From 5a213f5f6a934c34aed81b62aca92482235b17b2 Mon Sep 17 00:00:00 2001
From: Markus Germeier <markus@germeier.com>
Date: Sun, 6 Dec 2015 12:14:51 +0100
Subject: [PATCH] make openssl keysize configurable

---
 config.sh.example | 1 +
 letsencrypt.sh    | 7 ++++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/config.sh.example b/config.sh.example
index 0cf6574..49b7581 100644
--- a/config.sh.example
+++ b/config.sh.example
@@ -2,6 +2,7 @@
 
 #CA="https://acme-v01.api.letsencrypt.org"
 WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
+#KEYSIZE=4096
 
 # program called before responding to the challenge, arguments: path/to/token
 # token; can be used to e.g. upload the challenge if this script doesn't run
diff --git a/letsencrypt.sh b/letsencrypt.sh
index 212ed7e..9c36694 100755
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -8,6 +8,7 @@ set -o pipefail
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 HOOK_CHALLENGE=
+KEYSIZE="4096"
 
 . ./config.sh
 
@@ -96,7 +97,7 @@ sign_domain() {
   if [[ ! -e "certs/${domain}" ]]; then
     mkdir -p "certs/${domain}"
     echo "  + Generating private key..."
-    openssl genrsa -out "certs/${domain}/privkey.pem" 4096 2> /dev/null > /dev/null
+    openssl genrsa -out "certs/${domain}/privkey.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
   fi
 
   # Generate signing request config and the actual signing request
@@ -160,11 +161,11 @@ sign_domain() {
   echo "  + Done!"
 }
 
-# Check if private key exists, if it doesn't exist yet generate a new one (4096bit rsa key)
+# Check if private key exists, if it doesn't exist yet generate a new one (rsa key)
 register="0"
 if [[ ! -e "private_key.pem" ]]; then
   echo "+ Generating account key..."
-  openssl genrsa -out "private_key.pem" 4096 2> /dev/null > /dev/null
+  openssl genrsa -out "private_key.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
   register="1"
 fi
 
-- 
2.47.2