#OPENSSL_CNF=.... # system default (see openssl version -d)
#ROOTCERT="lets-encrypt-x1-cross-signed.pem"
-# program called before responding to the challenge, arguments: path/to/token
-# token; can be used to e.g. upload the challenge if this script doesn't run
-# on the webserver
-#HOOK_CHALLENGE=
+# Program or function called in certain situations
+#
+# After generating the challenge-response, or after failed challenge
+# Given arguments: clean_challenge|deploy_challenge token-filename token-content
+#
+# After successfully signing certificate
+# Given arguments: deploy_cert path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
+#
+# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
+#HOOK=
# try to renew certs that are within RENEW_DAYS days of their expiration date
#RENEW_DAYS="14"
# email to use during the registration
#CONTACT_EMAIL=
-
# Default config values
CA="https://acme-v01.api.letsencrypt.org"
LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
-HOOK_CHALLENGE=
+HOOK=
RENEW_DAYS="14"
KEYSIZE="4096"
WELLKNOWN=".acme-challenges"
umask 077 # paranoid umask, we're creating private keys
+# Export some environment variables to be used in hook script
+export WELLKNOWN
+export BASEDIR
+
anti_newline() {
tr -d '\n\r'
}
echo "Details:" >&2
echo "$(<"${tempcont}"))" >&2
rm -f "${tempcont}"
+
+ # Wait for hook script to clean the challenge if used
+ if [[ -n "${HOOK}" ]]; then
+ ${HOOK} "clean_challenge" "${challenge_token}" "${keyauth}"
+ fi
+
exit 1
fi
chmod a+r "${WELLKNOWN}/${challenge_token}"
# Wait for hook script to deploy the challenge if used
- if [ -n "${HOOK_CHALLENGE}" ]; then
- ${HOOK_CHALLENGE} "${WELLKNOWN}/${challenge_token}" "${keyauth}"
+ if [[ -n "${HOOK}" ]]; then
+ ${HOOK} "deploy_challenge" "${challenge_token}" "${keyauth}"
fi
# Ask the acme-server to verify our challenge and wait until it becomes valid
echo " + Challenge is valid!"
else
echo " + Challenge is invalid! (returned: ${status})"
+
+ # Wait for hook script to clean the challenge if used
+ if [[ -n "${HOOK}" ]] && [[ -n "${challenge_token}" ]]; then
+ ${HOOK} "clean_challenge" "${challenge_token}" "${keyauth}"
+ fi
+
exit 1
fi
rm -f "${BASEDIR}/certs/${domain}/cert.pem"
ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
+ # Wait for hook script to clean the challenge and to deploy cert if used
+ if [[ -n "${HOOK}" ]]; then
+ ${HOOK} "deploy_cert" "${BASEDIR}/certs/${domain}/privkey.pem" "${BASEDIR}/certs/${domain}/cert.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
+ fi
+
+ unset challenge_token
echo " + Done!"
}
echo "Usage: ${0} revoke path/to/cert.pem"
exit 1
fi
-
+
echo "Revoking ${2}"
revoke_cert "${2}"