From: Lukas Schauer Date: Mon, 14 Dec 2015 13:30:37 +0000 (+0100) Subject: grab root certificate url from certificate, fixes #43 X-Git-Tag: v0.1.0~131 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1eb6f6d287f3da1582ec45ae25573eb08c135df3;p=thirdparty%2Fdehydrated.git grab root certificate url from certificate, fixes #43 --- diff --git a/config.sh.example b/config.sh.example index b58356e..6a6f29c 100644 --- a/config.sh.example +++ b/config.sh.example @@ -34,9 +34,6 @@ # Path to openssl config file (default: - tries to figure out system default) #OPENSSL_CNF= -# Name of root certificate (default: lets-encrypt-x1-cross-signed.pem) -#ROOTCERT="lets-encrypt-x1-cross-signed.pem" - # Program or function called in certain situations # # After generating the challenge-response, or after failed challenge (in this case altname is empty) diff --git a/letsencrypt.sh b/letsencrypt.sh index 45d728f..42c578c 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -21,7 +21,6 @@ KEYSIZE="4096" WELLKNOWN= PRIVATE_KEY_RENEW="no" OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf" -ROOTCERT="lets-encrypt-x1-cross-signed.pem" CONTACT_EMAIL= set_defaults() { @@ -372,12 +371,10 @@ sign_domain() { _openssl x509 -text < "${crt_path}" # Create fullchain.pem - if [[ -e "${BASEDIR}/certs/${ROOTCERT}" ]]; then - echo " + Creating fullchain.pem..." - cat "${crt_path}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem" - cat "${BASEDIR}/certs/${ROOTCERT}" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem" - ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem" - fi + echo " + Creating fullchain.pem..." + cat "${crt_path}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem" + _request get "$(openssl x509 -in "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem" + ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem" # Update remaining symlinks if [ ! "${privkey}" = "privkey.pem" ]; then @@ -502,7 +499,7 @@ command_help() { command_env() { echo "# letsencrypt.sh configuration" typeset -p CONFIG - typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF ROOTCERT HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL + typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL exit 0 }