added config option to set path for openssl config file (currently only used for...

diff --git a/config.sh.example b/config.sh.example
index f4d9634cfcc7c58d173d00988f302904bf6b1993..22da6d8b0a4159a2bf9267fa5711b4c23466486e 100644 (file)
--- a/config.sh.example
+++ b/config.sh.example
@@ -4,6 +4,7 @@
 #WELLKNOWN=".acme-challenges"
 #KEYSIZE=4096
 #BASEDIR=./
+#OPENSSL_CNF=.... # system default (see openssl version -d)
 
 # program called before responding to the challenge, arguments: path/to/token
 # token; can be used to e.g. upload the challenge if this script doesn't run

diff --git a/letsencrypt.sh b/letsencrypt.sh
index ff591578a693e9edd3928e081d070ce0bcadd71a..e7eac3cb62e5023dcdbcc9cfca0f6e9e1b3e0df5 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -13,6 +13,7 @@ KEYSIZE="4096"
 WELLKNOWN=".acme-challenges"
 PRIVATE_KEY_RENEW=no
 BASEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"
 
 # If exists load config from same directory as this script
 if [[ -e "${BASEDIR}/config.sh" ]]; then
@@ -131,7 +132,7 @@ sign_domain() {
   done
   SAN="${SAN%%, }"
   echo " + Generating signing request..."
-  openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
+  openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
 
   # Request and respond to challenges
   for altname in $altnames; do