RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

adding SSH_OPTS as requested

pull/452/head
srvrco 8 years ago
committed by Damir Mitrovic
parent
a1b322fdec
commit
c946d42a12
2 changed files with 10 additions and 9 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +1
    -0
      README.md
  2. +9
    -9
      getssl

+ 1
- 0
README.md View File

@ -13,6 +13,7 @@ Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for auto
* **Simple and easy to use**
* **Detailed debug info** - Whilst it shouldn't be needed, detailed debug information is available.
* **Reload services** - After a new certificate is obtained then the relevant services (e.g. apache/nginx/postfix) can be reloaded.
* **ACME v1 and V2** - Supports both ACME versions 1 and 2
## Installation
Since the script is only one file, you can use the following command for a quick installation of GetSSL only:


+ 9
- 9
getssl View File

@ -196,7 +196,7 @@ VERSION="2.13"
# defaults
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY_TYPE="rsa"
CA="https://acme-staging.api.letsencrypt.org"
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
CA_CERT_LOCATION=""
CHALLENGE_CHECK_TYPE="http"
CHECK_ALL_AUTH_DNS="false"
@ -534,7 +534,7 @@ copy_file_to_location() { # copies a file, using scp, sftp or ftp if required.
debug "servername $servername"
debug "file $tofile"
# shellcheck disable=SC2029
ssh "$servername" "chown $TOKEN_USER_ID $tofile"
ssh "$SSH_OPTS" "$servername" "chown $TOKEN_USER_ID $tofile"
fi
elif [[ "${to:0:4}" == "ftp:" ]] ; then
if [[ "$cert" != "challenge token" ]] ; then
@ -1229,9 +1229,9 @@ reload_service() { # Runs a command to reload services ( via ssh if needed)
sshhost=$(echo "$RELOAD_CMD"| awk -F: '{print $2}')
command=${RELOAD_CMD:(( ${#sshhost} + 5))}
debug "running following command to reload cert"
debug "ssh $sshhost ${command}"
debug "ssh $SSH_OPTS $sshhost ${command}"
# shellcheck disable=SC2029
ssh "$sshhost" "${command}" 1>/dev/null 2>&1
ssh "$SSH_OPTS" "$sshhost" "${command}" 1>/dev/null 2>&1
# allow 2 seconds for services to restart
sleep 2
else
@ -1442,7 +1442,7 @@ send_signed_request() { # Sends a request to the ACME server, signed with your p
done
if [[ $response == *"error:badNonce"* ]]; then
debug "bad nonce"
nonce=$(echo "$responseHeaders" | grep "^replay-nonce:" | awk '{print $2}' | tr -d '\r\n ')
nonce=$(echo "$responseHeaders" | grep -i "^replay-nonce:" | awk '{print $2}' | tr -d '\r\n ')
debug "trying new nonce $nonce"
else
nonceproblem="false"
@ -1534,7 +1534,7 @@ write_domain_template() { # write out a template file for a domain.
# see https://github.com/srvrco/getssl/wiki/Example-config-files for example configs
#
# The staging server is best for testing
#CA="https://acme-staging.api.letsencrypt.org"
#CA="https://acme-staging-v02.api.letsencrypt.org/directory"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
@ -1586,7 +1586,7 @@ write_getssl_template() { # write out the main template file
# see https://github.com/srvrco/getssl/wiki/Config-variables for details
#
# The staging server is best for testing (hence set as default)
CA="https://acme-staging.api.letsencrypt.org"
CA="https://acme-staging-v02.api.letsencrypt.org/directory"
# This server issues full certificates, however has rate limits
#CA="https://acme-v01.api.letsencrypt.org"
@ -2283,9 +2283,9 @@ for d in $alldomains; do
sshhost=$(echo "${t_loc}"| awk -F: '{print $2}')
command="rm -f ${t_loc:(( ${#sshhost} + 5))}/${token:?}"
debug "running following command to remove token"
debug "ssh $sshhost ${command}"
debug "ssh $SSH_OPTS $sshhost ${command}"
# shellcheck disable=SC2029
ssh "$sshhost" "${command}" 1>/dev/null 2>&1
ssh "$SSH_OPTS" "$sshhost" "${command}" 1>/dev/null 2>&1
rm -f "${TEMP_DIR:?}/${token:?}"
elif [[ "${t_loc:0:4}" == "ftp:" ]] ; then
debug "using ftp to remove token file"


Write Preview
Loading…
Cancel
Save