reloadCmd]
|
#issue webroot a.com [www.a.com,b.com,c.com] [key-length] [cert-file-path] [key-file-path] [reloadCmd]
|
||||||
|
@ -423,7 +412,14 @@ issue() {
|
||||||
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
|
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
|
||||||
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer"
|
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer"
|
||||||
|
|
||||||
|
if [ "$Le_LinkIssuer" ] ; then
|
||||||
|
_get "$Le_LinkIssuer"
|
||||||
|
echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH
|
||||||
|
echo $response | base64 | sed "s/ /\n/g" >> $CA_CERT_PATH
|
||||||
|
echo -----END CERTIFICATE----- >> $CA_CERT_PATH
|
||||||
|
_info "The intermediate CA cert is in $CA_CERT_PATH"
|
||||||
|
fi
|
||||||
|
|
||||||
Le_CertCreateTime=$(date -u "+%s")
|
Le_CertCreateTime=$(date -u "+%s")
|
||||||
_setopt $DOMAIN_CONF "Le_CertCreateTime" "=" "$Le_CertCreateTime"
|
_setopt $DOMAIN_CONF "Le_CertCreateTime" "=" "$Le_CertCreateTime"
|
||||||
|
|
||||||
|
@ -468,8 +464,6 @@ issue() {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
renew() {
|
renew() {
|
||||||
Le_Domain="$1"
|
Le_Domain="$1"
|
||||||
if [ -z "$Le_Domain" ] ; then
|
if [ -z "$Le_Domain" ] ; then
|
||||||
|
|
Loading…
Reference in New Issue