Skip to content
Snippets Groups Projects
Commit b6fcb9b6 authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

csr dir can be configured too

parent 83a55965
No related branches found
No related tags found
No related merge requests found
certs/*
csr/* csr/*
log/* log/*
inc_config.sh inc_config.sh
......
...@@ -55,7 +55,7 @@ function _certMustNotExist(){ ...@@ -55,7 +55,7 @@ function _certMustNotExist(){
} }
# internal function: transfer generated/ updated cert data to a # internal function: transfer generated/ updated cert data to a
# known directory (based on ACME_Outdir - see inc_config.sh) # known directory (based on CM_diracme - see inc_config.sh)
# used in public_add and public_renew # used in public_add and public_renew
function _certTransfer(){ function _certTransfer(){
_wd "--- acme internal data" _wd "--- acme internal data"
...@@ -115,6 +115,7 @@ function _gencsr(){ ...@@ -115,6 +115,7 @@ function _gencsr(){
_wd "DNS alternative names: $altdns" _wd "DNS alternative names: $altdns"
rm -f $CM_filecnf $CM_filekey $CM_filecsr rm -f $CM_filecnf $CM_filekey $CM_filecsr
mkdir -p "${CM_dircsr}" 2>/dev/null
cat ./templates/csr.txt \ cat ./templates/csr.txt \
| sed "s#__FQDN__#$CM_fqdn#g" \ | sed "s#__FQDN__#$CM_fqdn#g" \
...@@ -171,7 +172,7 @@ function public_add(){ ...@@ -171,7 +172,7 @@ function public_add(){
mkdir -p "${CM_dircerts}" 2>/dev/null mkdir -p "${CM_dircerts}" 2>/dev/null
# _wd "--- domains in csr" # _wd "--- domains in csr"
./acme.sh/acme.sh --showcsr --csr $CM_filecsr || exit 1 $ACME --showcsr --csr $CM_filecsr || exit 1
_wd "--- create certificate" _wd "--- create certificate"
$ACME --signcsr --force --csr $CM_filecsr $ACME_Params || exit 1 $ACME --signcsr --force --csr $CM_filecsr $ACME_Params || exit 1
...@@ -271,18 +272,21 @@ if [ $# -gt 0 -a $? -eq 0 ]; then ...@@ -271,18 +272,21 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
action=$1 action=$1
CM_fqdn=$2 CM_fqdn=$2
shift 2 shift 2
test -z "${ACME_Outdir}" && ACME_Outdir=./certs
test -z "${CM_diracme}" && CM_diracme=./certs
test -z "${CM_dircsr}" && CM_dircsr=./csr
test -z "${ACME}" && ACME=$( which acme.sh ) test -z "${ACME}" && ACME=$( which acme.sh )
if [ ! -x "${ACME}" ]; then if [ ! -x "${ACME}" ]; then
echo "ERROR: acme.sh not found. You need to install acme.sh client and configure it in inc_config.sh." echo "ERROR: acme.sh not found. You need to install acme.sh client and configure it in inc_config.sh."
exit 1 exit 1
fi fi
CM_filecsr="./csr/${CM_fqdn}.csr" CM_filecsr="${CM_dircsr}/${CM_fqdn}.csr"
CM_filecnf="./csr/${CM_fqdn}.cnf" CM_filecnf="${CM_dircsr}/${CM_fqdn}.cnf"
CM_filekey="./csr/${CM_fqdn}.key" CM_filekey="${CM_dircsr}/${CM_fqdn}.key"
CM_dircerts="${ACME_Outdir}/${CM_fqdn}" CM_dircerts="${CM_diracme}/${CM_fqdn}"
# echo $CM_fqdn # echo $CM_fqdn
# set | grep "^CM_" # set | grep "^CM_"
...@@ -298,24 +302,27 @@ HELP ...@@ -298,24 +302,27 @@ HELP
The basic syntax is The basic syntax is
$self ACTION [FQDN] $self ACTION [FQDN]
The ACTIONs are: The ACTIONs for single certificate handlings are:
add FQDN [.. FQDN-N] add FQDN [.. FQDN-N]
create new certificate ... or force it create new certificate ... or force it
The first FQDN is a hostname to generate the certificate for. The first FQDN is a hostname to generate the certificate for.
Following hostnames will be used as DNS aliases in the same certificate. Following multiple hostnames will be used as DNS aliases in the
same certificate.
delete FQDN delete FQDN
delete a given certificate delete a given certificate
list
list all certificates including creation and renew date
renew FQDN renew FQDN
renew (an already added) certificate renew (an already added) certificate
show FQDN show FQDN
show place of csr + certificate data and show certificate show place of csr + certificate data and show certificate
ACTIONs for all certs
list
list all certificates including creation and renew date
EOF EOF
fi fi
...@@ -30,7 +30,9 @@ export ACME=../acme.sh/acme.sh ...@@ -30,7 +30,9 @@ export ACME=../acme.sh/acme.sh
# export ACME_Params="$ACME_Params --staging" # export ACME_Params="$ACME_Params --staging"
# where to write certificate data # where to write certificate data
# export ACME_Outdir="./certs" # export CM_diracme="./certs"
# place for cnf + csr files
# export CM_dircsr="./csr"
# ---------------------------------------------------------------------- # ----------------------------------------------------------------------
...@@ -9,13 +9,13 @@ source: https://git-repo.iml.unibe.ch/open-source/iml-certman ...@@ -9,13 +9,13 @@ source: https://git-repo.iml.unibe.ch/open-source/iml-certman
* Install acme.sh client: https://github.com/acmesh-official/acme.sh * Install acme.sh client: https://github.com/acmesh-official/acme.sh
* Clone or extract files of iml-certman * Clone or extract files of iml-certman
* Make your changes by copying *dist files to file without ".dist" extension and edit * Make your changes by copying *dist files to file without ".dist" extension and edit
+ inc_config.sh * inc_config.sh
- set credentials for dns api * set credentials for dns api
- set path to acme.sh script * set path to acme.sh script
- optional: set custom target for generated certificates * optional: set custom target for generated certificates
- optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests * optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
+ templates/csr.txt * templates/csr.txt
- set location, company and department * set location, company and department
## Usage ## Usage
...@@ -35,24 +35,27 @@ HELP ...@@ -35,24 +35,27 @@ HELP
The basic syntax is The basic syntax is
cm.sh ACTION [FQDN] cm.sh ACTION [FQDN]
The ACTIONs are: The ACTIONs for single certificate handlings are:
add FQDN [.. FQDN-N] add FQDN [.. FQDN-N]
create new certificate ... or force it create new certificate ... or force it
The first FQDN is a hostname to generate the certificate for. The first FQDN is a hostname to generate the certificate for.
Following hostnames will be used as DNS aliases in the same certificate. Following multiple hostnames will be used as DNS aliases in the
same certificate.
delete FQDN delete FQDN
delete a given certificate delete a given certificate
list
list all certificates including creation and renew date
renew FQDN renew FQDN
renew (an already added) certificate renew (an already added) certificate
show FQDN show FQDN
show place of csr + certificate data and show certificate show place of csr + certificate data and show certificate
ACTIONs for all certs
list
list all certificates including creation and renew date
``` ```
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment