From 64e35463cbbfc35ad1bf8537b60602707be2daaf Mon Sep 17 00:00:00 2001 From: Lukas Schauer Date: Tue, 13 Sep 2016 19:48:27 +0200 Subject: [PATCH] renamed project to dehydrated and main script to dehydrated.sh --- CHANGELOG | 6 +++++- README.md | 6 ++++-- letsencrypt.sh => dehydrated.sh | 14 +++++++------- docs/dns-verification.md | 2 +- docs/domains_txt.md | 2 +- docs/examples/config | 10 +++++----- docs/hook_chain.md | 8 ++++---- docs/import-from-official-client.md | 2 +- docs/logo.jpg | Bin 0 -> 47613 bytes docs/per-certificate-config.md | 2 +- docs/troubleshooting.md | 6 +++--- docs/wellknown.md | 12 ++++++------ test.sh | 22 +++++++++++----------- 13 files changed, 49 insertions(+), 43 deletions(-) rename letsencrypt.sh => dehydrated.sh (98%) create mode 100644 docs/logo.jpg diff --git a/CHANGELOG b/CHANGELOG index 46a6d61..2eda0d8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,14 @@ # Change Log -This file contains a log of major changes in letsencrypt.sh +This file contains a log of major changes in dehydrated.sh ## [x.x.x] - xxxx-xx-xx ## Changed - ... +## [0.3.1] - 2016-09-13 +## Changed +- Renamed project to `dehydrated` and main script to `dehydrated.sh`. + ## [0.3.0] - 2016-09-07 ## Changed - Config is now named `config` instead of `config.sh`! diff --git a/README.md b/README.md index 81bbd10..5c65776 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -# letsencrypt.sh [![Build Status](https://travis-ci.org/lukas2511/letsencrypt.sh.svg?branch=master)](https://travis-ci.org/lukas2511/letsencrypt.sh) +# dehydrated.sh [![Build Status](https://travis-ci.org/lukas2511/dehydrated.svg?branch=master)](https://travis-ci.org/lukas2511/dehydrated) + +![](docs/logo.jpg) This is a client for signing certificates with an ACME-server (currently only provided by letsencrypt) implemented as a relatively simple bash-script. @@ -28,7 +30,7 @@ If you have any problems take a look at our [Troubleshooting](docs/troubleshooti ## Usage: ```text -Usage: ./letsencrypt.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... +Usage: ./dehydrated.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ... Default command: help diff --git a/letsencrypt.sh b/dehydrated.sh similarity index 98% rename from letsencrypt.sh rename to dehydrated.sh index 787c31f..4e2a563 100755 --- a/letsencrypt.sh +++ b/dehydrated.sh @@ -1,7 +1,7 @@ #!