It uses the `openssl` utility for everything related to actually handling keys and certificates, so you need to have that installed.
-Other dependencies are (for now): curl, sed
-
-Perl no longer is a dependency.
-The only remaining perl code in this repository is the script you can use to convert your existing letsencrypt-keyfile into something openssl (and this script) can read.
+Other dependencies are: curl, sed, grep, mktemp (all found on almost any system, curl being the only exception)
Current features:
- Signing of a list of domains
-- Renewal if a certificate is about to expire
+- Renewal if a certificate is about to expire or SAN (subdomains) changed
- Certificate revocation
Please keep in mind that this software and even the acme-protocol are relatively young and may still have some unresolved issues.
## Import
-### import-account.pl
-
-This perl-script can be used to import the account key from the original letsencrypt client.
-
-You should copy `private_key.json` to the same directory as the script.
-The json-file can be found in a subdirectory of `/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory`.
-
-Usage: `./import-account.pl`
-
-### import-certs.sh
-
-This script can be used to import private keys and certificates created by the original letsencrypt client.
-
-By default it expects the certificates to be found under `/etc/letsencrypt`, which is the default output directory of the original client.
-You can change the path by setting LETSENCRYPT in your config file: ```LETSENCRYPT="/etc/letsencrypt"```.
-
-Usage: `./import-certs.sh`
+If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/letsencrypt.sh/wiki/Import-from-official-letsencrypt-client).
+++ /dev/null
-#!/usr/bin/env perl
-
-use strict;
-
-use Crypt::OpenSSL::RSA;
-use Crypt::OpenSSL::Bignum;
-use JSON;
-use File::Slurp;
-use MIME::Base64;
-
-my $json_file = "private_key.json";
-my $json_content = read_file($json_file);
-$json_content =~ tr/-/+/;
-$json_content =~ tr/_/\//;
-
-my $json = decode_json($json_content);
-
-my $n = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{n}));
-my $e = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{e}));
-my $d = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{d}));
-my $p = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{p}));
-my $q = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{q}));
-
-my $rsa = Crypt::OpenSSL::RSA->new_key_from_parameters($n, $e, $d, $p, $q);
-
-print($rsa->get_private_key_string());
+++ /dev/null
-#!/usr/bin/env bash
-
-set -e
-set -u
-set -o pipefail
-
-umask 077 # paranoid umask, we're creating private keys
-
-SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-BASEDIR="${SCRIPTDIR}"
-LETSENCRYPT="/etc/letsencrypt"
-
-eval "$("${SCRIPTDIR}/letsencrypt.sh" --env)"
-
-if [[ ! -e "${LETSENCRYPT}" ]]; then
- echo "No existing letsencrypt files found."
- exit 1
-fi
-
-if [[ -e "${BASEDIR}/domains.txt" ]]; then
- DOMAINS_TXT="${BASEDIR}/domains.txt"
-elif [[ -e "${SCRIPTDIR}/domains.txt" ]]; then
- DOMAINS_TXT="${SCRIPTDIR}/domains.txt"
-else
- echo "You have to create a domains.txt file listing the domains you want certificates for. Have a look at domains.txt.example."
- echo "For the purpose of this import script the file can be empty, but it has to exist."
- exit 1
-fi
-
-for certdir in "${LETSENCRYPT}/live/"*; do
- domain="$(basename "${certdir}")"
- echo "Processing ${domain}"
-
- # Check if we already have a certificate for the same (main) domain
- if [ -e "${BASEDIR}/certs/${domain}" ]; then
- echo " + Skipping: Found existing certificate directory, don't want to delete anything."
- continue
- fi
-
- # Check if private-key, certificate and fullchain exist
- if [[ ! -e "${certdir}/privkey.pem" ]]; then
- echo " + Skipping: Private key is missing."
- continue
- fi
- if [[ ! -e "${certdir}/cert.pem" ]]; then
- echo " + Skipping: Certificate is missing."
- continue
- fi
- if [[ ! -e "${certdir}/fullchain.pem" ]]; then
- echo " + Skipping: Chain is missing."
- continue
- fi
-
- # Check if certificate still valid
- if ! openssl x509 -checkend 0 -noout -in "${certdir}/cert.pem" >/dev/null 2>&1; then
- echo " + Skipping: Certificate is expired."
- continue
- fi
-
- # Import certificate
- timestamp="$(date +%s)"
-
- echo " + Adding list of domains to ${DOMAINS_TXT}"
- SAN="$(openssl x509 -in "${certdir}/cert.pem" -noout -text | grep -A1 "Subject Alternative Name" | grep "DNS")"
- SAN="${SAN//DNS:/}"
- SAN="${SAN//, / }"
- altnames="${domain}"
- for altname in ${SAN}; do
- if [[ ! "${altname}" = "${domain}" ]]; then
- altnames="${altnames} ${altname}"
- fi
- done
- echo "${altnames}" >> "${DOMAINS_TXT}"
-
- mkdir -p "${BASEDIR}/certs/${domain}"
-
- echo " + Importing private key"
- cat "${certdir}/privkey.pem" > "${BASEDIR}/certs/${domain}/privkey-${timestamp}.pem"
- ln -s "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
-
- echo " + Importing certificate"
- cat "${certdir}/cert.pem" > "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
- ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
-
- echo " + Importing chain"
- cat "${certdir}/fullchain.pem" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
- ln -s "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
-done
projects / thirdparty / dehydrated.git / commitdiff
