From: Lukas Schauer Date: Mon, 7 Dec 2015 10:45:09 +0000 (+0100) Subject: added config option to set path for openssl config file (currently only used for... X-Git-Tag: v0.1.0~190 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=474f33d2ca79a5852f5a1aa96f0b962ebe267949;p=thirdparty%2Fdehydrated.git added config option to set path for openssl config file (currently only used for generating a signing request) --- diff --git a/config.sh.example b/config.sh.example index f4d9634..22da6d8 100644 --- a/config.sh.example +++ b/config.sh.example @@ -4,6 +4,7 @@ #WELLKNOWN=".acme-challenges" #KEYSIZE=4096 #BASEDIR=./ +#OPENSSL_CNF=.... # system default (see openssl version -d) # program called before responding to the challenge, arguments: path/to/token # token; can be used to e.g. upload the challenge if this script doesn't run diff --git a/letsencrypt.sh b/letsencrypt.sh index ff59157..e7eac3c 100755 --- a/letsencrypt.sh +++ b/letsencrypt.sh @@ -13,6 +13,7 @@ KEYSIZE="4096" WELLKNOWN=".acme-challenges" PRIVATE_KEY_RENEW=no BASEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf" # If exists load config from same directory as this script if [[ -e "${BASEDIR}/config.sh" ]]; then @@ -131,7 +132,7 @@ sign_domain() { done SAN="${SAN%%, }" echo " + Generating signing request..." - openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null + openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null # Request and respond to challenges for altname in $altnames; do