diff --git a/cm.sh b/cm.sh
index 400039f5d9426224411dacb2c9708ac1194b1ffd..ca23ad58cf1c4e9c81300e22655025c25c2eb310 100755
--- a/cm.sh
+++ b/cm.sh
@@ -20,6 +20,7 @@
# 2021-03-22 <axel.hahn@iml.unibe.ch> for haproxy: use chained cert instead of server cert
# 2021-04-12 <axel.hahn@iml.unibe.ch> reject multiple usage of fqdn in cli params
# 2021-04-12 <axel.hahn@iml.unibe.ch> optional: force excecution with a given user only
+# 2021-06-24 <axel.hahn@iml.unibe.ch> added transfer command; delete files if acme.sh --install-cert ... failes
# ======================================================================
@@ -99,10 +100,14 @@ function _certTransfer(){
-d ${CM_fqdn} \
--cert-file ${CM_outfile_cert} \
--fullchain-file ${CM_outfile_chain} \
- --ca-file ${CM_outfile_ca} \
- || exit 1
- # --key-file ${CM_dircerts}/${CM_fqdn}.key.pem \
-
+ --ca-file ${CM_outfile_ca}
+ if [ $? -ne 0 ]; then
+ echo "ERROR occured during transfer. Removing files in ${CM_dircerts} to prevent strange effects..."
+ rm -f "${CM_dircerts}/*"
+ exit
+ fi
+ echo "OK."
+
_wd "--- copy key to ${CM_dircerts}"
cp ${CM_filekey} ${CM_outfile_key}
@@ -506,12 +511,22 @@ function public_show(){
echo CSR $CM_filecsr
openssl req -noout -text -in $CM_filecsr | grep -E "(Subject:|DNS:)" | sed "s#^\ *##g"
- echo $line
- echo Cert ${CM_outfile_cert}
- # openssl x509 -noout -text -in ${CM_outfile_cert}
- openssl x509 -noout -text -in ${CM_outfile_cert} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+ for myfile in ${CM_outfile_cert} ${CM_outfile_haproxy}
+ do
+ echo $line
+ echo Cert ${myfile}
+ # openssl x509 -noout -text -in ${CM_outfile_cert}
+ openssl x509 -noout -text -in ${myfile} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+ done
}
+# Transfer cert from acme.sh internal cache to our output dir again
+function public_transfer(){
+ _requiresFqdn
+ _certExists
+
+ _certTransfer
+}
# ----------------------------------------------------------------------
#
@@ -607,6 +622,10 @@ The ACTIONs for SINGLE certificate handlings are:
show place of csr + certificate data and show basic certificate data
(issuer, subject, aliases, ending date)
+ transfer FQDN
+ Transfer cert from acme.sh internal cache to our output dir again.
+ It is done during add or renew. With transfer command you can repeat it.
+
ACTIONs for ALL certs
list
@@ -627,4 +646,4 @@ EOF
fi
echo
-_testStaging
\ No newline at end of file
+_testStaging
diff --git a/readme.md b/readme.md
index 127e83296c26c982fea3155c50d5b812d54a17c3..554f6da90277e8dd2d339643c68ec8eed14b2000 100644
--- a/readme.md
+++ b/readme.md
@@ -42,10 +42,14 @@ A suggested structure is having acme.sh and this wrapper below the same parent d
## Usage
-Without any parameter it shows a help.
+### Selftest
Verify a new setup (or changes in the config) with ``./cm.sh selftest``.
+### Show help
+
+Without any parameter it shows a help.
+
```text
./cm.sh
@@ -96,6 +100,10 @@ The ACTIONs for SINGLE certificate handlings are:
show place of csr + certificate data and show basic certificate data
(issuer, subject, aliases, ending date)
+ transfer FQDN
+ Transfer cert from acme.sh internal cache to our output dir again.
+ It is done during add or renew. With transfer command you can repeat it.
+
ACTIONs for ALL certs
list