RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Fix first run when external cert exists

pull/152/head
Tomasz Słodkowicz 9 years ago
parent
23d58239bb
commit
6cf8d1cb0f
1 changed files with 26 additions and 24 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +26
    -24
      getssl

+ 26
- 24
getssl View File

@ -1206,30 +1206,32 @@ if [[ "${CHECK_REMOTE}" == "true" ]] && [ $_FORCE_RENEW -eq 0 ]; then
# debug "local certificate doesn't exist, saving a copy from remote" # debug "local certificate doesn't exist, saving a copy from remote"
# echo "$EX_CERT" > "$DOMAIN_DIR/${DOMAIN}.crt" # echo "$EX_CERT" > "$DOMAIN_DIR/${DOMAIN}.crt"
# fi # fi
# check renew-date on ex_cert and compare to local ( if local exists)
enddate_ex=$(echo "$EX_CERT" | openssl x509 -noout -enddate 2>/dev/null| cut -d= -f 2-)
enddate_lc=$(openssl x509 -noout -enddate < "$CERT_FILE" 2>/dev/null| cut -d= -f 2-)
enddate_ex_s=$(date_epoc "$enddate_ex")
enddate_lc_s=$(date_epoc "$enddate_lc")
debug "external cert has enddate $enddate_ex ( $enddate_ex_s ) "
debug "local cert has enddate $enddate_lc ( $enddate_lc_s ) "
if [ "$enddate_ex_s" -eq "$enddate_lc_s" ]; then
debug "certificates expire at the same time"
elif [ "$enddate_ex_s" -gt "$enddate_lc_s" ]; then
# remote has longer to expiry date than local copy.
debug "remote cert has longer to run than local cert - ignoring"
else
info "remote expires sooner than local ..... will attempt to upload from local"
copy_file_to_location "domain certificate" "$CERT_FILE" "$DOMAIN_CERT_LOCATION"
copy_file_to_location "private key" "$DOMAIN_DIR/${DOMAIN}.key" "$DOMAIN_KEY_LOCATION"
copy_file_to_location "CA certificate" "$CA_CERT" "$CA_CERT_LOCATION"
cat "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}_chain.pem"
copy_file_to_location "full pem" "$TEMP_DIR/${DOMAIN}_chain.pem" "$DOMAIN_CHAIN_LOCATION"
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" > "$TEMP_DIR/${DOMAIN}_K_C.pem"
copy_file_to_location "private key and domain cert pem" "$TEMP_DIR/${DOMAIN}_k_C.pem" "$DOMAIN_KEY_CERT_LOCATION"
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
copy_file_to_location "full pem" "$TEMP_DIR/${DOMAIN}.pem" "$DOMAIN_PEM_LOCATION"
reload_service
if [ -f "$CERT_FILE" ]; then
# check renew-date on ex_cert and compare to local ( if local exists)
enddate_ex=$(echo "$EX_CERT" | openssl x509 -noout -enddate 2>/dev/null| cut -d= -f 2-)
enddate_lc=$(openssl x509 -noout -enddate < "$CERT_FILE" 2>/dev/null| cut -d= -f 2-)
enddate_ex_s=$(date_epoc "$enddate_ex")
enddate_lc_s=$(date_epoc "$enddate_lc")
debug "external cert has enddate $enddate_ex ( $enddate_ex_s ) "
debug "local cert has enddate $enddate_lc ( $enddate_lc_s ) "
if [ "$enddate_ex_s" -eq "$enddate_lc_s" ]; then
debug "certificates expire at the same time"
elif [ "$enddate_ex_s" -gt "$enddate_lc_s" ]; then
# remote has longer to expiry date than local copy.
debug "remote cert has longer to run than local cert - ignoring"
else
info "remote expires sooner than local ..... will attempt to upload from local"
copy_file_to_location "domain certificate" "$CERT_FILE" "$DOMAIN_CERT_LOCATION"
copy_file_to_location "private key" "$DOMAIN_DIR/${DOMAIN}.key" "$DOMAIN_KEY_LOCATION"
copy_file_to_location "CA certificate" "$CA_CERT" "$CA_CERT_LOCATION"
cat "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}_chain.pem"
copy_file_to_location "full pem" "$TEMP_DIR/${DOMAIN}_chain.pem" "$DOMAIN_CHAIN_LOCATION"
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" > "$TEMP_DIR/${DOMAIN}_K_C.pem"
copy_file_to_location "private key and domain cert pem" "$TEMP_DIR/${DOMAIN}_k_C.pem" "$DOMAIN_KEY_CERT_LOCATION"
cat "$DOMAIN_DIR/${DOMAIN}.key" "$CERT_FILE" "$CA_CERT" > "$TEMP_DIR/${DOMAIN}.pem"
copy_file_to_location "full pem" "$TEMP_DIR/${DOMAIN}.pem" "$DOMAIN_PEM_LOCATION"
reload_service
fi
fi fi
else else
info "Certificate on remote domain does not match domain, ignoring remote certificate" info "Certificate on remote domain does not match domain, ignoring remote certificate"


Write Preview
Loading…
Cancel
Save