csr dir can be configured too

b6fcb9b6 · Hahn Axel (hahn) · 83a55965 · b6fcb9b6 · b6fcb9b6 · b6fcb9b6
Commit b6fcb9b6 authored 4 years ago by Hahn Axel (hahn)
--- a/.gitignore
+++ b/.gitignore
+certs/*
 csr/*
 log/*
 inc_config.sh

--- a/cm.sh
+++ b/cm.sh
@@ -55,7 +55,7 @@ function _certMustNotExist(){
 }

 # internal function: transfer generated/ updated cert data to a
-# known directory (based on ACME_Outdir - see inc_config.sh)
+# known directory (based on CM_diracme - see inc_config.sh)
 # used in public_add and public_renew
 function _certTransfer(){
 	_wd "--- acme internal data"
@@ -115,6 +115,7 @@ function _gencsr(){
 	_wd "DNS alternative names: $altdns"

 	rm -f $CM_filecnf $CM_filekey $CM_filecsr
+	mkdir -p "${CM_dircsr}" 2>/dev/null

 	cat ./templates/csr.txt \
 		| sed "s#__FQDN__#$CM_fqdn#g"  		\
@@ -171,7 +172,7 @@ function public_add(){
 	mkdir -p "${CM_dircerts}" 2>/dev/null

 	# _wd "--- domains in csr"
-	./acme.sh/acme.sh  --showcsr  --csr $CM_filecsr || exit 1
+	$ACME --showcsr  --csr $CM_filecsr || exit 1

 	_wd "--- create certificate"
 	$ACME --signcsr --force --csr $CM_filecsr $ACME_Params || exit 1
@@ -271,18 +272,21 @@ if [ $# -gt 0 -a $? -eq 0 ]; then
 	action=$1
 	CM_fqdn=$2
 	shift 2
-	test -z "${ACME_Outdir}" && ACME_Outdir=./certs
+	
+	test -z "${CM_diracme}" && CM_diracme=./certs
+	test -z "${CM_dircsr}"  && CM_dircsr=./csr
+
 	test -z "${ACME}" && ACME=$( which acme.sh )
 	if [ ! -x "${ACME}" ]; then
 		echo "ERROR: acme.sh not found. You need to install acme.sh client and configure it in inc_config.sh."
 		exit 1
 	fi

-	CM_filecsr="./csr/${CM_fqdn}.csr"
-	CM_filecnf="./csr/${CM_fqdn}.cnf"
-	CM_filekey="./csr/${CM_fqdn}.key"
+	CM_filecsr="${CM_dircsr}/${CM_fqdn}.csr"
+	CM_filecnf="${CM_dircsr}/${CM_fqdn}.cnf"
+	CM_filekey="${CM_dircsr}/${CM_fqdn}.key"

-	CM_dircerts="${ACME_Outdir}/${CM_fqdn}"
+	CM_dircerts="${CM_diracme}/${CM_fqdn}"

 	# echo $CM_fqdn
 	# set | grep "^CM_"
@@ -298,24 +302,27 @@ HELP
 The basic syntax is
 $self ACTION [FQDN]

-The ACTIONs are:
+The ACTIONs for single certificate handlings are:

-	add  FQDN [.. FQDN-N] 
-		create new certificate ... or force it
-		The first FQDN is a hostname to generate the certificate for. 
-		Following hostnames will be used as DNS aliases in the same certificate.
-	
-	delete FQDN
-		delete a given certificate
+        add  FQDN [.. FQDN-N] 
+                create new certificate ... or force it
+                The first FQDN is a hostname to generate the certificate for. 
+                Following multiple hostnames will be used as DNS aliases in the 
+                same certificate.
+
+        delete FQDN
+                delete a given certificate
+
+        renew FQDN
+                renew (an already added) certificate

-	list
-		list all certificates including creation and renew date
+        show FQDN
+                show place of csr + certificate data and show certificate

-	renew FQDN
-		renew (an already added) certificate
+ACTIONs for all certs

-	show FQDN
-		show place of csr + certificate data and show certificate
+        list
+                list all certificates including creation and renew date

 EOF
 fi
--- a/inc_config.sh.dist
+++ b/inc_config.sh.dist
@@ -30,7 +30,9 @@ export ACME=../acme.sh/acme.sh
 # export ACME_Params="$ACME_Params --staging"

 # where to write certificate data
-# export ACME_Outdir="./certs"
+# export CM_diracme="./certs"

+# place for cnf + csr files
+# export CM_dircsr="./csr"

 # ----------------------------------------------------------------------
--- a/readme.md
+++ b/readme.md
@@ -9,13 +9,13 @@ source: https://git-repo.iml.unibe.ch/open-source/iml-certman
 * Install acme.sh client: https://github.com/acmesh-official/acme.sh
 * Clone or extract files of iml-certman
 * Make your changes by copying *dist files to file without ".dist" extension and edit
-  + inc_config.sh
-    - set credentials for dns api
-    - set path to acme.sh script
-    - optional: set custom target for generated certificates
-    - optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
-  + templates/csr.txt
-    - set location, company and department
+  * inc_config.sh
+    * set credentials for dns api
+    * set path to acme.sh script
+    * optional: set custom target for generated certificates
+    * optional: for testing enable Let's Encrypt stage server to prevent running into weekly limits during tests
+  * templates/csr.txt
+    * set location, company and department

 ## Usage

@@ -35,24 +35,27 @@ HELP
 The basic syntax is
 cm.sh ACTION [FQDN]

-The ACTIONs are:
+The ACTIONs for single certificate handlings are:

        add  FQDN [.. FQDN-N] 
                create new certificate ... or force it
                The first FQDN is a hostname to generate the certificate for. 
-                Following hostnames will be used as DNS aliases in the same certificate.
+                Following multiple hostnames will be used as DNS aliases in the 
+                same certificate.

        delete FQDN
                delete a given certificate

-        list
-                list all certificates including creation and renew date
-
        renew FQDN
                renew (an already added) certificate

        show FQDN
                show place of csr + certificate data and show certificate

+ACTIONs for all certs
+
+        list
+                list all certificates including creation and renew date
+

 ```