RuhNetConsulting
/
getssl
mirror of https://github.com/srvrco/getssl
1
0
Fork 0
Code Issues 0 Projects 0 Releases 51 Wiki Activity
Browse Source

Improving the wording in a couple of comments and info statements. (0.30)

pull/36/head
srvrco 10 years ago
parent
c186b8d20b
commit
fb0b269d08
2 changed files with 21 additions and 15 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +14
    -9
      README.md
  2. +7
    -6
      getssl

+ 14
- 9
README.md View File

@ -4,7 +4,7 @@ Obtain SSL certificates from the letsencrypt.org ACME server. Suitable for auto
This was written in standard bash ( so can be run on a server, a desktop computer, or even virtualbox) and add the checks, and certificates to a remote server ( providing you have an ssh key on the remote server with access).
```
getssl ver. 0.28
getssl ver. 0.30
Obtain SSL certificates from the letsencrypt.org ACME server
Usage: getssl [-h|--help] [-d|--debug] [-c|--create] [-f|--force] [-a|--all] [-q|--quiet] [-w working_dir] domain
@ -83,22 +83,27 @@ SANS=www.example.org,example.edu,example.net,example.org,www.example.com,www.exa
# Acme Challenge Location. The first line for the domain, the following ones for each additional domain.
# If these start with ssh: then the next variable is assumed to be the hostname and the rest the location.
# An ssh key will be needed to provide you with access to the remote server.
#ACL=('/var/www/example.com/web/.well-known/acme-challenge'
# 'ssh:server5:/var/www/example.com/web/.well-known/acme-challenge')
ACL=('/var/www/example.com/web/.well-known/acme-challenge'
'ssh:server5:/var/www/example.com/web/.well-known/acme-challenge')
# Location for all your certs, these can either be on the server (so full path name) or using ssh as for the ACL
#DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt"
#DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key"
DOMAIN_CERT_LOCATION="ssh:server5:/etc/ssl/domain.crt"
DOMAIN_KEY_LOCATION="ssh:server5:/etc/ssl/domain.key"
#CA_CERT_LOCATION="/etc/ssl/chain.crt"
#DOMAIN_PEM_LOCATION=""
#DOMAIN_CHAIN_LOCATION="" this is the domain cert and CA cert
#DOMAIN_PEM_LOCATION="" this is the domain_key. domain cert and CA cert
# The command needed to reload apache / nginx or whatever you use
#RELOAD_CMD=""
RELOAD_CMD="service apache2 reload"
# The time period within which you want to allow renewal of a certificate - this prevents hitting some of the rate limits.
#RENEW_ALLOW="30"
# Define the server type. If it's a "webserver" then the main website will be checked for certificate expiry
# and also will be checked after an update to confirm correct certificate is running.
# Define the server type. The can either webserver, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
#SERVER_TYPE="webserver"
#CHECK_REMOTE="true"
# Use the following 3 variables if you want to validate via DNS
#VALIDATE_VIA_DNS="true"


+ 7
- 6
getssl View File

@ -45,10 +45,11 @@
# 2016-02-17 fix sed -E issue, and reduce length of renew check to 365 days for older systems (v0.27)
# 2016-04-05 Ensure DNS cleanup on error exit. (0.28) - pecigonzalo
# 2016-04-15 Remove NS Lookup of A record when using dns validation (0.29) - pecigonzalo
# 2016-04-17 Improving the wording in a couple of comments and info statements. (0.30)
# ---------------------------------------------------------------------------
PROGNAME=${0##*/}
VERSION="0.29"
VERSION="0.30"
# defaults
CA="https://acme-staging.api.letsencrypt.org"
@ -173,7 +174,7 @@ write_getssl_template() { # write out the main template file
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. The can either webserver, ldaps or a port number which
# Define the server type. This can either be a webserver, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
SERVER_TYPE="webserver"
@ -229,7 +230,7 @@ write_domain_template() { # write out a template file for a domain.
# this prevents hitting some of the rate limits.
RENEW_ALLOW="30"
# Define the server type. The can either webserver, ldaps or a port number which
# Define the server type. This can either be a webserver, ldaps or a port number which
# will be checked for certificate expiry and also will be checked after
# an update to confirm correct certificate is running (if CHECK_REMOTE) is set to true
#SERVER_TYPE="webserver"
@ -611,7 +612,7 @@ else
error_exit "unknown server type"
fi
# if check)remote is true then connect and obtain the current certificate (if not forceing renewal)
# if check_remote is true then connect and obtain the current certificate (if not forcing renewal)
if [[ "${CHECK_REMOTE}" == "true" ]] && [ $_FORCE_RENEW -eq 0 ]; then
debug "getting certificate for $DOMAIN from remote server"
EX_CERT=$(echo | openssl s_client -servername "${DOMAIN}" -connect "${DOMAIN}:${REMOTE_PORT}" 2>/dev/null | openssl x509 2>/dev/null)
@ -672,7 +673,7 @@ if [ -f "$CERT_FILE" ]; then
debug "enddate is $enddate"
if [[ "$enddate" != "-" ]]; then
if [[ $(date -d "${RENEW_ALLOW} days" +%s) -lt $(date -d "$enddate" +%s) ]]; then
info "certificate for $DOMAIN is still valid for more than $RENEW_ALLOW days"
info "certificate for $DOMAIN is still valid for more than $RENEW_ALLOW days (until $enddate)"
# everything is OK, so exit.
graceful_exit
else
@ -928,7 +929,7 @@ if [[ $VALIDATE_VIA_DNS == "true" ]]; then
else
if [[ $ntries -lt 100 ]]; then
ntries=$(( ntries + 1 ))
info "testing DNS for ${d}. Attempt $ntries/100 completed. waiting 10 secs before testing verify again"
info "checking DNS for ${d}. Attempt $ntries/100 gave wrong result, waiting 10 secs before checking again"
sleep 10
else
debug "dns check failed - removing existing value"


Write Preview
Loading…
Cancel
Save