From 97d071c9df6e5614ee7fdd1d6d0edff6bb5e449f Mon Sep 17 00:00:00 2001
From: "Hahn Axel (hahn)" <axel.hahn@iml.unibe.ch>
Date: Wed, 10 Feb 2021 17:15:03 +0100
Subject: [PATCH] added public function renew-all
---
cm.sh | 86 ++++++++++++++++++++++++++++++++++++++-----------------
readme.md | 21 +++++++++++---
2 files changed, 77 insertions(+), 30 deletions(-)
diff --git a/cm.sh b/cm.sh
index 72c040a..dc1ce00 100755
--- a/cm.sh
+++ b/cm.sh
@@ -208,6 +208,23 @@ function _wd(){
test ${showdebug} && echo "DEBUG: $*"
}
+# set environment for a single certificate based on FQDN
+# param string FQDN
+function _setenv(){
+ CM_fqdn=$1
+ CM_filecsr="${CM_dircsr}/${CM_fqdn}.csr"
+ CM_filecnf="${CM_dircsr}/${CM_fqdn}.cnf"
+ CM_filekey="${CM_dircsr}/${CM_fqdn}.key"
+
+ CM_dircerts="${CM_diracme}/${CM_fqdn}"
+ CM_outfile_cert=${CM_dircerts}/${CM_fqdn}.cert.cer
+ CM_outfile_chain=${CM_dircerts}/${CM_fqdn}.fullchain.cer
+ CM_outfile_key=${CM_dircerts}/${CM_fqdn}.key.pem
+ CM_outfile_ca=${CM_dircerts}/${CM_fqdn}.ca.cer
+
+ # echo $CM_fqdn; set | grep "^CM_"; echo
+
+}
# ----------------------------------------------------------------------
#
# PUBLIC FUNCTIONS
@@ -251,10 +268,10 @@ function public_add-or-renew(){
_certExists
if [ $? -eq 0 ]; then
_wd "--- cert was found ... renew it (ignore --force - it comes from acme.sh)"
- public_renew
+ public_renew $*
else
_wd "--- cert does mot exist ... add it"
- public_add
+ public_add $*
fi
}
@@ -266,7 +283,7 @@ function public_delete(){
_certMustExist
# TODO: revoke it too??
- # $ACME --revoke -d ${CM_fqdn} || exit 2
+ # $ACME --revoke -d ${CM_fqdn}
_wd "--- delete ACME.SH data"
$ACME --remove -d ${CM_fqdn} $ACME_Params
@@ -297,9 +314,29 @@ function public_renew(){
_update "renewed ${CM_fqdn}"
}
+#
+# public function - renew al certificates (to be used in cronjon)
+# no params
+function public_renew-all(){
+
+ _listCerts | sed -n '2,$p' | awk '{ print $1 }' | while read mydomain
+ do
+ _wd "--- renew $mydomain"
+ _setenv ${mydomain}
+ $ACME --renew -d ${CM_fqdn} $ACME_Params
+ if [ $? -eq 0 ]; then
+ _certTransfer
+ _certMatching
+ _update "renewed ${CM_fqdn}"
+ fi
+
+ done
+
+}
+
#
# list existing certs
-# param string fqdn of domain to renew
+# no params
function public_show(){
_requiresFqdn
_certMustExist
@@ -347,15 +384,15 @@ fi
_testStaging
+test -z "${CM_diracme}" && CM_diracme=./certs
+test -z "${CM_dircsr}" && CM_dircsr=./csr
+
grep "function\ public_$1" $0 >/dev/null
if [ $# -gt 0 -a $? -eq 0 ]; then
# _wd $*
action=$1
CM_fqdn=$2
shift 2
-
- test -z "${CM_diracme}" && CM_diracme=./certs
- test -z "${CM_dircsr}" && CM_dircsr=./csr
test -z "${ACME}" && ACME=$( which acme.sh )
if [ ! -x "${ACME}" ]; then
@@ -363,17 +400,7 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
exit 1
fi
- CM_filecsr="${CM_dircsr}/${CM_fqdn}.csr"
- CM_filecnf="${CM_dircsr}/${CM_fqdn}.cnf"
- CM_filekey="${CM_dircsr}/${CM_fqdn}.key"
-
- CM_dircerts="${CM_diracme}/${CM_fqdn}"
- CM_outfile_cert=${CM_dircerts}/${CM_fqdn}.cert.cer
- CM_outfile_chain=${CM_dircerts}/${CM_fqdn}.fullchain.cer
- CM_outfile_key=${CM_dircerts}/${CM_fqdn}.key.pem
