private_key.pem
private_key.json
domains.txt
-config.sh
+config
hook.sh
certs/*
archive/*
## [x.x.x] - xxxx-xx-xx
## Changed
+- Config is now named `config` instead of `config.sh`!
- Location of domains.txt is now configurable via DOMAINS_TXT config variable
## [0.2.0] - 2016-05-22
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
- --config (-f) path/to/config.sh Use specified config file
+ --config (-f) path/to/config Use specified config file
--hook (-k) path/to/hook.sh Use specified script for hooks
--challenge (-t) http-01|dns-01 Which challenge should be used? Currently http-01 and dns-01 are supported
--algo (-a) rsa|prime256v1|secp384r1 Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
You need a hook script that deploys the challenge to your DNS server!
-The hook script (indicated in the config.sh file or the --hook/-k command line argument) gets four arguments: an operation name (clean_challenge, deploy_challenge, or deploy_cert) and some operands for that. For deploy_challenge $2 is the domain name for which the certificate is required, $3 is a "challenge token" (which is not needed for dns-01), and $4 is a token which needs to be inserted in a TXT record for the domain.
+The hook script (indicated in the config file or the --hook/-k command line argument) gets four arguments: an operation name (clean_challenge, deploy_challenge, or deploy_cert) and some operands for that. For deploy_challenge $2 is the domain name for which the certificate is required, $3 is a "challenge token" (which is not needed for dns-01), and $4 is a token which needs to be inserted in a TXT record for the domain.
Typically, you will need to split the subdomain name in two, the subdomain name and the domain name separately. For example, for "my.example.com", you'll need "my" and "example.com" separately. You then have to prefix "_acme-challenge." before the subdomain name, as in "_acme-challenge.my" and set a TXT record for that on the domain (e.g. "example.com") which has the value supplied in $4
# This is the main config file for letsencrypt.sh #
# #
# This file is looked for in the following locations: #
-# $SCRIPTDIR/config.sh (next to this script) #
-# /usr/local/etc/letsencrypt.sh/config.sh #
-# /etc/letsencrypt.sh/config.sh #
-# ${PWD}/config.sh (in current working-directory) #
+# $SCRIPTDIR/config (next to this script) #
+# /usr/local/etc/letsencrypt.sh/config #
+# /etc/letsencrypt.sh/config #
+# ${PWD}/config (in current working-directory) #
# #
# Default values of this config are in comments #
########################################################
### HOOK_CHAIN="no" (default behaviour)
```
-# INFO: Using main config file /etc/letsencrypt.sh/config.sh
+# INFO: Using main config file /etc/letsencrypt.sh/config
Processing lukas.im with alternative names: www.lukas.im
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
### HOOK_CHAIN="yes"
```
-# INFO: Using main config file /etc/letsencrypt.sh/config.sh
+# INFO: Using main config file /etc/letsencrypt.sh/config
Processing lukas.im with alternative names: www.lukas.im
+ Checking domain name(s) of existing cert... unchanged.
+ Checking expire date of existing cert...
If you start testing using the production endpoint (which is the default),
you will quickly hit these limits and find yourself locked out.
-To avoid this, please set the CA property to the Let’s Encrypt staging server URL in your `config.sh` file:
+To avoid this, please set the CA property to the Let’s Encrypt staging server URL in your config file:
```bash
CA="https://acme-staging.api.letsencrypt.org/directory"
# Check for config in various locations
if [[ -z "${CONFIG:-}" ]]; then
for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
- if [[ -e "${check_config}/config.sh" ]]; then
+ if [[ -e "${check_config}/config" ]]; then
BASEDIR="${check_config}"
- CONFIG="${check_config}/config.sh"
+ CONFIG="${check_config}/config"
break
fi
done
PARAM_ACCOUNT_KEY="${1}"
;;
- # PARAM_Usage: --config (-f) path/to/config.sh
+ # PARAM_Usage: --config (-f) path/to/config
# PARAM_Description: Use specified config file
--config|-f)
shift 1
) &
# Generate config and create empty domains.txt
-echo 'CA="https://testca.kurz.pw/directory"' > config.sh
-echo 'LICENSE="https://testca.kurz.pw/terms/v1"' >> config.sh
-echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config.sh
-echo 'RENEW_DAYS="14"' >> config.sh
+echo 'CA="https://testca.kurz.pw/directory"' > config
+echo 'LICENSE="https://testca.kurz.pw/terms/v1"' >> config
+echo 'WELLKNOWN=".acme-challenges/.well-known/acme-challenge"' >> config
+echo 'RENEW_DAYS="14"' >> config
touch domains.txt
# Check if help command is working
# Temporarily move config out of the way and try signing certificate by using temporary config location
_TEST "Try signing using temporary config location and with domain as command line parameter"
-mv config.sh tmp_config.sh
-./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config.sh > tmplog 2> errorlog || _FAIL "Script execution failed"
+mv config tmp_config
+./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_NOT_LOG "Checking domain name(s) of existing cert"
_CHECK_LOG "Generating private key"
_CHECK_LOG "Requesting challenge for ${TMP_URL}"
_CHECK_LOG "Creating fullchain.pem"
_CHECK_LOG "Done!"
_CHECK_ERRORLOG
-mv tmp_config.sh config.sh
+mv tmp_config config
# Move private key and add new location to config
mv private_key.pem account_key.pem
-echo 'PRIVATE_KEY="./account_key.pem"' >> config.sh
+echo 'PRIVATE_KEY="./account_key.pem"' >> config
# Add third domain to command-lime, should force renewal.
_TEST "Run in cron mode again, this time adding third domain, should force renewal."
_CHECK_ERRORLOG
# Disable private key renew
-echo 'PRIVATE_KEY_RENEW="no"' >> config.sh
+echo 'PRIVATE_KEY_RENEW="no"' >> config
# Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key)
_TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
# Check if renewal works
_TEST "Run in cron mode again, to check if renewal works"
-echo 'RENEW_DAYS="300"' >> config.sh
+echo 'RENEW_DAYS="300"' >> config
./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
_CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
_CHECK_LOG "Renewing!"
projects / thirdparty / dehydrated.git / commitdiff
