- Initial support for configuration on per-certificate base
- Support for per-CA account keys and custom config for output cert directory, license, etc.
- Added option to select IP version of name to address resolution
+- Added option to run letsencrypt.sh without locks
## Fixed
- letsencrypt.sh no longer stores account keys from invalid registrations
--ipv6 (-6) Resolve names to IPv6 addresses only
--domain (-d) domain.tld Use specified domain name(s) instead of domains.txt entry (one certificate!)
--force (-x) Force renew of certificate even if it is longer valid than value in RENEW_DAYS
+ --no-lock (-n) Don't use lockfile (potentially dangerous!)
--ocsp Sets option in CSR indicating OCSP stapling to be mandatory
--privkey (-p) path/to/key.pem Use specified private key instead of account key (useful for revocation)
--config (-f) path/to/config Use specified config file
[[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
[[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+ [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
[[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}"
[[ -n "${PARAM_CERTDIR:-}" ]] && CERTDIR="${PARAM_CERTDIR}"
load_config
# Lockfile handling (prevents concurrent access)
- LOCKDIR="$(dirname "${LOCKFILE}")"
- [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting."
- ( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting."
- remove_lock() { rm -f "${LOCKFILE}"; }
- trap 'remove_lock' EXIT
+ if [[ -n "${LOCKFILE}" ]]; then
+ LOCKDIR="$(dirname "${LOCKFILE}")"
+ [[ -w "${LOCKDIR}" ]] || _exiterr "Directory ${LOCKDIR} for LOCKFILE ${LOCKFILE} is not writable, aborting."
+ ( set -C; date > "${LOCKFILE}" ) 2>/dev/null || _exiterr "Lock file '${LOCKFILE}' present, aborting."
+ remove_lock() { rm -f "${LOCKFILE}"; }
+ trap 'remove_lock' EXIT
+ fi
# Get CA URLs
CA_DIRECTORY="$(http_request get "${CA}")"
fi
;;
-
# PARAM_Usage: --force (-x)
# PARAM_Description: Force renew of certificate even if it is longer valid than value in RENEW_DAYS
--force|-x)
PARAM_FORCE="yes"
;;
+ # PARAM_Usage: --no-lock (-n)
+ # PARAM_Description: Don't use lockfile (potentially dangerous!)
+ --no-lock|-n)
+ PARAM_NO_LOCK="yes"
+ ;;
+
# PARAM_Usage: --ocsp
# PARAM_Description: Sets option in CSR indicating OCSP stapling to be mandatory
--ocsp)