grab root certificate url from certificate, fixes #43

author Lukas Schauer <lukas@schauer.so>

Mon, 14 Dec 2015 13:30:37 +0000 (14:30 +0100)

committer Lukas Schauer <lukas@schauer.so>

Mon, 14 Dec 2015 13:31:49 +0000 (14:31 +0100)
author Lukas Schauer <lukas@schauer.so>
Mon, 14 Dec 2015 13:30:37 +0000 (14:30 +0100)
committer Lukas Schauer <lukas@schauer.so>
Mon, 14 Dec 2015 13:31:49 +0000 (14:31 +0100)
diff --git a/config.sh.example b/config.sh.example

index b58356e8130cf283f8bd47f48cafeb82adfc061e..6a6f29c3998b3fd113bd079476544b3d914c778c 100644 (file)
--- a/config.sh.example
+++ b/config.sh.example
@@ -34,9 +34,6 @@
  # Path to openssl config file (default: <unset> - tries to figure out system default)
  #OPENSSL_CNF=
  
  # Path to openssl config file (default: <unset> - tries to figure out system default)
  #OPENSSL_CNF=
  
-# Name of root certificate (default: lets-encrypt-x1-cross-signed.pem)
-#ROOTCERT="lets-encrypt-x1-cross-signed.pem"
-
  # Program or function called in certain situations
  #
  # After generating the challenge-response, or after failed challenge (in this case altname is empty)
  # Program or function called in certain situations
  #
  # After generating the challenge-response, or after failed challenge (in this case altname is empty)
diff --git a/letsencrypt.sh b/letsencrypt.sh

index 45d728f8115319c4904c3e92bfeb496046e40396..42c578c423412915fb1d719c441e722d67cfc9a2 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -21,7 +21,6 @@ KEYSIZE="4096"
  WELLKNOWN=
  PRIVATE_KEY_RENEW="no"
  OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"
  WELLKNOWN=
  PRIVATE_KEY_RENEW="no"
  OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"
-ROOTCERT="lets-encrypt-x1-cross-signed.pem"
  CONTACT_EMAIL=
  
  set_defaults() {
  CONTACT_EMAIL=
  
  set_defaults() {
@@ -372,12 +371,10 @@ sign_domain() {
    _openssl x509 -text < "${crt_path}"
  
    # Create fullchain.pem
    _openssl x509 -text < "${crt_path}"
  
    # Create fullchain.pem
-  if [[ -e "${BASEDIR}/certs/${ROOTCERT}" ]]; then
-    echo " + Creating fullchain.pem..."
-    cat "${crt_path}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
-    cat "${BASEDIR}/certs/${ROOTCERT}" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
-    ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
-  fi
+  echo " + Creating fullchain.pem..."
+  cat "${crt_path}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+  _request get "$(openssl x509 -in "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+  ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
  
    # Update remaining symlinks
    if [ ! "${privkey}" = "privkey.pem" ]; then
  
    # Update remaining symlinks
    if [ ! "${privkey}" = "privkey.pem" ]; then
@@ -502,7 +499,7 @@ command_help() {
  command_env() {
    echo "# letsencrypt.sh configuration"
    typeset -p CONFIG
  command_env() {
    echo "# letsencrypt.sh configuration"
    typeset -p CONFIG
-  typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF ROOTCERT HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL
+  typeset -p CA LICENSE BASEDIR WELLKNOWN PRIVATE_KEY KEYSIZE OPENSSL_CNF HOOK RENEW_DAYS PRIVATE_KEY_RENEW CONTACT_EMAIL
    exit 0
  }
  
    exit 0
  }
author	Lukas Schauer <lukas@schauer.so>
	Mon, 14 Dec 2015 13:30:37 +0000 (14:30 +0100)
committer	Lukas Schauer <lukas@schauer.so>
	Mon, 14 Dec 2015 13:31:49 +0000 (14:31 +0100)
config.sh.example		patch \| blob \| blame \| history
letsencrypt.sh		patch \| blob \| blame \| history