From: Lukas Schauer Date: Tue, 13 Sep 2016 17:48:27 +0000 (+0200) Subject: renamed project to dehydrated and main script to dehydrated.sh X-Git-Tag: v0.3.1~3 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=64e35463cbbfc35ad1bf8537b60602707be2daaf;p=thirdparty%2Fdehydrated.git renamed project to dehydrated and main script to dehydrated.sh --- diff --git a/CHANGELOG b/CHANGELOG index 46a6d61..2eda0d8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,14 @@ # Change Log -This file contains a log of major changes in letsencrypt.sh +This file contains a log of major changes in dehydrated.sh ## [x.x.x] - xxxx-xx-xx ## Changed - ... +## [0.3.1] - 2016-09-13 +## Changed +- Renamed project to `dehydrated` and main script to `dehydrated.sh`. + ## [0.3.0] - 2016-09-07 ## Changed - Config is now named `config` instead of `config.sh`! diff --git a/README.md b/README.md index 81bbd10..5c65776 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -# letsencrypt.sh [![Build Status](https://travis-ci.org/lukas2511/letsencrypt.sh.svg?branch=master)](https://travis-ci.org/lukas2511/letsencrypt.sh) +# dehydrated.sh [![Build Status](https://travis-ci.org/lukas2511/dehydrated.svg?branch=master)](https://travis-ci.org/lukas2511/dehydrated) + +![](docs/logo.jpg) This is a client for signing certificates with an ACME-server (currently only provided by letsencrypt) implemented as a relatively simple bash-script. @@ -28,7 +30,7 @@ If you have any problems take a look at our [Troubleshooting](docs/troubleshooti ## Usage: ```text -Usage: ./letsencrypt.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... +Usage: ./dehydrated.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... Default command: help diff --git a/letsencrypt.sh b/dehydrated.sh similarity index 98% rename from letsencrypt.sh rename to dehydrated.sh index 787c31f..4e2a563 100755 --- a/letsencrypt.sh +++ b/dehydrated.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -# letsencrypt.sh by lukas2511 -# Source: https://github.com/lukas2511/letsencrypt.sh +# dehydrated.sh by lukas2511 +# Source: https://github.com/lukas2511/dehydrated # # This script is licensed under The MIT License (see LICENSE for more information). @@ -25,7 +25,7 @@ BASEDIR="${SCRIPTDIR}" # Create (identifiable) temporary files _mktemp() { # shellcheck disable=SC2068 - mktemp ${@:-} "${TMPDIR:-/tmp}/letsencrypt.sh-XXXXXX" + mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated.sh-XXXXXX" } # Check for script dependencies @@ -94,7 +94,7 @@ verify_config() { load_config() { # Check for config in various locations if [[ -z "${CONFIG:-}" ]]; then - for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do + for check_config in "/etc/dehydrated.sh" "/usr/local/etc/dehydrated.sh" "${PWD}" "${SCRIPTDIR}"; do if [[ -f "${check_config}/config" ]]; then BASEDIR="${check_config}" CONFIG="${check_config}/config" @@ -181,7 +181,7 @@ load_config() { [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt" + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE="" @@ -246,7 +246,7 @@ init_system() { # If we generated a new private key in the step above we have to register it with the acme-server if [[ "${register_new_key}" = "yes" ]]; then - echo "+ Registering account key with letsencrypt..." + echo "+ Registering account key with ACME server..." [[ ! -z "${CA_NEW_REG}" ]] || _exiterr "Certificate authority doesn't allow registrations." # If an email for the contact has been provided then adding it to the registration request FAILED=false @@ -924,7 +924,7 @@ command_help() { # Usage: --env (-e) # Description: Output configuration variables for use in other scripts command_env() { - echo "# letsencrypt.sh configuration" + echo "# dehydrated.sh configuration" load_config typeset -p CA LICENSE CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE } diff --git a/docs/dns-verification.md b/docs/dns-verification.md index 0c07c3f..898aefc 100644 --- a/docs/dns-verification.md +++ b/docs/dns-verification.md @@ -19,4 +19,4 @@ Or when you do have a DNS API, pass the details accordingly to achieve the same You can delete the TXT record when called with operation clean_challenge, when $2 is also the domain name. -Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks) +Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks) diff --git a/docs/domains_txt.md b/docs/domains_txt.md index 466eae9..ed6b453 100644 --- a/docs/domains_txt.md +++ b/docs/domains_txt.md @@ -1,6 +1,6 @@ ### domains.txt -letsencrypt.sh uses the file `domains.txt` as configuration for which certificates should be requested. +dehydrated.sh uses the file `domains.txt` as configuration for which certificates should be requested. The file should have the following format: diff --git a/docs/examples/config b/docs/examples/config index a836a4e..96a2161 100644 --- a/docs/examples/config +++ b/docs/examples/config @@ -1,10 +1,10 @@ ######################################################## -# This is the main config file for letsencrypt.sh # +# This is the main config file for dehydrated.sh # # # # This file is looked for in the following locations: # # $SCRIPTDIR/config (next to this script) # -# /usr/local/etc/letsencrypt.sh/config # -# /etc/letsencrypt.sh/config # +# /usr/local/etc/dehydrated/config # +# /etc/dehydrated/config # # ${PWD}/config (in current working-directory) # # # # Default values of this config are in comments # @@ -42,8 +42,8 @@ # Directory for account keys and registration information #ACCOUNTDIR="${BASEDIR}/accounts" -# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/letsencrypt) -#WELLKNOWN="/var/www/letsencrypt" +# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) +#WELLKNOWN="/var/www/dehydrated" # Default keysize for private keys (default: 4096) #KEYSIZE="4096" diff --git a/docs/hook_chain.md b/docs/hook_chain.md index 450c0fd..c025783 100644 --- a/docs/hook_chain.md +++ b/docs/hook_chain.md @@ -9,7 +9,7 @@ See below for an example on how the calls change: ### HOOK_CHAIN="no" (default behaviour) ``` -# INFO: Using main config file /etc/letsencrypt.sh/config +# INFO: Using main config file /etc/dehydrated/config Processing lukas.im with alternative names: www.lukas.im + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... @@ -31,13 +31,13 @@ HOOK: clean_challenge www.lukas.im blublublu blublublu.supersecure + Checking certificate... + Done! + Creating fullchain.pem... -HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152442 +HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152442 + Done! ``` ### HOOK_CHAIN="yes" ``` -# INFO: Using main config file /etc/letsencrypt.sh/config +# INFO: Using main config file /etc/dehydrated/config Processing lukas.im with alternative names: www.lukas.im + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... @@ -57,7 +57,7 @@ HOOK: clean_challenge lukas.im blablabla blablabla.supersecure www.lukas.im blub + Checking certificate... + Done! + Creating fullchain.pem... -HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152408 +HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152408 + Done! ``` diff --git a/docs/import-from-official-client.md b/docs/import-from-official-client.md index bcfe07c..8cc8950 100644 --- a/docs/import-from-official-client.md +++ b/docs/import-from-official-client.md @@ -1,3 +1,3 @@ # Import -If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/letsencrypt.sh/wiki/Import-from-official-letsencrypt-client). +If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/dehydrated/wiki/Import-from-official-letsencrypt-client). diff --git a/docs/logo.jpg b/docs/logo.jpg new file mode 100644 index 0000000..ad1c2a7 Binary files /dev/null and b/docs/logo.jpg differ diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md index 4862a4e..708346e 100644 --- a/docs/per-certificate-config.md +++ b/docs/per-certificate-config.md @@ -1,6 +1,6 @@ # Config on per-certificate base -letsencrypt.sh allows a few configuration variables to be set on a per-certificate base. +dehydrated.sh allows a few configuration variables to be set on a per-certificate base. To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`). diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index ace8f32..ec50571 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -6,7 +6,7 @@ Generally if the following information doesn't provide a solution to your proble You probably changed from staging-CA to production-CA (or the other way). -Currently letsencrypt.sh doesn't detect a missing registration on the selected CA, +Currently dehydrated.sh doesn't detect a missing registration on the selected CA, the current workaround is to move `private_key.pem` (and, if you care, `private_key.json`) out of the way so the scripts generates and registers a new one. This will hopefully be fixed in the future. @@ -19,13 +19,13 @@ LICENSE1 and LICENSE2 are just placeholders for the real values in this troubles ## "Error creating new cert :: Too many certificates already issued for: [...]" -This is not an issue with letsencrypt.sh but an API limit with letsencrypt. +This is not an issue with dehydrated.sh but an API limit with boulder (the ACME server). At the time of writing this you can only create 5 certificates per domain in a sliding window of 7 days. ## "Certificate request has 123 names, maximum is 100." -This also is an API limit from letsencrypt, you are requesting to sign a certificate with way too many domains. +This also is an API limit from boulder, you are requesting to sign a certificate with way too many domains. ## Invalid challenges diff --git a/docs/wellknown.md b/docs/wellknown.md index f7b1d19..4456181 100644 --- a/docs/wellknown.md +++ b/docs/wellknown.md @@ -5,7 +5,7 @@ It will do that for any (sub-)domain you want to sign a certificate for. At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!). -letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. +dehydrated.