/usr/bin/env bash -# letsencrypt.sh by lukas2511 -# Source: https://github.com/lukas2511/letsencrypt.sh +# dehydrated.sh by lukas2511 +# Source: https://github.com/lukas2511/dehydrated # # This script is licensed under The MIT License (see LICENSE for more information). @@ -25,7 +25,7 @@ BASEDIR="${SCRIPTDIR}" # Create (identifiable) temporary files _mktemp() { # shellcheck disable=SC2068 - mktemp ${@:-} "${TMPDIR:-/tmp}/letsencrypt.sh-XXXXXX" + mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated.sh-XXXXXX" } # Check for script dependencies @@ -94,7 +94,7 @@ verify_config() { load_config() { # Check for config in various locations if [[ -z "${CONFIG:-}" ]]; then - for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do + for check_config in "/etc/dehydrated.sh" "/usr/local/etc/dehydrated.sh" "${PWD}" "${SCRIPTDIR}"; do if [[ -f "${check_config}/config" ]]; then BASEDIR="${check_config}" CONFIG="${check_config}/config" @@ -181,7 +181,7 @@ load_config() { [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs" [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt" - [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt" + [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated" [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock" [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE="" @@ -246,7 +246,7 @@ init_system() { # If we generated a new private key in the step above we have to register it with the acme-server if [[ "${register_new_key}" = "yes" ]]; then - echo "+ Registering account key with letsencrypt..." + echo "+ Registering account key with ACME server..." [[ ! -z "${CA_NEW_REG}" ]] || _exiterr "Certificate authority doesn't allow registrations." # If an email for the contact has been provided then adding it to the registration request FAILED=false @@ -924,7 +924,7 @@ command_help() { # Usage: --env (-e) # Description: Output configuration variables for use in other scripts command_env() { - echo "# letsencrypt.sh configuration" + echo "# dehydrated.sh configuration" load_config typeset -p CA LICENSE CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE } diff --git a/docs/dns-verification.md b/docs/dns-verification.md index 0c07c3f..898aefc 100644 --- a/docs/dns-verification.md +++ b/docs/dns-verification.md @@ -19,4 +19,4 @@ Or when you do have a DNS API, pass the details accordingly to achieve the same You can delete the TXT record when called with operation clean_challenge, when $2 is also the domain name. -Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks) +Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks) diff --git a/docs/domains_txt.md b/docs/domains_txt.md index 466eae9..ed6b453 100644 --- a/docs/domains_txt.md +++ b/docs/domains_txt.md @@ -1,6 +1,6 @@ ### domains.txt -letsencrypt.sh uses the file `domains.txt` as configuration for which certificates should be requested. +dehydrated.sh uses the file `domains.txt` as configuration for which certificates should be requested. The file should have the following format: diff --git a/docs/examples/config b/docs/examples/config index a836a4e..96a2161 100644 --- a/docs/examples/config +++ b/docs/examples/config @@ -1,10 +1,10 @@ ######################################################## -# This is the main config file for letsencrypt.sh # +# This is the main config file for dehydrated.sh # # # # This file is looked for in the following locations: # # $SCRIPTDIR/config (next to this script) # -# /usr/local/etc/letsencrypt.sh/config # -# /etc/letsencrypt.sh/config # +# /usr/local/etc/dehydrated/config # +# /etc/dehydrated/config # # ${PWD}/config (in current working-directory) # # # # Default values of this config are in comments # @@ -42,8 +42,8 @@ # Directory for account keys and registration information #ACCOUNTDIR="${BASEDIR}/accounts" -# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/letsencrypt) -#WELLKNOWN="/var/www/letsencrypt" +# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated) +#WELLKNOWN="/var/www/dehydrated" # Default keysize for private keys (default: 4096) #KEYSIZE="4096" diff --git a/docs/hook_chain.md b/docs/hook_chain.md index 450c0fd..c025783 100644 --- a/docs/hook_chain.md +++ b/docs/hook_chain.md @@ -9,7 +9,7 @@ See below for an example on how the calls change: ### HOOK_CHAIN="no" (default behaviour) ``` -# INFO: Using main config file /etc/letsencrypt.sh/config +# INFO: Using main config file /etc/dehydrated/config Processing lukas.im with alternative names: www.lukas.im + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... @@ -31,13 +31,13 @@ HOOK: clean_challenge www.lukas.im blublublu blublublu.supersecure + Checking certificate... + Done! + Creating fullchain.pem... -HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152442 +HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152442 + Done! ``` ### HOOK_CHAIN="yes" ``` -# INFO: Using main config file /etc/letsencrypt.sh/config +# INFO: Using main config file /etc/dehydrated/config Processing lukas.im with alternative names: www.lukas.im + Checking domain name(s) of existing cert... unchanged. + Checking expire