correcting create dir issue

README.md

@@ -3,7 +3,7 @@ get an SSL certificate via LetsEncryot.  Suitable for automating the process in
 
 This was written as an addition to checkssl for servers to automatically renew certifictes.  In addition it allows the running of this script in standard bash ( on a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access). Potentially I can include FTP as an option for uploading as well. 
 
-   getssl ver. 0.8
+   getssl ver. 0.10
    To obtain a letsencrypt SSL cert
 
    Usage: getssl [-h|--help] [-d|--debug] [-c] [-w working_dir] domain
@@ -73,9 +73,10 @@ SANS=www.testdomain.com
 #     'ssh:server5:/var/www/testdomain.com/web/.well-known/acme-challenge')
 
 # location for all your certs these can either be on the server ( so full path name) or using ssh as for the ACL
-#DOMAIN_CERT_LOCATION="ssh:server5:/home/domain/public_html/.well-known/acme-challenge/domain.crt"
-#DOMAIN_KEY_LOCATION="ssh:server5:/home/domain/public_html/.well-known/acme-challenge/domain.key"
+#DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt"
+#DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key"
 #CA_CERT_LOCATION="/etc/ssl/chain.crt"
+#DOMAIN_PEM_LOCATION="/etc/ssl/domain-bundle.pem" 
 # the command needed to reload apache / gninx or whatever you use
 #RELOAD_CMD="ssh:server5:service apache2 reload"
 #The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits. 
@@ -131,6 +132,8 @@ copying private key to ssh:server5:/home/yourdomain/ssl/domain.key
 copying CA certificate to ssh:server5:/home/yourdomain/ssl/chain.crt
 reloading SSL services
 ```
+This will (by default) used the staging server, so should give you a certificate that isn't trusted ( by happy hacker).
+Change the server in your config file to get a fully valid certificate. 
 
 Note:   Using DNS validation is still in early stages, and there are a number of issues related to it (for example I tested with cloudflare DNS which wouldn't work and with an "internal boulder sanity check" - https://github.com/letsencrypt/boulder/issues/1391 
  

getssl

@@ -25,10 +25,11 @@
 # 2016-01-18 added option to upload a single PEN file ( used by cpanel) (v0.7)
 # 2016-01-23 added dns challenge option (v0.8)
 # 2016-01-24 create the ACL directory if it does not exist. (v0.9) - dstosberg
+# 2016-01-26 correcting a couple of small bugs (v0.10)
 # ---------------------------------------------------------------------------
 
 PROGNAME=${0##*/}
-VERSION="0.9"
+VERSION="0.10"
 
 # defaults
 #umask 077 # paranoid umask, as we're creating private keys
@@ -159,9 +160,9 @@ copy_file_to_location() {
         scp $from ${to:4}"
       fi
     else
-      mkdir -p $to
+      mkdir -p $(dirname $to)
       if [ $? -gt 0 ]; then
-        error_exit "cannot create ACL directory $to"
+        error_exit "cannot create ACL directory $(basename $to)"
       fi
       cp $from $to
     fi
@@ -329,9 +330,10 @@ SANS=${EX_SANS}
 #     'ssh:server5:/var/www/${DOMAIN}/web/.well-known/acme-challenge')
 
 # location for all your certs these can either be on the server ( so full path name) or using ssh as for the ACL
-#DOMAIN_CERT_LOCATION=\"ssh:server5:/home/domain/public_html/.well-known/acme-challenge/domain.crt\"
-#DOMAIN_KEY_LOCATION=\"ssh:server5:/home/domain/public_html/.well-known/acme-challenge/domain.key\"
+#DOMAIN_CERT_LOCATION=\"ssh:server5:/etc/ssl/domain.crt\"
+#DOMAIN_KEY_LOCATION=\"ssh:server5:/etc/ssl/domain.key\"
 #CA_CERT_LOCATION=\"/etc/ssl/chain.crt\"
+#DOMAIN_PEM_LOCATION=\"\" 
 # the command needed to reload apache / gninx or whatever you use
 #RELOAD_CMD=\"\"
 #The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits.
@@ -613,6 +615,8 @@ for d in $alldomains; do
       rm -f ${ACL[$dn]}/$token
     fi
   fi
+  # increment domain-counter
+  let dn=dn+1;
 done
 
 info "Verification completed, obtaining certificate."