- CM_outfile_ca=${CM_dircerts}/${CM_fqdn}.ca.cer
-
- # echo $CM_fqdn; set | grep "^CM_"; echo
+ _setenv $CM_fqdn
_wd "A C T I O N -->> $action <<--"
eval "public_$action $*"
@@ -384,38 +411,45 @@ else
HELP
The basic syntax is
-$self ACTION [FQDN]
+$self ACTION [FQDN] [ALIAS_1 [.. ALIAS_N]]
-The ACTIONs for single certificate handlings are:
+The ACTIONs for SINGLE certificate handlings are:
add FQDN [.. FQDN-N]
create new certificate
The first FQDN is a hostname to generate the certificate for.
Following multiple hostnames will be used as DNS aliases in the
same certificate.
+ It updates files in ${CM_diracme}
add-or-renew FQDN [.. FQDN-N]
This param is for automation tools like Ansible or Puppet.
- It checks if the certificate for first (*) FQDN exists.
- If not: add a new cert (see "add").
- If so: call renew action (see "renew")
+ It checks if the certificate for first (*) FQDN exists.
+ If not: add a new cert (see "add").
+ If so: call renew action (see "renew")
- (*) it doesn't verify the DNS aliases
+ (*) it doesn't verify the DNS aliases
delete FQDN
- delete a given certificate
+ delete all files of a given certificate
renew FQDN
renew (an already added) certificate
+ and update files in ${CM_diracme}
show FQDN
show place of csr + certificate data and show certificate
-ACTIONs for all certs
+ACTIONs for ALL certs
list
list all certificates including creation and renew date
+ renew-all
+ renew all certificates (fast mode - without --force)
+ and update files in ${CM_diracme}
+ It is useful for a cronjob
+
EOF
fi
diff --git a/readme.md b/readme.md
index 368e547..14a6b8f 100644
--- a/readme.md
+++ b/readme.md
@@ -29,19 +29,23 @@ _______________________________________________________________________________
_______________________________________________________________________________
+DEBUG: Using LE STAGE environment ...
+DEBUG: You can test and mess around. Do not use certs in production.
+
HELP
The basic syntax is
-cm.sh ACTION [FQDN]
+cm.sh ACTION [FQDN] [ALIAS_1 [.. ALIAS_N]]
-The ACTIONs for single certificate handlings are:
+The ACTIONs for SINGLE certificate handlings are:
add FQDN [.. FQDN-N]
create new certificate
The first FQDN is a hostname to generate the certificate for.
Following multiple hostnames will be used as DNS aliases in the
same certificate.
+ It updates files in ./certs
add-or-renew FQDN [.. FQDN-N]
This param is for automation tools like Ansible or Puppet.
@@ -52,17 +56,26 @@ The ACTIONs for single certificate handlings are:
(*) it doesn't verify the DNS aliases
delete FQDN
- delete a given certificate
+ delete all files of a given certificate
renew FQDN
renew (an already added) certificate
+ and update files in ./certs
show FQDN
show place of csr + certificate data and show certificate
-ACTIONs for all certs
+ACTIONs for ALL certs
list
list all certificates including creation and renew date
+ renew-all
+ renew all certificates (fast mode - without --force)
+ and update files in ./certs
+
+
+DEBUG: Using LE STAGE environment ...
+DEBUG: You can test and mess around. Do not use certs in production.
+
```
--
GitLab