date of existing cert... @@ -57,7 +57,7 @@ HOOK: clean_challenge lukas.im blablabla blablabla.supersecure www.lukas.im blub + Checking certificate... + Done! + Creating fullchain.pem... -HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152408 +HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152408 + Done! ``` diff --git a/docs/import-from-official-client.md b/docs/import-from-official-client.md index bcfe07c..8cc8950 100644 --- a/docs/import-from-official-client.md +++ b/docs/import-from-official-client.md @@ -1,3 +1,3 @@ # Import -If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/letsencrypt.sh/wiki/Import-from-official-letsencrypt-client). +If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/dehydrated/wiki/Import-from-official-letsencrypt-client). diff --git a/docs/logo.jpg b/docs/logo.jpg new file mode 100644 index 0000000000000000000000000000000000000000..ad1c2a7b0c194eff561f020f36b11a9c017a9cc8 GIT binary patch literal 47613 zcmbTdWmH^2w=LSxxH}Cr7F>fv106JYa0?KuaSM&pNN{ajLU4k+2MYvu3myUlcL?qw zH{ZGEp7F+b@5g&@?Xm06-al%NTC3Jtvu6EW`nwJwQc+M=0HB}%04V<+z~7&MFaSE* zKLh?}#6U;Kz{1DE!oN9 z8CYo<7#UE|F)*+&u?VrS2pPyp$Qk}W+uv>gF&2s?%6A|NF#weq1xSqYw;$#6zd53# z{Fed#+fYz}Xy_Q2SlBqYL;zG2AQ1K6y#G!7-=6{hz5&pP(McHjWiUv!EHGcd$pnIv z3b2@D>wCzxzn?J+TDpZ`<4{n7sHj<3+1NQag@i>!#USEx@~;&Xm6TOel9F3E-5W5uV`p&YW~vF+ScCN z*FP{gG(0joGdnlGu(! zEa(4$^k0bn-vJ8w|Apv(0R0c1zsmqTAj-c50}=zI05=COaAejrN;HJ;d9I-li6u8% zFBx-`Lv_29HWA_}uUsPpYGwA0KH*=t&4-qQGW0(pMn#tS%|XkI0z?Fk}k57RedWgj{`@EYe)#yC}^Xx z)e3nj4IN7FS^8#D3q^`%qm5(Lx`&=j8r+~uB2bRv|99~#rTauyL zEu2P`6ey#3{@r++5zJu><(h`!M^o<+azrkdKq?Gz*sq1OAXi?Ni|@k<5V|JO{F&AZ zqHp8JrENv>pYaGJi&N`p#VW|FgxzSk?@ney5Xo11oLCGu2d^hI{|qGHcSyR=r1htN zuHe_qPs)W3P?8#@le_u4`A|(2t6Eqb=A)vuK`+-5hp^5$xD@~ZM5Y?9bVKMb%peZD zkK-dFHgrLrQ!2cS1F)t10&CNto6lRB?aT=h-T1*j$xdaX)(5~YE?;rr+==|pH<-n| z`I6xHW_zSSfPD)b2cK9v@U6f0UqJHrt%OHHvkwPyi-)cBw?<|g3ES~hE>qvKjAk*8 z4@K_T9{YmLvf4?zhH9w=8o0VTiWuvXi|mi7h|hT=aM*4_=vu*>m4`Dd zGl_X;iFRRp)Tt<0p(#)00jBbgR4#7_s*9C|tdH@q7@oE|IkfUD(>N&759gBgcSWIm zU|m0)^d;?5<{_b|VAPY<>}>F6=?~q*=y4uxDr`PjaoOHf0HPWvq~=+BESspq_u zXri{0Iil<(fr}5?3Fks)Ca;E;c)+^*$#O(blx`(3gzV|-O+H0faD;1- zIlDy?B>(pDN8=T8<4fxVV=ouyX!U)aud? zE~?Z7K^3&nc?B-{-G~Cs;Oej3KQoLpu&>|Z8wgE6v#ZN+@v%R8h{qi>Bb4qi!d2g`TXzkskWO3eI+ z%knoFR03?{X)iIUoL*YE2QFOv(rhuVG)_z79~4i3nUJ%KJ8fk{-b%bev5_#IrFEo` zFPwWnvP;{wdS9fnL~qB;eiAzHqV4s)w5+S(Y@UPNCoV=5W^+C?