From be0e8c4ff561ad0afde03ca2fb6c25682494dd83 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 3 Feb 2020 17:27:59 +0000 Subject: [PATCH] wip to add all config options to docs/templates --- getssl | 32 ++++++++++++++++++++++++++------ 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/getssl b/getssl index 9da3dbf..a91d61f 100755 --- a/getssl +++ b/getssl @@ -211,37 +211,49 @@ PROGNAME=${0##*/} VERSION="2.16" # defaults +# ACCOUNT_EMAIL +# ACCOUNT_KEY_ALG ACCOUNT_KEY_LENGTH=4096 ACCOUNT_KEY_TYPE="rsa" -CA="https://acme-staging-v02.api.letsencrypt.org/directory" +# AGREEMENT? CA_CERT_LOCATION="" +CA="https://acme-staging-v02.api.letsencrypt.org/directory" CHALLENGE_CHECK_TYPE="http" CHECK_ALL_AUTH_DNS="false" -CHECK_REMOTE="true" CHECK_REMOTE_WAIT=0 +CHECK_REMOTE="true" CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" CSR_SUBJECT="/" CURL_USERAGENT="${PROGNAME}/${VERSION}" DEACTIVATE_AUTH="false" DEFAULT_REVOKE_CA="https://acme-v02.api.letsencrypt.org" +# DNS_ADD_COMMAND +# DNS_DEL_COMMAND +# DNS_CHECK_FUNC (internal?) DNS_EXTRA_WAIT="" DNS_WAIT=10 +# DOMAIN_DIR DOMAIN_KEY_LENGTH=4096 DUAL_RSA_ECDSA="false" +# FORCE_RENEWAL (file) GETSSL_IGNORE_CP_PRESERVE="false" HTTP_TOKEN_CHECK_WAIT=0 IGNORE_DIRECTORY_DOMAIN="false" +OCSP_MUST_STAPLE="false" ORIG_UMASK=$(umask) +# PREVENT_NON_INTERACTIVE_RENEWAL PREVIOUSLY_VALIDATED="true" PRIVATE_KEY_ALG="rsa" PUBLIC_DNS_SERVER="" RELOAD_CMD="" RENEW_ALLOW="30" REUSE_PRIVATE_KEY="true" +# REMOTE_EXTRA +# REVOKE_CA SERVER_TYPE="https" SKIP_HTTP_TOKEN_CHECK="false" +# SSH_OPTS SSLCONF="$(openssl version -d 2>/dev/null| cut -d\" -f2)/openssl.cnf" -OCSP_MUST_STAPLE="false" TEMP_UPGRADE_FILE="" TOKEN_USER_ID="" USE_SINGLE_ACL="false" @@ -1878,7 +1890,10 @@ usage() { # echos out the program usage write_domain_template() { # write out a template file for a domain. cat > "$1" <<- _EOF_domain_ - # Uncomment and modify any variables you need + # This file is read second (and per domain if running with the -a option) + # and overwrites any settings from the first file + # + # Uncomment and modify any variables you need # see https://github.com/srvrco/getssl/wiki/Config-variables for details # see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs # @@ -1909,6 +1924,9 @@ write_domain_template() { # write out a template file for a domain. # 'ftp:ftpuserid:ftppassword:${DOMAIN}:/web/.well-known/acme-challenge' # 'davs:davsuserid:davspassword:{DOMAIN}:443:/web/.well-known/acme-challenge') + # Specify SSH options, e.g. non standard port in SSH_OPTS + # SSH_OPTS=-p 12345 + #Set USE_SINGLE_ACL="true" to use a single ACL for all checks #USE_SINGLE_ACL="false" @@ -1935,7 +1953,9 @@ write_domain_template() { # write out a template file for a domain. write_getssl_template() { # write out the main template file cat > "$1" <<- _EOF_getssl_ - # Uncomment and modify any variables you need + # This file is read first and is common to all domains + # + # Uncomment and modify any variables you need # see https://github.com/srvrco/getssl/wiki/Config-variables for details # # The staging server is best for testing (hence set as default) @@ -2081,7 +2101,7 @@ if [[ $_REVOKE -eq 1 ]]; then fi # get latest agreement from CA (as default) -AGREEMENT=$(curl --user-agent "$CURL_USERAGENT" -I "${CA}/terms" 2>/dev/null | awk 'tolower($1) ~ "location:" {print $2}'|tr -d '\r') +AGREEMENT=$(curl --user-agent "$CURL_USERAGENT" -I "${CA}/terms" 2>/dev/null | awk 'tolower($1) ~ "location:" {print $2}' | tr -d '\r') # if nothing in command line, print help and exit. if [[ -z "$DOMAIN" ]] && [[ ${_CHECK_ALL} -ne 1 ]]; then