format CA certificate as PEM

author Lukas Schauer <lukas@schauer.so>

Thu, 17 Dec 2015 17:42:36 +0000 (18:42 +0100)

committer Lukas Schauer <lukas@schauer.so>

Thu, 17 Dec 2015 17:48:01 +0000 (18:48 +0100)
author Lukas Schauer <lukas@schauer.so>
Thu, 17 Dec 2015 17:42:36 +0000 (18:42 +0100)
committer Lukas Schauer <lukas@schauer.so>
Thu, 17 Dec 2015 17:48:01 +0000 (18:48 +0100)
diff --git a/letsencrypt.sh b/letsencrypt.sh

index bdeedadeffb5fd9df1d77c2b9a192f1ba14f47ec..1296e166a06d9493bb4087236cdc02dd314d4a60 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -378,7 +378,12 @@ sign_domain() {
    # Create fullchain.pem
    echo " + Creating fullchain.pem..."
    cat "${crt_path}" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
-  _request get "$(openssl x509 -in "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
+  _request get "$(openssl x509 -in "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)" > "${BASEDIR}/certs/${domain}/chain-${timestamp}.pem"
+  if ! grep "BEGIN CERTIFICATE" "${BASEDIR}/certs/${domain}/chain-${timestamp}.pem"; then
+    openssl x509 -in "${BASEDIR}/certs/${domain}/chain-${timestamp}.pem" -inform DER -out "${BASEDIR}/certs/${domain}/chain-${timestamp}.pem" -outform PEM
+  fi
+  ln -sf "chain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/chain.pem"
+  cat "${BASEDIR}/certs/${domain}/chain-${timestamp}.pem" >> "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
    ln -sf "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
  
    # Update remaining symlinks
author	Lukas Schauer <lukas@schauer.so>
	Thu, 17 Dec 2015 17:42:36 +0000 (18:42 +0100)
committer	Lukas Schauer <lukas@schauer.so>
	Thu, 17 Dec 2015 17:48:01 +0000 (18:48 +0100)