&)X8>d4TR71haG@ zL_CH@ii0gz6oJsR4*-HU3=`xsu~oI))3Ngk@~No_jM3n^P!3WHWQCj?Htm3+p=QvI z^eBw1Mz4w4M94xVU@cN8nl=%8=|}g0_Fxcc%MOJ3!k!FbSVp6O*rrRxj*|J11)_CV z3O)+of2vixlGFq&iGiO=k$>z^Mo|Zi0pODXf!w}Su#+_#=5^8QXlxdxLjYhixQJa3 z@YG88M9nMVAO>RqpGZzqE_6$$fY`hd=1>_h1=Dv$gmj^^GO1Wk1}|Y?Z({nESkHJ+ zGC~Jc*VH`?aC@Ru6GXZ9xQ7uc1c9yBy9Q%ujXQ$&Shkfk9A$9Bn1(Y zk!6BAm1ym;1olCRhT#y@6icVnfU`)dZb^h@Glzh5JbyBV_+0!zRGI)K8-v$go)Ox2 z(NTrfq1mJfM#EIP@qqdR=~IXZ3>w@`cg_CN?X~|Ul5|3oU{b>jE*;6Mh#DjpSuMoh zo!P_y({7=?*VR+WmEI)(=P1r!sSRjx~|+JA_UN)}@|7d(2gXMcZb#>Mhm@Fe+` z=$z>U3w!~gDzCeLEm#i^ol^JvJ}Lpgba%tLDj1SM8f>2+$uToy@n7S1`mp#&o~sWm zi4GP@{0kF&e4O5#tZ%W<3dm~;+1Oz{+yq4?MRhrl+iB0nPD4&|so@$c2+u*}l^oSF_fBi;8CTxz;5@8WZp39}j3B$PRtE#@>KMJ9(cO~{{ian`5DW~kq~#QA!(>SdI5KJa zrp&1cFUSg2q*mxVw`&}z0MknWexSbTN3fLj1Kzzy_4{@I7cv+Szj^p^Fo=@#QTLzE zVOl)GyIm-P4dKAhmIMc03SyB8+U}4}_}mOT;{AqPh&XAcT9!!$y1vfOmFsejqXO0i zrxOq@dn-vf`=J1Ywp@gNpHKDo$VujVm;ynHCKgMJfpU-8vn)Xj(*VS*oZ?R2z{`8?XR*J4y6fBLRA^vr&|iQ@@iXXI zY5imWROPc~H+i>kSl;{wy1Lqs)dJ~2@j z4;Y&1%v{5~bWD;J&p$`}I#$h&+5ap5gLWe(7s1PH@)2lHzI}Xm&y)**HD%hHSiq8r z?dbY1;97Ty7t`lZW5-~$y6g&_8Smp(3pwYJg`p_>Apkm3v70z3FzB9<)VTPfa#^F5 zI7>p|-7g!pz1dDFX91%Cj96S=Ib*hOWPiR!@4yt&ENR~Vm}9>>QeJ@VPAi{2`M^In9ul+zl=pL$d1N?l7!ndd8-*3Q{})bu5f8O24% zzDFCwLO#mFT)uZB|Zm{)4my*Bc%J=0R37^78R|1)42ZF z)OVv|!wic;a<_^ra53`2}!YaNML+td@K%-G|xQ z^5rWNv1kMQbe)FGwY`qDrS}q4W*&&)J+6E@-kq;UwGLI{-`=t>!*A`ODwNw|dy*Fp zPI`T=Py!`rfPH~7Dep?;I^Wf8xl_a`-yUc+nb2an+?!~JIVm9{KL0@nRr(tQZHp<- zU-yede7DwjX-UuRnKo&W^mU?q|2CoScSxBL{P>JwxQG}Rl{hc<9vJVYp#DYoQa)*O z-3Ne!441%bkYG707a`6|t=tIWqtHu>NtzGlrYRu#@ zE|D6n9N4U5(7-sl%YUw(M0)Jk1T0`U<7zyt9?Bv1`c%VA@_B^xQ~|IDRjhUsnr-As zSnCcr#^Dx%yo_P_R7+@)dft0F%YJ0_PxG{@B)UbQJdDUJPP zt!7UznD@+~_SrZ`vuCNQB6|1oHCstQg)Nqz=|*+|wv!hKAB4;5ere?)rE;-{i7hl~ zK*QfbCGM)xY3t@B)~}MR!Bi8l-zFf-@R%QgmK|`)p=7{@lDNJdJO;ik${G2owQ`?f zQgMAGQ+*m4W*$Twe@AUq%H2KJ6xEoK(`ly9YJkYF(jOymDYX??Du*@?`Qz zWTgvct~w@&tmc?C*f3dnU&BPpO>xkdTUu*+U9;!2Nu`^g7Z6QbRzs^yi5YdEG5%}t zLRnqBNnRQOgrNme&MKePm@Xv~KZoz6Oa%I~xlP}ZuxpR^(ZLe}oc;^QWoOQm`j%U} zn0u8)%%`mb74^hO>-GWK5N^JqXeAs&M`LH|q^Kj*Zr#kl4Mt*c@-Jr)prH&cWTO0- zVyl(_6wY=sV)?GarRmf2$i8hi-u+KiJqY|W^M9)9BXow#T*}~MuAN`~Q*8;|L3NVE zSFf%m2e6x4$YH;dSIbu*@~HA?q=WV=kk>faVqC59oY-GVjQ6Rv+C7m>@^dLtNct)lT=%H09_|n%}n1HFkgc zL8OKXo$#Er?^kwkX(-$%ic`m8NE8zu980h056cDyt?ZTzR2t&!bnML}iBP+@x(q|v zQN}Rp>hU3oE*^lWPy~DX!TQ;s&wtej%@JnSuXom-5*@y_=Rzo1{@;Q?HbFZ?4 z?UXb2%=1VpVKc+jS&HVq%2wx?wESolJ%h)x8@|;R^YPfKVIl>XYipW#rXl%F;<{P$ zeC>(!#ooFnMtvGOlc+O7Y;_x9~Sa-N}i`r0x;>LGChleJ>TIP&hq)%JFAw_?btoU ze!z~CUBM!9r@$9G#cG`BEWzShLHT%pU)ZB|o4?18ieN4m?