RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Merge d3b91d9229 into 0922e280d5

pull/174/merge
Christian 9 years ago
committed by GitHub
parent
0922e280d5 d3b91d9229
commit
cac7e7c181
1 changed files with 21 additions and 11 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +21
    -11
      getssl

+ 21
- 11
getssl View File

@ -156,10 +156,11 @@
# 2016-11-08 Add and comment optional sshuserid for ssh ACL (1.80) # 2016-11-08 Add and comment optional sshuserid for ssh ACL (1.80)
# 2016-11-09 Add SKIP_HTTP_TOKEN_CHECK option (Issue #170) (1.81) # 2016-11-09 Add SKIP_HTTP_TOKEN_CHECK option (Issue #170) (1.81)
# 2016-11-13 bug fix DOMAIN_KEY_CERT generation (1.82) # 2016-11-13 bug fix DOMAIN_KEY_CERT generation (1.82)
# 2016-11-16 Implement RENEW_ALLOW=false to disable auto-renewal (1.83)
# ---------------------------------------------------------------------------------------- # ----------------------------------------------------------------------------------------
PROGNAME=${0##*/} PROGNAME=${0##*/}
VERSION="1.82"
VERSION="1.83"
# defaults # defaults
CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl" CODE_LOCATION="https://raw.githubusercontent.com/srvrco/getssl/master/getssl"
@ -665,7 +666,7 @@ get_signing_params() { # get signing parameters from key
*) error_exit "invalid curve algorithm type $gsp_keytype";; *) error_exit "invalid curve algorithm type $gsp_keytype";;
esac esac
fi fi
case "$crv" in
case "$crv" in
P-256) jwkalg="ES256" ; signalg="sha256" ;; P-256) jwkalg="ES256" ; signalg="sha256" ;;
P-384) jwkalg="ES384" ; signalg="sha384" ;; P-384) jwkalg="ES384" ; signalg="sha384" ;;
P-521) jwkalg="ES512" ; signalg="sha512" ;; P-521) jwkalg="ES512" ; signalg="sha512" ;;
@ -1442,17 +1443,26 @@ fi
# if there is an existing certificate file, check details. # if there is an existing certificate file, check details.
if [[ -s "$CERT_FILE" ]]; then if [[ -s "$CERT_FILE" ]]; then
debug "certificate $CERT_FILE exists" debug "certificate $CERT_FILE exists"
enddate=$(openssl x509 -in "$CERT_FILE" -noout -enddate 2>/dev/null| cut -d= -f 2-)
debug "local cert is valid until $enddate"
if [[ "$enddate" != "-" ]]; then
enddate_s=$(date_epoc "$enddate")
if [[ $(date_renew) -lt "$enddate_s" ]] && [[ $_FORCE_RENEW -ne 1 ]]; then
info "certificate for $DOMAIN is still valid for more than $RENEW_ALLOW days (until $enddate)"
# everything is OK, so exit.
if [[ $_FORCE_RENEW -ne 1 ]]; then
if [[ "$RENEW_ALLOW" == "false" ]]; then
info "Auto-renewal for $DOMAIN disabled"
graceful_exit graceful_exit
else else
debug "certificate for $DOMAIN needs renewal"
enddate=$(openssl x509 -in "$CERT_FILE" -noout -enddate 2>/dev/null| cut -d= -f 2-)
debug "local cert is valid until $enddate"
if [[ "$enddate" != "-" ]]; then
enddate_s=$(date_epoc "$enddate")
if [[ $(date_renew) -lt "$enddate_s" ]]; then
info "certificate for $DOMAIN is still valid for more than $RENEW_ALLOW days (until $enddate)"
# everything is OK, so exit.
graceful_exit
else
debug "certificate for $DOMAIN needs renewal"
fi
fi
fi fi
else
debug "Renewal for $DOMAIN forced"
fi fi
fi fi
# end of .... if there is an existing certificate file, check details. # end of .... if there is an existing certificate file, check details.
@ -1721,7 +1731,7 @@ for d in $alldomains; do
ftp -n <<- EOF ftp -n <<- EOF
open $ftphost open $ftphost
user $ftpuser $ftppass user $ftpuser $ftppass
cd $ftplocn
cd $ftplocn
delete ${token:?} delete ${token:?}
EOF EOF
else else


Write Preview
Loading…
Cancel
Save