Current features:
- Signing of a list of domains
+- Signing of a CSR
- Renewal if a certificate is about to expire or SAN (subdomains) changed
- Certificate revocation
Commands:
--cron (-c) Sign/renew non-existant/changed/expiring certificates.
+ --signcsr (-s) path/to/csr.pem Sign a given CSR, output CRT on stdout (advanced usage)
--revoke (-r) path/to/cert.pem Revoke specified certificate
--help (-h) Show help text
--env (-e) Output configuration variables for use in other scripts
exit 0
}
+# Usage: --signcsr (-s) path/to/csr.pem
+# Description: Sign a given CSR, output CRT on stdout (advanced usage)
+command_sign_csr() {
+ # redirect stdout to stderr
+ # leave stdout over at fd 3 to output the cert
+ exec 3>&1 1>&2
+
+ init_system
+
+ csrfile="${1}"
+ if [ ! -r "${csrfile}" ]; then
+ _exiterr "Could not read certificate signing request ${csrfile}"
+ fi
+
+ sign_csr "$(< "${csrfile}" )"
+
+ exit 0
+}
+
# Usage: --revoke (-r) path/to/cert.pem
# Description: Revoke specified certificate
command_revoke() {
set_command sign_domains
;;
+ --signcsr|-s)
+ shift 1
+ set_command sign_csr
+ check_parameters "${1:-}"
+ PARAM_CSR="${1}"
+ ;;
+
--revoke|-r)
shift 1
set_command revoke
case "${COMMAND}" in
env) command_env;;
sign_domains) command_sign_domains;;
+ sign_csr) command_sign_csr "${PARAM_CSR}";;
revoke) command_revoke "${PARAM_REVOKECERT}";;
*) command_help; exit 1;;
esac
projects / thirdparty / dehydrated.git / commitdiff