{5uc;_0C-`SN6&sbt<|m< zOK>FJ)=b(EOa4t1Z6Anfw&3%&v8**sDu1u}dD4k8sxu)@F>nu%{f}tDbWDi;*RS7f zJ#iZHV3Q5AFekMX|<)cJ%0!7KVrUMCDe(R1U~Z5iqKoMn+hUjC^ofsh|!{ z5(Fe{lG(T1?m8A+$I7i+bl>9SI9wPl+G2U(`{FwLs$P~4JDv9@Cz{%G7FIZXVwl-C zm7s~c9$Oa0QZl1muZ69g23&>k)-m{U<~!Vg;m;rah+vWz*hU(%qRdM@Erf~j8M`0( z-hNiIGSAh3FBE@t?Pj(GZ2@NzO$e!`*cPGe)ZSpqR=}lnpZPL`X~`>JCde1av=&6I zp+*q!ID_J5nEe1;2%^IYQo25oZqouPDT8RC2t8&4nMis+JF%lljxWQ9aPhs!C-uyg z#df&?=-1K@X^fAh=e3T6(Itg8NY{zv#TLZ`)9XdabC6l;cRp2g(yBqq|vF=%hN61QgHyS;JoGS(vx zdhTPbZAyOujZPr{FGs{sY5^I#YlliX*H~i$W7RT9^Zf6VVQ~0ICbCtf5hJ@jj~7>* zN7$Rys;ZA9K2cv5-&zPTJdV0a8CAeP=Nwye3n7RU&kOsPnZH?{tH%TnVHnPZy?1?W z&)t>gJwau(CsI0YBw05-L?2sR}ccvN3CVW>~UXezv z_cge8xBBA%J+>JCuN4z}K_nsPGlneTVzKKKZ)V_bkvO4yV`FFY+=>2?#@Colj00vh zkmx4YRApoioBazgHScARC`^p`FM!)XLd__-jC-kPuT!<1<4}y!;0GJskK#7YzG)Fc zw%`eo>6~Z-+A(^CSEyJcc(PK=1XmD`S06)PL7#zUfI>10YvYUa^DVC3Eo7tS-J$Kq4`1VQbAEi05_2H4= z*MBI@BM{+#Q<~WRY7YrWF!600`DOCmr`sfh5IJhu!X04kjxtv!i&m*sjloxP z$lEe&!?YH72z-$|=b9x!Eu1C7&0RT-+)6TFfnkQW`|={`DnEi_g}(#B#MZ@*(y9++ zw!O+P3cq-EN_6#|09t-APD3MAlJ-l7lrR>R1FrXw*ZEktxq<#Dce6@XHV0HmqJ;Ss zbvWBxZrEG-6|w}9b^XX%NU8N)?&r|9SgSgQK(fqtI9NSw7EZ~Ebn}FtcyQb6MGWKB z1&7#*-)zrk)YJ&eh*^5$Syrk#ux(3*ji%}3zG_CLN2Y{7*$4UG0j~DhQO^0P7%{|g zVoB!`Pq|S*&^T0Ed1h-Mtc-y;>Cjf%+>`_oL+$YNL3Ro)KDg#7u*= z6Z4s(J7pUDJy|_z2s0HqJbR<+ZB~q}aKPDCA7#VWaz~!Rx- z^&lTyueivr73Du)aS0F6NsC~7dUtnX8pzv8{o9gB&dld{v-4bg zu%Owdn~naZj;VVb-C&+UunW|nKdJ05AbN)GLmbyDm6ruCae*?zd1S<`rb}Z7Nuilj zOW)hF`eZ0l%+7sGaA}n55QXs$bkr&QK6c4No8L&}czOL_DP7C;l>4Z>EGH!R#P-A{ zP*}SxBvA~#J5W6&dVHxP8pi#hxBL72w-0#dup0e>or!Cv!-(*2@sbdD3uS@Snu)&K z*bWID-8=lO09)0z_p85pw-J0bwqcnoBj1zvO-Y!t2YZIl2S^`Q0|(q@rY+4p0!*cc~kkEQDt=A(c(nD=jMI)_fi5FHU@t6o%L~;e#(;8U9jvsb0c-i4j9N)=t zNtnL9W|TU@jdI8d`Q%@*K-QfTJT>!?&n=l(HbNpMMidu+R}q-TU}c$6r6yXApDVp? zOU`4$4K>*+Q5VC^Gzk}~f|wOp)4HkiPk;+RtZ%^M8IrZYV)=ZVjdJ_jT;All0lwanI11n{+Lo&Tg7-MkY)4$F`5rDa&_C-zlsMDSW@eP8LaQ}_%jg3D%n?2685_IRyJ^tfoI(Dp`HJ)>oruSDbGOfh3x^zi-C@88D8G9qI9 zusQ;99Ql>^%r4w0^u-iB#4AQWSC>cLyX87*6K1$P>%qOeS(OTl@4QuKPM0?aIs6wv zHul(Cv*blbB2}^xEyA>n$%1G}r^@2xw6D$cbPQ-xorItQy$7c}&i>_6Urlnkd<|05 zGE%wilht=jI|;aQcZA^p&b6^QYPzE3zJ51K5Mb+!T$HXqsVGWd=sjeryomKw1(^30 z;Z=aM<2Tk*YQHF&&=W0c^{^G=(Rpt;Sk-3Xo_==H^=K`ccf@NWDu75??uw7&wMs}E zFmUbsRMK{K{UcXI&~S1o@#Rw^?8&eg*?XxdC;5$fi%V(0rT;ua5gmkzb6cAOcm1Ac zMjfNF@5A5$a@rH76!otx+q!gcn5^bB%T8LF_N8riO`_4B#c1j&LDIq>5+WOl`_~_{g$h#emZRl?BBwvkE#z^IJF;E z34C^BFd9u~Bm_eYjp`S;OW_-xK%GA)MPooO9G{V!nhZ-e+P!lSniy+JAzgJT0(@E)mVA5~0(|EcvJFDW{S-dT88!W{g0ER6Wq3YpCnr4(RU_q5nHOJw1P$X)I&R zY@x{Xtr~5~ew}p6R1q#s0Ko6O%l}^MwPlhUhD6-vPcROvBW`{lD1S~|@AD4ifQBpw zOPJw^Q^S`kv1y2Yi8ANTWilrl0C%=IuB#s62SofwT@BBXAB@omt6%2*zw1h>_H|q5{Lz-qKGsnD?AdvX;$GL6IS=!CY(*Y zA`9R9_H|84vJena+rNBQpPu%%_X~mGBqzq3W)KqCdFX>0#J1PaoPo(imdk2~mpGQzbmcU!z9LDuYky~s+qwN~+YT6d9;w--LbTC!nrI0PTmr3;#-VAe{-MUo&grCB#M#3bD~ zDB;qhK`32v*`Z^^LknfRY8Az9icHO_uvYRF1+1xN6c6_95v`L11gxDIr$a7~ znc&JKU4n|n6+V+=5w2}=9jJ9pl!