From 351bbe377f671a8e399680da64648856a1fa7a9d Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@iml.unibe.ch>
Date: Thu, 24 Jun 2021 17:59:16 +0200
Subject: [PATCH] added transfer command; delete files if acme.sh
--install-cert ... failes
---
cm.sh | 37 ++++++++++++++++++++++++++++---------
readme.md | 10 +++++++++-
2 files changed, 37 insertions(+), 10 deletions(-)
diff --git a/cm.sh b/cm.sh
index 400039f..ca23ad5 100755
--- a/cm.sh
+++ b/cm.sh
@@ -20,6 +20,7 @@
# 2021-03-22 <axel.hahn@iml.unibe.ch> for haproxy: use chained cert instead of server cert
# 2021-04-12 <axel.hahn@iml.unibe.ch> reject multiple usage of fqdn in cli params
# 2021-04-12 <axel.hahn@iml.unibe.ch> optional: force excecution with a given user only
+# 2021-06-24 <axel.hahn@iml.unibe.ch> added transfer command; delete files if acme.sh --install-cert ... failes
# ======================================================================
@@ -99,10 +100,14 @@ function _certTransfer(){
-d ${CM_fqdn} \
--cert-file ${CM_outfile_cert} \
--fullchain-file ${CM_outfile_chain} \
- --ca-file ${CM_outfile_ca} \
- || exit 1
- # --key-file ${CM_dircerts}/${CM_fqdn}.key.pem \
-
+ --ca-file ${CM_outfile_ca}
+ if [ $? -ne 0 ]; then
+ echo "ERROR occured during transfer. Removing files in ${CM_dircerts} to prevent strange effects..."
+ rm -f "${CM_dircerts}/*"
+ exit
+ fi
+ echo "OK."
+
_wd "--- copy key to ${CM_dircerts}"
cp ${CM_filekey} ${CM_outfile_key}
@@ -506,12 +511,22 @@ function public_show(){
echo CSR $CM_filecsr
openssl req -noout -text -in $CM_filecsr | grep -E "(Subject:|DNS:)" | sed "s#^\ *##g"
- echo $line
- echo Cert ${CM_outfile_cert}
- # openssl x509 -noout -text -in ${CM_outfile_cert}
- openssl x509 -noout -text -in ${CM_outfile_cert} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+ for myfile in ${CM_outfile_cert} ${CM_outfile_haproxy}
+ do
+ echo $line
+ echo Cert ${myfile}
+ # openssl x509 -noout -text -in ${CM_outfile_cert}
+ openssl x509 -noout -text -in ${myfile} | grep -E "(Issuer:|Subject:|Not\ |DNS:)"| sed "s#^\ *##g"
+ done
}
+# Transfer cert from acme.sh internal cache to our output dir again
+function public_transfer(){
+ _requiresFqdn
+ _certExists
+
+ _certTransfer
+}
# ----------------------------------------------------------------------
#
@@ -607,6 +622,10 @@ The ACTIONs for SINGLE certificate handlings are:
show place of csr + certificate data and show basic certificate data
(issuer, subject, aliases, ending date)
+ transfer FQDN
+ Transfer cert from acme.sh internal cache to our output dir again.
+ It is done during add or renew. With transfer command you can repeat it.
+
ACTIONs for ALL certs
list
@@ -627,4 +646,4 @@ EOF
fi
echo
-_testStaging
\ No newline at end of file
+_testStaging
diff --git a/readme.md b/readme.md
index 127e832..554f6da 100644
--- a/readme.md
+++ b/readme.md
@@ -42,10 +42,14 @@ A suggested structure is having acme.sh and this wrapper below the same parent d
## Usage
-Without any parameter it shows a help.
+### Selftest
Verify a new setup (or changes in the config) with ``./cm.sh selftest``.
+### Show help
+
+Without any parameter it shows a help.
+
```text
./cm.sh
@@ -96,6 +100,10 @@ The ACTIONs for SINGLE certificate handlings are:
show place of csr + certificate data and show basic certificate data
(issuer, subject, aliases, ending date)
+ transfer FQDN
+ Transfer cert from acme.sh internal cache to our output dir again.
+ It is done during add or renew. With transfer command you can repeat it.
+
ACTIONs for ALL certs
list
--
GitLab