RENEW_DAYS="14"
KEYSIZE="4096"
WELLKNOWN=".acme-challenges"
+ PRIVATE_KEY_RENEW=no
if [[ -e "config.sh" ]]; then
. ./config.sh
}
_request() {
- temperr="$(mktemp)"
+ tempcont="$(mktemp)"
+
if [[ "${1}" = "head" ]]; then
- curl -sSf -I "${2}" 2> "${temperr}"
+ statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -I)"
elif [[ "${1}" = "get" ]]; then
- curl -sSf "${2}" 2> "${temperr}"
+ statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}")"
elif [[ "${1}" = "post" ]]; then
- curl -sSf "${2}" -d "${3}" 2> "${temperr}"
+ statuscode="$(curl -s -w "%{http_code}" -o "${tempcont}" "${2}" -d "${3}")"
fi
- if [[ -s "${temperr}" ]]; then
- echo " + ERROR: An error occured while sending ${1}-request to ${2} ($(<"${temperr}"))" >&2
- rm -f "${temperr}"
+ if [[ ! "${statuscode:0:1}" = "2" ]]; then
+ echo " + ERROR: An error occured while sending ${1}-request to ${2} (Status ${statuscode})" >&2
+ echo >&2
+ echo "Details:" >&2
+ echo "$(<"${tempcont}"))" >&2
+ rm -f "${tempcont}"
exit 1
fi
- rm -f "${temperr}"
+ cat "${tempcont}"
+ rm -f "${tempcont}"
}
signed_request() {
altnames="${*}"
echo "Signing domain ${1} (${*})..."
- # If there is no existing certificate directory we need a new private key
+ # If there is no existing certificate directory => make it
if [[ ! -e "certs/${domain}" ]]; then
+ echo " + make directory certs/${domain} ..."
mkdir -p "certs/${domain}"
+ fi
+
+ # generate a new private key if we need or want one
+ if [[ ! -f "certs/${domain}/privkey.pem" ]] || [[ "${PRIVATE_KEY_RENEW}" = "yes" ]]; then
echo " + Generating private key..."
- openssl genrsa -out "certs/${domain}/privkey.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
+ timestamp="$(date +%s)"
+ openssl genrsa -out "certs/${domain}/privkey-${timestamp}.pem" "${KEYSIZE}" 2> /dev/null > /dev/null
+ rm -f "certs/${domain}/privkey.pem"
+ ln -s "privkey-${timestamp}.pem" "certs/${domain}/privkey.pem"
fi
# Generate signing request config and the actual signing request