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below. @@ -13,7 +13,7 @@ If you only have one docroot on your server you could easily do something like ` If you have more than one docroot (or you are using your server as a reverse proxy / load balancer) the simple configuration mentioned above wouldn't work, but with just a few lines of webserver configuration this can be solved. -An example would be to create a directory `/var/www/letsencrypt` and set `WELLKNOWN=/var/www/letsencrypt` in the scripts config. +An example would be to create a directory `/var/www/dehydrated` and set `WELLKNOWN=/var/www/dehydrated` in the scripts config. You'll need to configure aliases on your Webserver: @@ -25,7 +25,7 @@ With Nginx you'll need to add this to any of your `server`/VHost config blocks: server { [...] location /.well-known/acme-challenge { - alias /var/www/letsencrypt; + alias /var/www/dehydrated; } [...] } @@ -36,9 +36,9 @@ server { With Apache just add this to your config and it should work in any VHost: ```apache -Alias /.well-known/acme-challenge /var/www/letsencrypt +Alias /.well-known/acme-challenge /var/www/dehydrated - + Options None AllowOverride None @@ -63,6 +63,6 @@ With Lighttpd just add this to your config and it should work in any VHost: modules += "alias" alias.url += ( - "/.well-known/acme-challenge/" => "/var/www/letsencrypt/" + "/.well-known/acme-challenge/" => "/var/www/dehydrated/" ) ``` diff --git a/test.sh b/test.sh index 0d81d69..93ddb50 100755 --- a/test.sh +++ b/test.sh @@ -84,7 +84,7 @@ TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)" TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)" if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then - echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue." + echo "Couldn't get an url from ngrok, not a dehydrated.sh bug, tests can't continue." exit 1 fi @@ -104,7 +104,7 @@ touch domains.txt # Check if help command is working _TEST "Checking if help command is working..." -./letsencrypt.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Default command: help" _CHECK_LOG "--help (-h)" _CHECK_LOG "--domain (-d) domain.tld" @@ -112,7 +112,7 @@ _CHECK_ERRORLOG # Run in cron mode with empty domains.txt (should only generate private key and exit) _TEST "First run in cron mode, checking if private key is generated and registered" -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Registering account key" _CHECK_FILE accounts/*/account_key.pem _CHECK_ERRORLOG @@ -120,7 +120,7 @@ _CHECK_ERRORLOG # Temporarily move config out of the way and try signing certificate by using temporary config location _TEST "Try signing using temporary config location and with domain as command line parameter" mv config tmp_config -./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_NOT_LOG "Checking domain name(s) of existing cert" _CHECK_LOG "Generating private key" _CHECK_LOG "Requesting challenge for ${TMP_URL}" @@ -133,7 +133,7 @@ mv tmp_config config # Add third domain to command-lime, should force renewal. _TEST "Run in cron mode again, this time adding third domain, should force renewal." -./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Domain name(s) are not matching!" _CHECK_LOG "Forcing renew." _CHECK_LOG "Generating private key" @@ -151,7 +151,7 @@ echo "${TMP_URL} ${TMP2_URL} $(tr 'a-z' 'A-Z' <<<"${TMP3_URL}")" >> domains.txt # Run in cron mode again (should find a non-expiring certificate and do nothing) _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate" -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Skipping renew" _CHECK_ERRORLOG @@ -161,7 +161,7 @@ echo 'PRIVATE_KEY_RENEW="no"' >> config # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key) _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign" -./letsencrypt.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Ignoring because renew was forced!" _CHECK_NOT_LOG "Generating private key" @@ -175,7 +175,7 @@ _CHECK_ERRORLOG # Check if signcsr command is working _TEST "Running signcsr command" -./letsencrypt.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "BEGIN CERTIFICATE" _CHECK_LOG "END CERTIFICATE" _CHECK_NOT_LOG "ERROR" @@ -183,7 +183,7 @@ _CHECK_NOT_LOG "ERROR" # Check if renewal works _TEST "Run in cron mode again, to check if renewal works" echo 'RENEW_DAYS="300"' >> config -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Renewing!" _CHECK_ERRORLOG @@ -202,7 +202,7 @@ _CHECK_ERRORLOG # Revoke certificate using certificate key _TEST "Revoking certificate..." -./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed" REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")" _CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}" _CHECK_LOG "Done." @@ -211,7 +211,7 @@ _CHECK_ERRORLOG # Test cleanup command _TEST "Cleaning up certificates" -./letsencrypt.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/cert-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/chain-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/fullchain-"