# Check for script dependencies
check_dependencies() {
curl -V > /dev/null 2>&1 || _exiterr "This script requires curl."
- openssl version > /dev/null 2>&1 || _exiterr "This script requres an openssl binary."
- sed "" < /dev/null > /dev/null 2>&1 || _exiterr "This script requres sed."
- grep -V > /dev/null 2>&1 || _exiterr "This script requres grep."
- mktemp -u > /dev/null 2>&1 || _exiterr "This script requires mktemp."
+ openssl version > /dev/null 2>&1 || _exiterr "This script requires an openssl binary."
+ sed -E "" < /dev/null > /dev/null 2>&1 || _exiterr "This script requires sed with support for extended (modern) regular expressions."
+ grep -V > /dev/null 2>&1 || _exiterr "This script requires grep."
+ mktemp -u -t XXXXXX > /dev/null 2>&1 || _exiterr "This script requires mktemp."
}
# Setup default config values, search for and load configuration files
load_config
# Lockfile handling (prevents concurrent access)
+ LOCKDIR="$(dirname "${LOCKFILE}")"
+ [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting."
( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting."
remove_lock() { rm -f "${LOCKFILE}"; }
trap 'remove_lock' EXIT
fi
fi
- [[ -d "${WELLKNOWN}" ]] || _exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
+ if [[ "${CHALLENGETYPE}" = "http-01" && ! -d "${WELLKNOWN}" ]]; then
+ _exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
+ fi
}
# Print error message and exit with error
# Send http(s) request with specified method
http_request() {
- tempcont="$(mktemp)"
+ tempcont="$(mktemp -t XXXXXX)"
if [[ "${1}" = "head" ]]; then
statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
done
SAN="${SAN%%, }"
local tmp_openssl_cnf
- tmp_openssl_cnf="$(mktemp)"
+ tmp_openssl_cnf="$(mktemp -t XXXXXX)"
cat "${OPENSSL_CNF}" > "${tmp_openssl_cnf}"
printf "[SAN]\nsubjectAltName=%s" "${SAN}" >> "${tmp_openssl_cnf}"
openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/${privkey}" -out "${BASEDIR}/certs/${domain}/cert-${timestamp}.csr" -subj "/CN=${domain}/" -reqexts SAN -config "${tmp_openssl_cnf}"
init_system
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
- DOMAINS_TXT="$(mktemp)"
+ DOMAINS_TXT="$(mktemp -t XXXXXX)"
printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
elif [[ -e "${BASEDIR}/domains.txt" ]]; then
DOMAINS_TXT="${BASEDIR}/domains.txt"
fi
# Generate certificates for all domains found in domains.txt. Check if existing certificate are about to expire
- <"${DOMAINS_TXT}" sed 's/^[[:space:]]*//g;s/[[:space:]]*$//g' | (grep -vE '^(#|$)' || true) | while read -r line; do
+ <"${DOMAINS_TXT}" sed -E -e 's/^[[:space:]]*//g' -e 's/[[:space:]]*$//g' -e 's/[[:space:]]+/ /g' | (grep -vE '^(#|$)' || true) | while read -r line; do
domain="$(printf '%s\n' "${line}" | cut -d' ' -f1)"
morenames="$(printf '%s\n' "${line}" | cut -s -d' ' -f2-)"
cert="${BASEDIR}/certs/${domain}/cert.pem"
fi
}
+ [[ -z "${@}" ]] && eval set -- "--help"
+
while (( "${#}" )); do
case "${1}" in
--help|-h)
env) command_env;;
sign_domains) command_sign_domains;;
revoke) command_revoke "${PARAM_REVOKECERT}";;
- *) command_help; exit1;;
+ *) command_help; exit 1;;
esac
}