RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

rebased

pull/14/head
Dennis Koot 10 years ago
parent
295e9714ca
commit
a259f51488
2 changed files with 12 additions and 5 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +10
    -3
      README.md
  2. +2
    -2
      getssl

+ 10
- 3
README.md View File

@ -4,15 +4,16 @@ get an SSL certificate via LetsEncrypt. Suitable for automating the process in
This was written as an addition to checkssl for servers to automatically renew certifictes. In addition it allows the running of this script in standard bash ( on a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access). Potentially I can include FTP as an option for uploading as well.
```
getssl ver. 0.16
getssl ver. 0.17
Obtain SSL certificates from the letsencrypt.org ACME server
Usage: getssl [-h|--help] [-d|--debug] [-c] [-a|--all] [-w working_dir] domain
Usage: getssl [-h|--help] [-d|--debug] [-c] [-r|--refetch] [-a|--all] [-w working_dir] domain
Options:
-h, --help Display this help message and exit
-d, --debug Outputs debug information
-c, Create default config files
-c, --create Create default config files
-r, --refetch Refetch current certificates from site
-a, --all Renew all certificates
-w working_dir Working directory
```
@ -36,11 +37,14 @@ AGREEMENT="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
#ACCOUNT_EMAIL="me@example.com"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/home/andy/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Always refetch the certificate from the server before checking expiry
#ALWAYS_REFETCH_CERT="true"
# openssl config file. The default should work in most cases.
SSLCONF="/usr/lib/ssl/openssl.cnf"
@ -69,6 +73,7 @@ then, within the **working directory** there will be a folder for each certifica
#ACCOUNT_EMAIL="me@example.com"
#ACCOUNT_KEY_LENGTH=4096
#ACCOUNT_KEY="/home/andy/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
# Additional domains - this could be multiple domains / subdomains in a comma separated list
SANS=www.example.org,example.edu,example.net,example.org,www.example.com,www.example.edu,www.example.net
@ -89,6 +94,8 @@ SANS=www.example.org,example.edu,example.net,example.org,www.example.com,www.exa
#RELOAD_CMD=""
# The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits.
#RENEW_ALLOW="30"
# Always refetch the certificate from the server before checking expiry
#ALWAYS_REFETCH_CERT="true"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"


+ 2
- 2
getssl View File

@ -32,11 +32,11 @@
# 2016-01-29 Fix ssh-reload-command, extra waiting for DNS-challenge, add some error_exit and cleanup help message (v0.14)
# 2016-01-29 added -a|--all option to renew all configured certificates (v0.15)
# 2016-01-29 added option for eliptic curve keys (v0.16)
# 2016-01-29 added -r|--refetch option to refetch certificate from site (v0.16)
# 2016-01-29 added -r|--refetch option to refetch certificate from site (v0.17)
# ---------------------------------------------------------------------------
PROGNAME=${0##*/}
VERSION="0.16"
VERSION="0.17"
# defaults
CA="https://acme-staging.api.letsencrypt.org"


Write Preview
Loading…
Cancel
Save