create fullchain.pem

author Lukas Schauer <lukas@schauer.so>

Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)

committer Lukas Schauer <lukas@schauer.so>

Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)
author Lukas Schauer <lukas@schauer.so>
Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)
committer Lukas Schauer <lukas@schauer.so>
Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)
diff --git a/.gitignore b/.gitignore

index b313f0229b7dc4d31407fd65a119533558be52ec..7c26c55e5daa9b698131e4343015ded4639c187b 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ private_key.pem
  domains.txt
  config.sh
  certs/*
+!certs/lets-encrypt-x1-cross-signed.pem
  .acme-challenges/*
diff --git a/certs/lets-encrypt-x1-cross-signed.pem b/certs/lets-encrypt-x1-cross-signed.pem

new file mode 100644 (file)

index 0000000..8a92a0b
--- /dev/null
+++ b/certs/lets-encrypt-x1-cross-signed.pem
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqDCCA5CgAwIBAgIRAJgT9HUT5XULQ+dDHpceRL0wDQYJKoZIhvcNAQELBQAw
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+Ew5EU1QgUm9vdCBDQSBYMzAeFw0xNTEwMTkyMjMzMzZaFw0yMDEwMTkyMjMzMzZa
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMTCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAJzTDPBa5S5Ht3JdN4OzaGMw6tc1Jhkl4b2+NfFwki+3uEtB
+BaupnjUIWOyxKsRohwuj43Xk5vOnYnG6eYFgH9eRmp/z0HhncchpDpWRz/7mmelg
+PEjMfspNdxIknUcbWuu57B43ABycrHunBerOSuu9QeU2mLnL/W08lmjfIypCkAyG
+dGfIf6WauFJhFBM/ZemCh8vb+g5W9oaJ84U/l4avsNwa72sNlRZ9xCugZbKZBDZ1
+gGusSvMbkEl4L6KWTyogJSkExnTA0DHNjzE4lRa6qDO4Q/GxH8Mwf6J5MRM9LTb4
+4/zyM2q5OTHFr8SNDR1kFjOq+oQpttQLwNh9w5MCAwEAAaOCAZIwggGOMBIGA1Ud
+EwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgGGMH8GCCsGAQUFBwEBBHMwcTAy
+BggrBgEFBQcwAYYmaHR0cDovL2lzcmcudHJ1c3RpZC5vY3NwLmlkZW50cnVzdC5j
+b20wOwYIKwYBBQUHMAKGL2h0dHA6Ly9hcHBzLmlkZW50cnVzdC5jb20vcm9vdHMv
+ZHN0cm9vdGNheDMucDdjMB8GA1UdIwQYMBaAFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MFQGA1UdIARNMEswCAYGZ4EMAQIBMD8GCysGAQQBgt8TAQEBMDAwLgYIKwYBBQUH
+AgEWImh0dHA6Ly9jcHMucm9vdC14MS5sZXRzZW5jcnlwdC5vcmcwPAYDVR0fBDUw
+MzAxoC+gLYYraHR0cDovL2NybC5pZGVudHJ1c3QuY29tL0RTVFJPT1RDQVgzQ1JM
+LmNybDATBgNVHR4EDDAKoQgwBoIELm1pbDAdBgNVHQ4EFgQUqEpqYwR93brm0Tm3
+pkVl7/Oo7KEwDQYJKoZIhvcNAQELBQADggEBANHIIkus7+MJiZZQsY14cCoBG1hd
+v0J20/FyWo5ppnfjL78S2k4s2GLRJ7iD9ZDKErndvbNFGcsW+9kKK/TnY21hp4Dd
+ITv8S9ZYQ7oaoqs7HwhEMY9sibED4aXw09xrJZTC9zK1uIfW6t5dHQjuOWv+HHoW
+ZnupyxpsEUlEaFb+/SCI4KCSBdAsYxAcsHYI5xxEI4LutHp6s3OT2FuO90WfdsIk
+6q78OMSdn875bNjdBYAqxUp2/LEIHfDBkLoQz0hFJmwAbYahqKaLn73PAAm1X2kj
+f1w8DdnkabOLGeOVcj9LQ+s67vBykx4anTjURkbqZslUEUsn2k5xeua2zUk=
+-----END CERTIFICATE-----
diff --git a/config.sh.example b/config.sh.example

index 22da6d8b0a4159a2bf9267fa5711b4c23466486e..9ae870f1e0d6f7928cfc5052f5b1522e320b0007 100644 (file)
--- a/config.sh.example
+++ b/config.sh.example
@@ -5,6 +5,7 @@
  #KEYSIZE=4096
  #BASEDIR=./
  #OPENSSL_CNF=.... # system default (see openssl version -d)
+#ROOTCERT="lets-encrypt-x1-cross-signed.pem"
  
  # program called before responding to the challenge, arguments: path/to/token
  # token; can be used to e.g. upload the challenge if this script doesn't run
diff --git a/letsencrypt.sh b/letsencrypt.sh

index 3e2d2ed95f7530f5d7f30aa03c9ee4c6b28b99b8..4c2b6e1065abf85e18cde5a1eaa591dc94897092 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -15,6 +15,7 @@ PRIVATE_KEY_RENEW=no
  SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
  BASEDIR="${SCRIPTDIR}"
  OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"
+ROOTCERT="lets-encrypt-x1-cross-signed.pem"
  
  # If exists load config from same directory as this script
  if [[ -e "${BASEDIR}/config.sh" ]]; then
@@ -196,6 +197,20 @@ sign_domain() {
    printf -- '-----BEGIN CERTIFICATE-----\n%s\n-----END CERTIFICATE-----\n' "${crt64}" > "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
    rm -f "${BASEDIR}/certs/${domain}/cert.pem"
    ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
+
+  # Create fullchain.pem
+  if [[ -e "${BASEDIR}/certs/${ROOTCERT}" ]] || [[ -e "${SCRIPTDIR}/certs/${ROOTCERT}" ]]; then
+    echo " + Creating fullchain.pem..."
+    if [[ -e "${BASEDIR}/certs/${ROOTCERT}" ]]; then
+      cat "${BASEDIR}/certs/${ROOTCERT}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+    else
+      cat "${SCRIPTDIR}/certs/${ROOTCERT}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+    fi
+    cat "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+    rm -f "${BASEDIR}/certs/${domain}/fullchain.pem"
+    ln -s "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
+  fi
+
    echo " + Done!"
  }
author	Lukas Schauer <lukas@schauer.so>
	Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)
committer	Lukas Schauer <lukas@schauer.so>
	Mon, 7 Dec 2015 11:50:31 +0000 (12:50 +0100)
.gitignore		patch \| blob \| blame \| history
certs/lets-encrypt-x1-cross-signed.pem	[new file with mode: 0644]	patch \| blob
config.sh.example		patch \| blob \| blame \| history
letsencrypt.sh		patch \| blob \| blame \| history