added transfer command; delete files if acme.sh --install-cert ... failes

351bbe37 · Hahn Axel (hahn) · beda3030 · 351bbe37 · 351bbe37
Commit 351bbe37 authored 3 years ago by Hahn Axel (hahn)
--- a/cm.sh
+++ b/cm.sh
@@ -20,6 +20,7 @@
 # 2021-03-22  <axel.hahn@iml.unibe.ch>  for haproxy: use chained cert instead of server cert
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  reject multiple usage of fqdn in cli params
 # 2021-04-12  <axel.hahn@iml.unibe.ch>  optional: force excecution with a given user only
+# 2021-06-24  <axel.hahn@iml.unibe.ch>  added transfer command; delete files if acme.sh --install-cert ... failes
 # ======================================================================
@@ -99,10 +100,14 @@ function _certTransfer(){
 		-d ${CM_fqdn} \
 		--cert-file       ${CM_outfile_cert}  \
 		--fullchain-file  ${CM_outfile_chain} \
-		--ca-file         ${CM_outfile_ca} \
+		--ca-file         ${CM_outfile_ca}
-		|| exit 1
+    if [ $? -ne 0 ]; then
-		# --key-file        ${CM_dircerts}/${CM_fqdn}.key.pem  \
+        echo "ERROR occured during transfer. Removing files in ${CM_dircerts} to prevent strange effects..."
+        rm -f "${CM_dircerts}/*"
+        exit
+    fi
+	echo "OK."
 	_wd "--- copy key to ${CM_dircerts}"
 	cp ${CM_filekey} ${CM_outfile_key}
@@ -506,12 +511,22 @@ function public_show(){
 	echo CSR $CM_filecsr
 	openssl req -noout -text -in $CM_filecsr | grep -E "(Subject:|DNS:)" | sed "s#^\ *##g"
-	echo $line
+	for myfile in ${CM_outfile_cert} ${CM_outfile_haproxy}
-	echo Cert ${CM_outfile_cert}
+	do
-	# openssl x509 -noout -text -in ${CM_outfile_cert}
+        echo $line
-	openssl x509 -noout -text -in ${CM_outfile_cert} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+        echo Cert ${myfile}
+        # openssl x509 -noout -text -in ${CM_outfile_cert}
+        openssl x509 -noout -text -in ${myfile} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+    done
 }
+# Transfer cert from acme.sh internal cache to our output dir again
+function public_transfer(){
+	_requiresFqdn
+	_certExists
+	_certTransfer
+}
 # ----------------------------------------------------------------------
 #
@@ -607,6 +622,10 @@ The ACTIONs for SINGLE certificate handlings are:
                show place of csr + certificate data and show basic certificate data
                (issuer, subject, aliases, ending date)
+        transfer FQDN
+                Transfer cert from acme.sh internal cache to our output dir again.
+                It is done during add or renew. With transfer command you can repeat it.
 ACTIONs for ALL certs
        list
@@ -627,4 +646,4 @@ EOF
 fi
 echo
 _testStaging
\ No newline at end of file
--- a/readme.md
+++ b/readme.md
@@ -42,10 +42,14 @@ A suggested structure is having acme.sh and this wrapper below the same parent d
 ## Usage
-Without any parameter it shows a help.
+### Selftest
 Verify a new setup (or changes in the config) with ``./cm.sh selftest``.
+### Show help
+Without any parameter it shows a help.
 ```text
 ./cm.sh 
@@ -96,6 +100,10 @@ The ACTIONs for SINGLE certificate handlings are:
                show place of csr + certificate data and show basic certificate data
                (issuer, subject, aliases, ending date)
+        transfer FQDN
+                Transfer cert from acme.sh internal cache to our output dir again.
+                It is done during add or renew. With transfer command you can repeat it.
 ACTIONs for ALL certs
        list