]> git.street.me.uk Git - andy/dehydrated.git/blobdiff - letsencrypt.sh
projects / andy / dehydrated.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fix typo in comment
[andy/dehydrated.git] / letsencrypt.sh
diff --git a/letsencrypt.sh b/letsencrypt.sh
index 728b0447dcc23492a22833efb58eb26ff5cf2089..68672742a5663f6b4c74b7d4e3622c06ee8be15f 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -209,7 +209,7 @@ sign_domain() {
 
     status="$(printf '%s\n' "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
 
 
     status="$(printf '%s\n' "${result}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
 
-    # get status until it a result is reached => not pending anymore    
+    # get status until a result is reached => not pending anymore
     while [[ "${status}" = "pending" ]]; do
       sleep 1
       status="$(_request get "${challenge_uri}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
     while [[ "${status}" = "pending" ]]; do
       sleep 1
       status="$(_request get "${challenge_uri}" | grep -Eo '"status":\s*"[^"]*"' | cut -d'"' -f4)"
@@ -247,21 +247,16 @@ sign_domain() {
     else
       cat "${SCRIPTDIR}/certs/${ROOTCERT}" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
     fi
     else
       cat "${SCRIPTDIR}/certs/${ROOTCERT}" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
     fi
-    rm -f "${BASEDIR}/certs/${domain}/fullchain.pem"
-    ln -s "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
+    ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
   fi
 
   # Update remaining symlinks
   if [ ! "${privkey}" = "privkey.pem" ]; then
   fi
 
   # Update remaining symlinks
   if [ ! "${privkey}" = "privkey.pem" ]; then
-    rm -f "${BASEDIR}/certs/${domain}/privkey.pem"
-    ln -s "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
+    ln -sf "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
   fi
 
   fi
 
-  rm -f "${BASEDIR}/certs/${domain}/cert.csr"
-  ln -s "cert-${timestamp}.csr" "${BASEDIR}/certs/${domain}/cert.csr"
-
-  rm -f "${BASEDIR}/certs/${domain}/cert.pem"
-  ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
+  ln -sf "cert-${timestamp}.csr" "${BASEDIR}/certs/${domain}/cert.csr"
+  ln -sf "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
 
   # Wait for hook script to clean the challenge and to deploy cert if used
   if [[ -n "${HOOK}" ]]; then
 
   # Wait for hook script to clean the challenge and to deploy cert if used
   if [[ -n "${HOOK}" ]]; then
@@ -332,12 +327,10 @@ fi
   if [[ -e "${cert}" ]]; then
     echo " + Found existing cert..."
 
   if [[ -e "${cert}" ]]; then
     echo " + Found existing cert..."
 
-    # Turning off exit on non-zero status for cert validation
-    set +e; openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; expiring=$?; set -e
     valid="$(openssl x509 -enddate -noout -in "${cert}" | cut -d= -f2- )"
 
     echo -n " + Valid till ${valid} "
     valid="$(openssl x509 -enddate -noout -in "${cert}" | cut -d= -f2- )"
 
     echo -n " + Valid till ${valid} "
-    if [[ ${expiring} -eq 0 ]]; then
+    if openssl x509 -checkend $((RENEW_DAYS * 86400)) -noout -in "${cert}"; then
       echo "(Longer than ${RENEW_DAYS} days). Skipping!"
       continue
     fi
       echo "(Longer than ${RENEW_DAYS} days). Skipping!"
       continue
     fi
ACME client