RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Fixed whitespace errors, so that HERE docs work.

pull/107/head
Alexander Skwar 9 years ago
parent
6edded9dca
commit
540e2b6dce
1 changed files with 146 additions and 146 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +146
    -146
      getssl

+ 146
- 146
getssl View File

@ -267,12 +267,12 @@ copy_file_to_location() { # copies a file, using scp if required.
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
ftp -n <<- _EOF
open $ftphost
user $ftpuser $ftppass
cd $ftpdirn
lcd $fromdir
put $fromfile
_EOF
open $ftphost
user $ftpuser $ftppass
cd $ftpdirn
lcd $fromdir
put $fromfile
_EOF
elif [[ "${to:0:5}" == "sftp:" ]] ; then
debug "using sftp to copy the file from $from"
ftpuser=$(echo "$to"| awk -F: '{print $2}')
@ -286,10 +286,10 @@ copy_file_to_location() { # copies a file, using scp if required.
debug "sftp user=$ftpuser - pass=$ftppass - host=$ftphost dir=$ftpdirn file=$ftpfile"
debug "from dir=$fromdir file=$fromfile"
sshpass -p "$ftppass" sftp "$ftpuser@$ftphost" <<- _EOF
cd $ftpdirn
lcd $fromdir
put $fromfile
_EOF
cd $ftpdirn
lcd $fromdir
put $fromfile
_EOF
else
mkdir -p "$(dirname "$to")"
if [ $? -gt 0 ]; then
@ -352,22 +352,22 @@ graceful_exit() { # normal exit function.
help_message() { # print out the help message
cat <<- _EOF_
$PROGNAME ver. $VERSION
Obtain SSL certificates from the letsencrypt.org ACME server
$(usage)
Options:
-h, --help Display this help message and exit
-d, --debug Outputs debug information
-c, --create Create default config files
-f, --force Force renewal of cert (overrides expiry checks)
-a, --all Check all certificates
-q, --quiet Quiet mode (only outputs on error, or succcess of new cert)
-u, --upgrade Upgrade getssl if a more recent version is available
-w working_dir Working directory
_EOF_
$PROGNAME ver. $VERSION
Obtain SSL certificates from the letsencrypt.org ACME server
$(usage)
Options:
-h, --help Display this help message and exit
-d, --debug Outputs debug information
-c, --create Create default config files
-f, --force Force renewal of cert (overrides expiry checks)
-a, --all Check all certificates
-q, --quiet Quiet mode (only outputs on error, or succcess of new cert)
-u, --upgrade Upgrade getssl if a more recent version is available
-w working_dir Working directory
_EOF_
}
hex2bin() { # Remove spaces, add leading zero, escape as hex string and parse with printf
@ -520,122 +520,122 @@ usage() { # program usage
write_domain_template() { # write out a template file for a domain.
cat > "$1" <<- _EOF_domain_
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing
#CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#AGREEMENT="$AGREEMENT"
# Set an email address associated with your account - generally set at account level rather than domain.
#ACCOUNT_EMAIL="me@example.com"
#ACCOUNT_KEY_LENGTH=4096
#ACCOUNT_KEY="$WORKING_DIR/account.key"
PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
# Note: this is Additional domains - so should not include the primary domain.
SANS=${EX_SANS}
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location
# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge"
# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
#ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge'
# 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge'
# 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge')
#Enable use of a single ACL for all checks
#USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL
#DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt"
#DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key"
#CA_CERT_LOCATION="/etc/ssl/chain.crt"
#DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
#DOMAIN_KEY_CERT_LOCATION="" # this is the domain_key and domain cert
#DOMAIN_PEM_LOCATION="" # this is the domain_key. domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
#SERVER_TYPE="https"
#CHECK_REMOTE="true"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=
#AUTH_DNS_SERVER=""
#DNS_WAIT=10
#DNS_EXTRA_WAIT=60
_EOF_domain_
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing
#CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#AGREEMENT="$AGREEMENT"
# Set an email address associated with your account - generally set at account level rather than domain.
#ACCOUNT_EMAIL="me@example.com"
#ACCOUNT_KEY_LENGTH=4096
#ACCOUNT_KEY="$WORKING_DIR/account.key"
PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
# Note: this is Additional domains - so should not include the primary domain.
SANS=${EX_SANS}
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
# If these start with ftp: then the next variables are ftpuserid:ftppassword:servername:ACL_location
# These should be of the form "/path/to/your/website/folder/.well-known/acme-challenge"
# where "/path/to/your/website/folder/" is the path, on your web server, to the web root for your domain.
#ACL=('/var/www/${DOMAIN}/web/.well-known/acme-challenge'
# 'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge'
# 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge')
#Enable use of a single ACL for all checks
#USE_SINGLE_ACL="true"
# Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL
#DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt"
#DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key"
#CA_CERT_LOCATION="/etc/ssl/chain.crt"
#DOMAIN_CHAIN_LOCATION="" # this is the domain cert and CA cert
#DOMAIN_KEY_CERT_LOCATION="" # this is the domain_key and domain cert
#DOMAIN_PEM_LOCATION="" # this is the domain_key. domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
#SERVER_TYPE="https"
#CHECK_REMOTE="true"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=
#AUTH_DNS_SERVER=""
#DNS_WAIT=10
#DNS_EXTRA_WAIT=60
_EOF_domain_
}
write_getssl_template() { # write out the main template file
cat > "$1" <<- _EOF_getssl_
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing (hence set as default)
CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#AGREEMENT="$AGREEMENT"
# Set an email address associated with your account - generally set at account level rather than domain.
#ACCOUNT_EMAIL="me@example.com"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="$WORKING_DIR/account.key"
PRIVATE_KEY_ALG="rsa"
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
SERVER_TYPE="https"
CHECK_REMOTE="true"
# openssl config file. The default should work in most cases.
SSLCONF="$SSLCONF"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=
#AUTH_DNS_SERVER=""
#DNS_WAIT=10
#DNS_EXTRA_WAIT=60
_EOF_getssl_
# Uncomment and modify any variables you need
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing (hence set as default)
CA="https://acme-staging.api.letsencrypt.org"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
#AGREEMENT="$AGREEMENT"
# Set an email address associated with your account - generally set at account level rather than domain.
#ACCOUNT_EMAIL="me@example.com"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="$WORKING_DIR/account.key"
PRIVATE_KEY_ALG="rsa"
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. This can be https, ftp, ftpi, imap, imaps, pop3, pop3s, smtp,
# smtps_deprecated, smtps, smtp_submission, xmpp, xmpps, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
SERVER_TYPE="https"
CHECK_REMOTE="true"
# openssl config file. The default should work in most cases.
SSLCONF="$SSLCONF"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"
#DNS_ADD_COMMAND=
#DNS_DEL_COMMAND=
#AUTH_DNS_SERVER=""
#DNS_WAIT=10
#DNS_EXTRA_WAIT=60
_EOF_getssl_
}
write_openssl_conf() { # write out a minimal openssl conf
cat > "$1" <<- _EOF_openssl_conf_
# minimal openssl.cnf file
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
[v3_req]
[v3_ca]
_EOF_openssl_conf_
# minimal openssl.cnf file
distinguished_name = req_distinguished_name
[ req_distinguished_name ]
[v3_req]
[v3_ca]
_EOF_openssl_conf_
}
# Trap signals
@ -1138,13 +1138,13 @@ for d in $alldomains; do
# generate a file with the current variables for the dns-challenge
cat > "$TEMP_DIR/dns_verify/$d" <<- _EOF_
token="${token}"
uri="${uri}"
keyauthorization="${keyauthorization}"
d="${d}"
primary_ns="${primary_ns}"
auth_key="${auth_key}"
_EOF_
token="${token}"
uri="${uri}"
keyauthorization="${keyauthorization}"
d="${d}"
primary_ns="${primary_ns}"
auth_key="${auth_key}"
_EOF_
else # set up the correct http token for verification
# get the http component of the ACME response
@ -1200,11 +1200,11 @@ for d in $alldomains; do
ftplocn=$(echo "${DOMAIN_ACL}"| awk -F: '{print $5}')
debug "ftp user=$ftpuser - pass=$ftppass - host=$ftphost loction=$ftplocn"
ftp -n <<- EOF
open $ftphost
user $ftpuser $ftppass
cd $ftplocn
delete ${token:?}
EOF
open $ftphost
user $ftpuser $ftppass
cd $ftplocn
delete ${token:?}
EOF
else
rm -f "${DOMAIN_ACL:?}/${token:?}"
fi


Write Preview
Loading…
Cancel
Save