${HOOK} "clean_challenge" '' "${challenge_token}" "${keyauth}"
fi
+ # remove temporary domains.txt file if used
+ if [[ -n "${PARAM_DOMAIN:-}" ]]; then
+ rm "${DOMAINS_TXT}"
+ fi
+
exit 1
fi
# Usage: --cron (-c)
# Description: Sign/renew non-existant/changed(TODO)/expiring certificates.
-command_cron() {
+command_sign_domains() {
+ if [[ -n "${PARAM_DOMAIN:-}" ]]; then
+ # we are using a temporary domains.txt file so we don't need to duplicate any code
+ DOMAINS_TXT="$(mktemp)"
+ echo "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
+ fi
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
<"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -v '^#' | grep -v '^$' | while read -r line; do
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
+ morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
cert="${BASEDIR}/certs/${domain}/cert.pem"
- echo "Processing ${domain}"
+ if [[ -z "${morenames}" ]];then
+ echo "Processing ${domain}"
+ else
+ echo "Processing ${domain} with SAN: ${morenames}"
+ fi
+
if [[ -e "${cert}" ]]; then
echo " + Found existing cert..."
echo -n " + Valid till ${valid} "
if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then
- echo "(Longer than ${RENEW_DAYS} days). Skipping!"
- continue
+ echo -n "(Longer than ${RENEW_DAYS} days). "
+ if [[ "${PARAM_FORCE:-}" = "yes" ]]; then
+ echo "Ignoring because --force was specified!"
+ else
+ echo "Skipping!"
+ continue
+ fi
+ else
+ echo "(Less than ${RENEW_DAYS} days). Renewing!"
fi
- echo "(Less than ${RENEW_DAYS} days). Renewing!"
fi
# shellcheck disable=SC2086
sign_domain $line
done
-}
-# Usage: --sign (-s) domain.tld
-# Description: Force-sign specific certificate from domains.txt, even if not yet expiring or changed.
-command_sign() {
- # Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
- <"${DOMAINS_TXT}" sed 's/^\s*//g;s/\s*$//g' | grep -E "^${1}($|\s)" | head -1 | while read -r line; do
- domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
- cert="${BASEDIR}/certs/${domain}/cert.pem"
-
- echo "Processing ${domain}"
- if [[ -e "${cert}" ]]; then
- echo " + Found existing cert... ignoring."
- fi
-
- # shellcheck disable=SC2086
- sign_domain $line
- done || (echo "No entry for ${1} found in ${DOMAINS_TXT}."; exit 1)
+ # remove temporary domains.txt file if used
+ if [[ -n "${PARAM_DOMAIN:-}" ]]; then
+ rm "${DOMAINS_TXT}"
+ fi
}
# Usage: --revoke (-r) path/to/cert.pem
case "${arg}" in
--help) args="${args}-h ";;
--cron) args="${args}-c ";;
- --sign) args="${args}-s ";;
+ --domain) args="${args}-d ";;
+ --force ) args="${args}-x ";;
--revoke) args="${args}-r ";;
--privkey) args="${args}-p ";;
--config) args="${args}-f ";;
fi
}
-while getopts ":hcer:s:f:p:" option; do
+while getopts ":hcer:d:xf:p:" option; do
case "${option}" in
h)
command_help
check_parameters "${OPTARG:-}"
revoke_me="${OPTARG}"
;;
- s)
- set_command sign
+ d)
+ # PARAM_Usage: --domain (-d) domain.tld
+ # PARAM_Description: Use specified domain name instead of domains.txt, use multiple times for certificate with SAN names
check_parameters "${OPTARG:-}"
- sign_me="${OPTARG}"
+ if [[ -z "${PARAM_DOMAIN:-}" ]]; then
+ PARAM_DOMAIN="${OPTARG}"
+ else
+ PARAM_DOMAIN="${PARAM_DOMAIN} ${OPTARG}"
+ fi
+ ;;
+ x)
+ # PARAM_Usage: --force (-x)
+ # PARAM_Description: force renew of certificate even if it is longer valid than value in RENEW_DAYS
+ PARAM_FORCE="yes"
;;
f)
# PARAM_Usage: --config (-f) path/to/config.sh
case "${COMMAND}" in
cron)
- command_cron
+ command_sign_domains
;;
env)
command_env
;;
- sign)
- command_sign "${sign_me}"
- ;;
revoke)
command_revoke "${revoke_me}"
;;
projects / thirdparty / dehydrated.git / commitdiff
