diff --git a/.gitignore b/.gitignore
index 33c89b349ca094f7f23e19bb00d771f916500185..41d4031cf6513da12061fcbe4bbc012c5ec1b276 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
+certs/*
csr/*
log/*
inc_config.sh
diff --git a/cm.sh b/cm.sh
index b3a752c9fe3ed4d38db10a7a017b11ade72af35f..fe63f57d7d3b3bf8d3dfe25c14aa11cdff4c8044 100755
--- a/cm.sh
+++ b/cm.sh
@@ -55,7 +55,7 @@ function _certMustNotExist(){
}
# internal function: transfer generated/ updated cert data to a
-# known directory (based on ACME_Outdir - see inc_config.sh)
+# known directory (based on CM_diracme - see inc_config.sh)
# used in public_add and public_renew
function _certTransfer(){
_wd "--- acme internal data"
@@ -115,6 +115,7 @@ function _gencsr(){
_wd "DNS alternative names: $altdns"
rm -f $CM_filecnf $CM_filekey $CM_filecsr
+ mkdir -p "${CM_dircsr}" 2>/dev/null
cat ./templates/csr.txt \
| sed "s#__FQDN__#$CM_fqdn#g" \
@@ -171,7 +172,7 @@ function public_add(){
mkdir -p "${CM_dircerts}" 2>/dev/null
# _wd "--- domains in csr"
- ./acme.sh/acme.sh --showcsr --csr $CM_filecsr || exit 1
+ $ACME --showcsr --csr $CM_filecsr || exit 1
_wd "--- create certificate"
$ACME --signcsr --force --csr $CM_filecsr $ACME_Params || exit 1
@@ -271,18 +272,21 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
action=$1
CM_fqdn=$2
shift 2
- test -z "${ACME_Outdir}" && ACME_Outdir=./certs
+
+ test -z "${CM_diracme}" && CM_diracme=./certs
+ test -z "${CM_dircsr}" && CM_dircsr=./csr
+
test -z "${ACME}" && ACME=$( which acme.sh )
if [ ! -x "${ACME}" ]; then
echo "ERROR: acme.sh not found. You need to install acme.sh client and configure it in inc_config.sh."
exit 1
fi
- CM_filecsr="./csr/${CM_fqdn}.csr"
- CM_filecnf="./csr/${CM_fqdn}.cnf"
- CM_filekey="./csr/${CM_fqdn}.key"
+ CM_filecsr="${CM_dircsr}/${CM_fqdn}.csr"
+ CM_filecnf="${CM_dircsr}/${CM_fqdn}.cnf"
+ CM_filekey="${CM_dircsr}/${CM_fqdn}.key"
- CM_dircerts="${ACME_Outdir}/${CM_fqdn}"
+ CM_dircerts="${CM_diracme}/${CM_fqdn}"
# echo $CM_fqdn
# set | grep "^CM_"
@@ -298,24 +302,27 @@ HELP
The basic syntax is
$self ACTION [FQDN]
-The ACTIONs are:
+The ACTIONs for single certificate handlings are:
- add FQDN [.. FQDN-N]
- create new certificate ... or force it
- The first FQDN is a hostname to generate the certificate for.
- Following hostnames will be used as DNS aliases in the same certificate.
-
- delete FQDN
- delete a given certificate
+ add FQDN [.. FQDN-N]
+ create new certificate ... or force it
+ The first FQDN is a hostname to generate the certificate for.
+ Following multiple hostnames will be used as DNS aliases in the
+ same certificate.
+
+ delete FQDN
+ delete a given certificate
+
+ renew FQDN
+ renew (an already added) certificate
- list
- list all certificates including creation and renew date
+ show FQDN
+ show place of csr + certificate data and show certificate
- renew FQDN
- renew (an already added) certificate
+ACTIONs for all certs
- show FQDN
- show place of csr + certificate data and show certificate
+ list
+ list all certificates including creation and renew date
EOF
fi
diff --git a/inc_config.sh.dist b/inc_config.sh.dist
index 0b40163672347d780f612aef3a2e3a131b7846f1..329204d09833d81e1bf08c773bc697ca14865ad3 100644
--- a/inc_config.sh.dist
+++ b/inc_config.sh.dist
@@ -30,7 +30,9 @@ export ACME=../acme.sh/acme.sh
# export ACME_Params="$ACME_Params --staging"
# where to write certificate data
-# export ACME_Outdir="./certs"
+# export CM_diracme="./certs"
+# place for cnf + csr files
+# export CM_dircsr="./csr"
# ----------------------------------------------------------------------
diff --git a/readme.md b/readme.md
index 395ca94778b2c072a675750b25e43084e613e7b6..a223cf82698522f359a328e0729c43ac17c4d77f 100644
--- a/readme.md
+++ b/readme.md
@@ -9,13 +9,13 @@ source: https://git-repo.iml.unibe.ch/open-source/iml-certman
* Install acme.sh client: https://github.com/acmesh-official/acme.sh
* Clone or extract files of iml-certman
* Make your changes by copying *dist files to file without ".dist" extension and edit
- + inc_config.sh
- - set credentials for dns api
- - set path to acme.sh script
- - optional: set custom target for generated certificates
- - optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
- + templates/csr.txt
- - set location, company and department
+ * inc_config.sh
+ * set credentials for dns api
+ * set path to acme.sh script
+ * optional: set custom target for generated certificates
+ * optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
+ * templates/csr.txt
+ * set location, company and department
## Usage
@@ -35,24 +35,27 @@ HELP
The basic syntax is
cm.sh ACTION [FQDN]
-The ACTIONs are:
+The ACTIONs for single certificate handlings are:
add FQDN [.. FQDN-N]
create new certificate ... or force it
The first FQDN is a hostname to generate the certificate for.
- Following hostnames will be used as DNS aliases in the same certificate.
+ Following multiple hostnames will be used as DNS aliases in the
+ same certificate.
delete FQDN
delete a given certificate
- list
- list all certificates including creation and renew date
-
renew FQDN
renew (an already added) certificate
show FQDN
show place of csr + certificate data and show certificate
+ACTIONs for all certs
+
+ list
+ list all certificates including creation and renew date
+
```