|J=IGvJzR*0Qh#4x* z$Q4yq!Mo|zk-1bdtj>T}X*r2P%iz2ZZX~UHF(1inIb9!LCwYp4KdoF2V}zqUlTylN zcadp*ZEEgxo_#s>Biuu_S;fB4hxZ-fR4ttXIOyx$7=H)cs^ zt+iWI^Ut;mB>ce}} zAxzbB9EY;q)_Gp)K6{zX^&;rY^(Wi`3B|8ty?!$m=&0S3iRpDu53VsXR z!7NqjCghDhWH92MnPCPxlFF?Hsl*`MXPIqk@X^9!u<*4Jroz-J}2{Oe?;;BH+8q{#fTn&GnHg3c=X$NTX!yi2o)Jak?X(;?H zk{HA51*~@b4JGJL)!AP_6DD(R^9#_v$Ij4ZWx;1OskVp z;U0dn#Jamyfc#^^I-ipjK}NwL>q&WDl_SxC2+r0^Z;l`Du?~M5eJ|!v+O0N77v=Y; zWNkJ`Ka>$(sovFKl=4k@pI=+vI}NWtUs_T176OlON9OY!9GF(j%JsT+v@tt2N21L# zo~rz08MhXNPa{K>EB8&_<&2*R<5MBODDj@)TAz&EPa|q;XTBo!O^bgs?eo3Oifo^# z7S(N-E4<{f#gO)mYqh=^@c-k)qU4ZJ-nV5xuisV(0^*L5?mNaVx_1$b1pv*#wPuKy z#h=vl^e23nN=_YHJm((-bHRF15gxI)L>mUdnwmoY6Dd1_)$>GYzz&GA`nw* zLtABqX?@!jE(5E-c!{=mRTAXQaGo~A8X*+9T>~E(w8xP>TVd~}&$UAfTb4`ICCzoS zU*T5CSke80ElIqbX!sEm#JrC1F6!;8BM=qw*~XD$Ue0F+T#md5YGZhfX?y$cl*1_l zf+Nc+>MexjJz40MhWq<<)WSwb2azixJ|Zk4V`4)#jTVs@aIgeAJC?A`%}q7b2RGn% z*Y#W--OYXptDc&gqR;t7`lP?s-udG%V0g;RFZ>w|O1bUN%XN2o{o&KK*FujIoic0J zyC=0rv6r4$V3bS7L29@{4xXUsgz(&}f|XIJod$_kPB|uHXR2&o9sDL6Vhjgq|yIphH5?ko~m{mCZrS zt!0(}O3C)=NP)iBFfWeYst``Dmk*6Fl} za2vEkf3YCgTuF&`D;#d$w_)x4u$Ec2a0}Fo0{gn1brZ^&1~{RyR6w0XY_+LXb&S;( ztC}HrK+n!$aE~Zj0MxOk-+b@QD!pF#P;W(jL%4eg-)r9!;kKiJk|sK!D8QzuneTtQFzbK2aH#Eg9}xx=KH=Z8Y`fC8E~oO*WUtg+dVs_q>H4$&dR6IT8@1YG zAE$AyH?x4i78oCx!$}t|?=@ZDX3dcHhm%(~!U9X% z&{=X_r}eYK6UkTdKXxzkgV3B%4NvyjnNvx6+}w|XW$-@Q*_dz)Z!Q1x#lke#pT;y% zPn@zh(>gn?xOq-MCD=R>DrGPdJ~BZm_+DE+it9HJExxo92<~H&Ov-j&4jDp~>_+J+ zV&lQ2&^sQIv`mXeMiY0L1m|uor%10(zIqm!7jDD9Z2W2TWv)dX`Qhte=L$YLk4Dyb zJpsH93;~qPDa~ zm^Z(^e$$yylw((1uEL|oyK~`DsoJUj8uDUIu;uwd(!hkzEvd(V9_!daZsRY2(xgzs zHQk834Lst_&Mk%WJDz~U!Bs=8JgWQbZ%d(TL#jCyirz30GOh{+7 z{WZT!RdIc%{n{oy&N4yz?Z+S)y@9i3Zj=BJ?y4q5>sxRu7$-$k@t^ zHx=I=+l~yUFfylSk1mWq@_IsblntnVhkJ6d&|1eyZvO=g`5EA=k?wnHkLO=eEcR#O zU*3B?WYd`sjW8~C|G{^c6x#Ieqr|3>Lsxx)UwS^_-r96Lv8AUfFUD&Cb$`&UzXlVl z3n=i92*sK9hG{Kb4#H)CsqARxcsjTVTo?Xd6C7ln^mM)kUs|~$^rCTdVhm~^-9U5Kj&ODWV-zM^?UrhWT+4?s1`S}i>9-saegd7{!?7f!_lq!