--- /dev/null
+#!/bin/bash
+
+set -e
+set -u
+set -o pipefail
+
+SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+BASEDIR="${SCRIPTDIR}"
+LETSENCRYPT="/etc/letsencrypt"
+
+. "${SCRIPTDIR}/config.sh"
+
+if [[ -e "${BASEDIR}/domains.txt" ]]; then
+ DOMAINS_TXT="${BASEDIR}/domains.txt"
+elif [[ -e "${SCRIPTDIR}/domains.txt" ]]; then
+ DOMAINS_TXT="${SCRIPTDIR}/domains.txt"
+else
+ echo "You have to create a domains.txt file listing the domains you want certificates for. Have a look at domains.txt.example."
+ echo "For the purpose of this import script the file can be empty, but it has to exist."
+ exit 1
+fi
+
+for certdir in "${LETSENCRYPT}/live/"*; do
+ domain="$(basename "${certdir}")"
+ echo "Processing ${domain}"
+
+ # Check if we already have a certificate for the same (main) domain
+ if [ -e "${BASEDIR}/certs/${domain}" ]; then
+ echo " + Skipping: Found existing certificate directory, don't want to delete anything."
+ continue
+ fi
+
+ # Check if private-key, certificate and fullchain exist
+ if [[ ! -e "${certdir}/privkey.pem" ]]; then
+ echo " + Skipping: Private key is missing."
+ continue
+ fi
+ if [[ ! -e "${certdir}/cert.pem" ]]; then
+ echo " + Skipping: Certificate is missing."
+ continue
+ fi
+ if [[ ! -e "${certdir}/fullchain.pem" ]]; then
+ echo " + Skipping: Chain is missing."
+ continue
+ fi
+
+ # Check if certificate still valid
+ set +e; openssl x509 -checkend 0 -noout -in "${certdir}/cert.pem" > /dev/null 2> /dev/null; expired="${?}"; set -e
+ if [[ "${expired}" = "1" ]]; then
+ echo " + Skipping: Certificate is expired."
+ continue
+ fi
+
+ # Import certificate
+ timestamp="$(date +%s)"
+
+ echo " + Adding list of domains to ${DOMAINS_TXT}"
+ SAN="$(openssl x509 -in "${certdir}/cert.pem" -noout -text | grep -A1 "Subject Alternative Name" | grep "DNS")"
+ SAN="${SAN//DNS:/}"
+ SAN="${SAN//, / }"
+ altnames="${domain}"
+ for altname in ${SAN}; do
+ if [[ ! "${altname}" = "${domain}" ]]; then
+ altnames="${altnames} ${altname}"
+ fi
+ done
+ echo "${altnames}" >> "${DOMAINS_TXT}"
+
+ mkdir -p "${BASEDIR}/certs/${domain}"
+
+ echo " + Importing private key"
+ cat "${certdir}/privkey.pem" > "${BASEDIR}/certs/${domain}/privkey-${timestamp}.pem"
+ ln -s "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
+
+ echo " + Importing certificate"
+ cat "${certdir}/cert.pem" > "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
+ ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
+
+ echo " + Importing chain"
+ cat "${certdir}/fullchain.pem" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+ ln -s "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
+done
projects / andy / dehydrated.git / commitdiff