|
|
|
@ -136,7 +136,7 @@ write_openssl_conf() { # write out a minimal openssl conf |
|
|
|
_EOF_openssl_conf_ |
|
|
|
} |
|
|
|
|
|
|
|
write_getssl_template() { # write out the main template file |
|
|
|
write_getssl_template() { # write out the main template file |
|
|
|
cat > "$1" <<- _EOF_getssl_ |
|
|
|
# Uncomment and modify any variables you need |
|
|
|
# The staging server is best for testing (hence set as default) |
|
|
|
@ -243,7 +243,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p |
|
|
|
if [ ${_USE_DEBUG} -eq 1 ]; then |
|
|
|
CURL="$CURL --trace-ascii $dp " |
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
# convert payload to url base 64 |
|
|
|
payload64="$(printf '%s' "${payload}" | urlbase64)" |
|
|
|
debug payload64 "$payload64" |
|
|
|
@ -261,7 +261,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p |
|
|
|
protected='{"alg": "RS256", "jwk": {"e": "'"${pub_exp64}"'", "kty": "RSA", "n": "'"${pub_mod64}"'"}, "nonce": "'"${nonce}"'"}' |
|
|
|
protected64="$(printf '%s' "${protected}" | urlbase64)" |
|
|
|
debug protected "$protected" |
|
|
|
|
|
|
|
|
|
|
|
# Sign header with nonce and our payload with our private key and encode signature as urlbase64 |
|
|
|
signed64="$(printf '%s' "${protected64}.${payload64}" | openssl dgst -sha256 -sign "${ACCOUNT_KEY}" | urlbase64)" |
|
|
|
|
|
|
|
@ -395,7 +395,7 @@ reload_service() { # Runs a command to reload services ( via ssh if needed) |
|
|
|
debug "ssh $sshhost ${command}" |
|
|
|
# shellcheck disable=SC2029 |
|
|
|
ssh "$sshhost" "${command}" 1>/dev/null 2>&1 |
|
|
|
# allow 2 seconds for services to restart |
|
|
|
# allow 2 seconds for services to restart |
|
|
|
sleep 2 |
|
|
|
else |
|
|
|
debug "running reload command $RELOAD_CMD" |
|
|
|
@ -502,7 +502,7 @@ if [ ${_CHECK_ALL} -eq 1 ]; then |
|
|
|
fi # end of "-a" option. |
|
|
|
|
|
|
|
# if nothing in command line, print help and exit. |
|
|
|
if [ -z "$DOMAIN" ]; then |
|
|
|
if [ -z "$DOMAIN" ]; then |
|
|
|
help_message |
|
|
|
graceful_exit |
|
|
|
fi |
|
|
|
@ -668,7 +668,7 @@ if [ -f "$CERT_FILE" ]; then |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
|
|
|
# create account key if it doesn't exist. |
|
|
|
# create account key if it doesn't exist. |
|
|
|
if [ -f "$ACCOUNT_KEY" ]; then |
|
|
|
debug "Account key exists at $ACCOUNT_KEY skipping generation" |
|
|
|
else |
|
|
|
@ -754,7 +754,7 @@ regjson='{"resource": "new-reg", "agreement": "'$AGREEMENT'"}' |
|
|
|
if [ "$ACCOUNT_EMAIL" ] ; then |
|
|
|
regjson='{"resource": "new-reg", "contact": ["mailto: '$ACCOUNT_EMAIL'"], "agreement": "'$AGREEMENT'"}' |
|
|
|
fi |
|
|
|
# send the request to the ACME server. |
|
|
|
# send the request to the ACME server. |
|
|
|
send_signed_request "$CA/acme/new-reg" "$regjson" |
|
|
|
|
|
|
|
if [ "$code" == "" ] || [ "$code" == '201' ] ; then |
|
|
|
|
Brian Bennett
10 years ago