--ipv4 (-4) Resolve names to IPv4 addresses only
--ipv6 (-6) Resolve names to IPv6 addresses only
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
+ --alias certalias Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
--keep-going (-g) Keep going after encountering an error while creating/renewing multiple certificates in cron mode
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--no-lock (-n) Don't use lockfile (potentially dangerous!)
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
DOMAINS_TXT="$(_mktemp)"
- printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
+ if [[ -n "${PARAM_ALIAS:-}" ]]; then
+ printf -- "${PARAM_DOMAIN} > ${PARAM_ALIAS}" > "${DOMAINS_TXT}"
+ else
+ printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
+ fi
elif [[ -e "${DOMAINS_TXT}" ]]; then
if [[ ! -r "${DOMAINS_TXT}" ]]; then
_exiterr "domains.txt found but not readable"
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
ORIGIFS="${IFS}"
IFS=$'\n'
- for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true)); do
+ for line in $(<"${DOMAINS_TXT}" tr -d '\r' | awk '{print tolower($0)}' | _sed -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' -e 's/([^ ])>/\1 >/g' -e 's/> />/g' | (grep -vE '^(#|$)' || true)); do
reset_configvars
IFS="${ORIGIFS}"
+ alias="$(grep -Eo '>[^ ]+' <<< "${line}" || true)"
+ line="$(_sed -e 's/>[^ ]+[ ]*//g' <<< "${line}")"
+ aliascount="$(grep -Eo '>' <<< "${alias}" | awk 'END {print NR}' || true )"
+ [ ${aliascount} -gt 1 ] && _exiterr "Only one alias per line is allowed in domains.txt!"
+
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
- local certdir="${CERTDIR}/${domain}"
+ [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}"
+
+ local certdir="${CERTDIR}/${alias}"
cert="${certdir}/cert.pem"
chain="${certdir}/chain.pem"
# we could just source the config file but i decided to go this way to protect people from accidentally overriding
# variables used internally by this script itself.
if [[ -n "${DOMAINS_D}" ]]; then
- certconfig="${DOMAINS_D}/${domain}"
+ certconfig="${DOMAINS_D}/${alias}"
else
certconfig="${certdir}/config"
fi
fi
;;
+ # PARAM_Usage: --alias certalias
+ # PARAM_Description: Use specified name for certificate directory (and per-certificate config) instead of the primary domain (only used if --domain is specified)
+ --alias)
+ shift 1
+ check_parameters "${1:-}"
+ [[ -n "${PARAM_ALIAS:-}" ]] && _exiterr "Alias can only be specified once!"
+ PARAM_ALIAS="${1}"
+ ;;
+
# PARAM_Usage: --keep-going (-g)
# PARAM_Description: Keep going after encountering an error while creating/renewing multiple certificates in cron mode
--keep-going|-g)
```text
example.com www.example.com
example.net www.example.net wiki.example.net
+example.net www.example.net wiki.example.net > certalias
```
This states that there should be two certificates `example.com` and `example.net`,
with the other domains in the corresponding line being their alternative names.
+
+You can define an alias for your certificate which will (instead of the primary domain) be
+used as directory name under your certdir and for a per-certificate lookup.
+This allows multiple certificates with identical sets of domains but different configuration
+to exist.
projects / thirdparty / dehydrated.git / commitdiff
