OPENSSL_CNF="${__OPENSSL_CNF}"
RENEW_DAYS="${__RENEW_DAYS}"
IP_VERSION="${__IP_VERSION}"
+ ALT_NAMES=
}
# verify configuration values
if [[ "${CHALLENGETYPE}" = "dns-01" ]] && [[ -z "${HOOK}" ]]; then
_exiterr "Challenge type dns-01 needs a hook script for deployment... can not continue."
fi
- if [[ "${CHALLENGETYPE}" = "http-01" && ! -d "${WELLKNOWN}" ]]; then
+ if [[ "${CHALLENGETYPE}" = "http-01" && ! -d "${WELLKNOWN}" && ! "${COMMAND:-}" = "register" ]]; then
_exiterr "WELLKNOWN directory doesn't exist, please create ${WELLKNOWN} and set appropriate permissions."
fi
[[ "${KEY_ALGO}" =~ ^(rsa|prime256v1|secp384r1)$ ]] || _exiterr "Unknown public key algorithm ${KEY_ALGO}... can not continue."
# If we generated a new private key in the step above we have to register it with the acme-server
if [[ "${register_new_key}" = "yes" ]]; then
echo "+ Registering account key with ACME server..."
- [[ ! -z "${CA_NEW_REG}" ]] || _exiterr "Certificate authority doesn't allow registrations."
- # If an email for the contact has been provided then adding it to the registration request
FAILED=false
- if [[ -n "${CONTACT_EMAIL}" ]]; then
- (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"], "agreement": "'"$LICENSE"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
- else
- (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "agreement": "'"$LICENSE"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
+
+ if [[ -z "${CA_NEW_REG}" ]]; then
+ echo "Certificate authority doesn't allow registrations."
+ FAILED=true
+ fi
+
+ # If an email for the contact has been provided then adding it to the registration request
+ if [[ "${FAILED}" = "false" ]]; then
+ if [[ -n "${CONTACT_EMAIL}" ]]; then
+ (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "contact":["mailto:'"${CONTACT_EMAIL}"'"], "agreement": "'"$LICENSE"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
+ else
+ (signed_request "${CA_NEW_REG}" '{"resource": "new-reg", "agreement": "'"$LICENSE"'"}' > "${ACCOUNT_KEY_JSON}") || FAILED=true
+ fi
fi
+
if [[ "${FAILED}" = "true" ]]; then
echo
echo
rm "${ACCOUNT_KEY}" "${ACCOUNT_KEY_JSON}"
exit 1
fi
+ elif [[ "${COMMAND:-}" = "register" ]]; then
+ echo "+ Account already registered!"
+ exit 0
fi
-
}
# Different sed version for different os types...
reqtext="$( <<<"${csr}" openssl req -noout -text )"
if <<<"${reqtext}" grep -q '^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$'; then
# SANs used, extract these
- altnames="$( <<<"${reqtext}" awk '/^[[:space:]]*X509v3 Subject Alternative Name:[[:space:]]*$/{print;getline;print;}' | tail -n1 )"
+ altnames="$( <<<"${reqtext}" awk '/X509v3 Subject Alternative Name:/{print;getline;print;}' | tail -n1 )"
# split to one per line:
# shellcheck disable=SC1003
altnames="$( <<<"${altnames}" _sed -e 's/^[[:space:]]*//; s/, /\'$'\n''/g' )"
# Description: Register account key
command_register() {
init_system
+ echo "+ Done!"
exit 0
}
if [[ -n "${PARAM_DOMAIN:-}" ]]; then
DOMAINS_TXT="$(_mktemp)"
+ tmp_domains="yes"
printf -- "${PARAM_DOMAIN}" > "${DOMAINS_TXT}"
elif [[ -e "${DOMAINS_TXT}" ]]; then
if [[ ! -r "${DOMAINS_TXT}" ]]; then
_exiterr "domains.txt found but not readable"
fi
+ elif [[ -n "${DOMAINS_D}" ]]; then
+ DOMAINS_TXT="$(_mktemp)"
+ tmp_domains="yes"
+ find "${DOMAINS_D}" -maxdepth 1 -type f | grep -o '[^/]*$' > "${DOMAINS_TXT}"
else
_exiterr "domains.txt not found and --domain not given"
fi
config_var="$(echo "${cfgline:1}" | cut -d'=' -f1)"
config_value="$(echo "${cfgline:1}" | cut -d'=' -f2-)"
case "${config_var}" in
+ ALT_NAMES)
+ config_value="$(echo "${config_value}" | tr '[:upper:]' '[:lower:]' | _sed -e "s/^'[[:space:]]*//g" -e "s/[[:space:]]*'$//g" -e 's/[[:space:]]+/ /g')"
+ ;&
KEY_ALGO|OCSP_MUST_STAPLE|PRIVATE_KEY_RENEW|PRIVATE_KEY_ROLLOVER|KEYSIZE|CHALLENGETYPE|HOOK|WELLKNOWN|HOOK_CHAIN|OPENSSL_CNF|RENEW_DAYS)
echo " + ${config_var} = ${config_value}"
declare -- "${config_var}=${config_value}"
done
IFS="${ORIGIFS}"
fi
+
+ if [[ -n "${ALT_NAMES}" ]]; then
+ if [[ -n "${morenames}" ]]; then
+ morenames="${morenames} ${ALT_NAMES}"
+ else
+ morenames="${ALT_NAMES}"
+ fi
+ line="${domain} ${morenames}";
+ fi
+
verify_config
export WELLKNOWN CHALLENGETYPE KEY_ALGO PRIVATE_KEY_ROLLOVER
done
# remove temporary domains.txt file if used
- [[ -n "${PARAM_DOMAIN:-}" ]] && rm -f "${DOMAINS_TXT}"
+ [[ "${tmp_domains:-}" = "yes" ]] && rm -f "${DOMAINS_TXT}"
[[ -n "${HOOK}" ]] && "${HOOK}" "exit_hook"
exit 0