_+_0$0 z?eoOI8#|bizBNcIIH~73HFu!6{Qhz4G?2~bANe(B^!qPBQ8-|i@{Z{0U(q90yEXTp zWRbq>go*+=x~l#7f%MfTJu3C7nn}4fq1IYafD2<%B7PNFjh}X%D14KQKXQdEDOpfu z6GXYU+LFHywa@gRB*7L1b;BmnRjoeT&HqbBJ{h26xXKoj6%H1V2{iE{E$XSE-UXI@ z_Ekqi+jJ}QWttZf)>2+NVWY*W&>gNWzI|JU=!hbCTStiIT`~m6vl_($;&zwg;&f2J z;+3gxKko)8lU3S|puI!rVOW*>glc9dm5}G5c1qc*oT-F7{XY{tNGAM%)?K`CI^)wNS2uQ~!V} zi3q2%A%Cy@2r+DItyT<3erpF#1?m=NIpp((sGFW10XSr+j5Te127@Q(t1}cpMwWPI zOu)yl+<{)B?Ct%&RN94idwJY7Cbli(0cB;*{Y9E64^cYx%a|wCFYETCKi|SQ-ZNg@ z5*kR&d|i3%GSn7UfL=A(K!`Tx=uF~B-I*T!KD$9)&zN4v^nGJ?vu)jBZ{{t=U>90l zE0fC1sicN~QC^CBK2sa)BIdg`(o<2gLO1sj+i!E#MJ#Z95n&r)F3C+{uHhCK(~0lN zLtJF1=w&;!@dswicDzhiUPUCwGua}QhUK!Y01+0Y7iK^7On(JjunLdp*feWczHOR; zQIy|()6u>W@JzYGcGl?qg==zL|0U#73%n~fF*oV{=hRNVO9zc>CdmcG z`lD{%uEimfsiSFFJFb^CbSlbUU6yC9zDkB+IARq&t?i-yKB_8{mpIJR>gX)yNUzDy z@vfhec~lXw95$F4S-|j7IR` zMCpl*c9UIL3bTLnXaJ#5qDyJWjLvFtOj+%&ib+}jOO;%&vLPaC^Qa@1vSZGlr~K{D zmrpIky8?uPzBO;xHMBt^Eam0an+XKJ;?moz(4z+zoLjGtOx$|s_MO2dY(<}H)SP05 z^%9XTI+-Jbn%{HmOY8nrVVnmkl8b_N2v$fi2&JW_$nazIqJcilNHCtJ3Ky@)Y%)OvWL)7Bf2qxy~{4Z$) z<7q5@AJ*B=NQfkg%5l+YG{ziF${sf#*<9Vbh@o`3gcMq+J;g%EPEzD2&_VJ)kw$Lc zMcm*qWZUMWRzY~%%CSoM$>2XVQmfMFXu*8jKDtnMf+Z$y>*cRbN;D`LNq^GFpx{j6 z&${c^1aIL;Z(;7#W?E{Zq7ytqH9Eo9{a03n=x(u7<-!a&rSHe3P?Tf(&RUPI$eBok z3`2V=>O?KPg8ghKM3)@Nm_ZmXfBY@Rom{DQO{DKP3v75v`q4vpd?{(RqTRtot$0V zBx*}R`*l2aXP2@YBDMp#bloM)WWY}=)*2TTxcIySt>z!n+3SSffJ5KcJ#iQo7clIh zf$8i>t!CaCEiF%Yd-c2sR~00_CmgKz%ar9+@AIc|uYC6_kND@E>~Dh(&fXt2{P@l7 z4?7)?i?nYKto(fZ*_LhA3buHxi$xx8W4W6am~y1#kgF@i`-ZOga4Esr8~zxUrn8&k z^7_tMe-`eJc=Ww!7hLcMA9>F2SvxV}G#}7cc)tA0pFTOygV|Y*!W4<@ubwE#3uBr` z^!#2dWL5eQ%CtUGhI`0Wm;rq1f<}MbCZ0)&M~vK-ur_Z6cwwd0y!7~nhap)sb<Enf|0eP{?ReboSoi}8U*<23`R1Iz0MTV(`>qie!4-MPi}cgJuM8gT-hHb&qk41K zOI1AQ6JOGBdW#V6rG%l#RrMhm>y4K<_A0EA>Tx@2r>%Ln@qtyVoSUbr?&$+Os+)wN z9#mgr#{ke)<;@pksvDjTGA^+9?lHBy|2yfB`y!b8b#b3a?Y}r<}5K_n! zhl_^-5_S%*a1ecF&5-lne5cW$T+ej_#bLs4y&f-ZR*5f}kmbA)srt%Meh_z)_WkMu z&hp?l=t3bwd+Uc1gnk7ZcRjI&0<*Y!TBS*2Q~R$t7Zgce=M&0lSdhcL)|8~q4_e~8 zfU-k`mnMV5*GjdWqD0eL ztdW(Ja;#zGj6T5Z0`_11Qz6e>V6ZbZ8u+hqzt*H6_mVU>4}B5?<%{R#tx3@Yvinpa z9ByHM0Zh<<=l{;-p#LT?h}3TnTTm%Nz$7y3=Y#nERZS_c26@k;J$3k>4yzDI53oK@ zR({VtCMO71ipUCO)U|&#>*72*FfDr9I5)e?x=6A-Y`k2-__E1)?OWQZEcBCk-iC8SWx* zA(M6M5$i% zG~~dmJttz7W|BWV!4;|xW9o!BO4l=D1K=& zUuuN_DVZ8bv^~==CXQg`a*^zPC&pqwzL_Ys8% z{#Zxm%e+_F9%U}QhQ6I|$Ib3;2U@rg$| zqKnT==h-WKA@lfg=}ME>AZDFFg#&h4g1q%w;$@@X=|}Qsuk%d=?9ZxN=x?tdsEfT| zI^<+k;yk1q$J7~iO%n!#Mwzs0P8X6#x#HX5;79#vu-kx&+HtkVUjWsw{D?I!LTp2F zP|PylC1I^J{<~v$QML{tCx76^9sLPqxk#mZ=%@EZ0(g%vWpu_BBK7cGd#Dxhlt~Cs z2Ro#nIBTfMJ;#!4^BqJXpcqW2K=L#LyN~F+Qjxy^C$rTOPnufF`S9GpaVg)>Nf#BdL=!7b2w>A;oj{zH? zlC-NEw2XG}3xDgGV2oWvkZnq4OPwKncxo)c46Y4~5d~WjZ~(6267jnu$V{kSrnXM{ zLiykR()KunT5#R!z?m*?OTAXBRP8+(GA|aEUaYJrQehT2<&8GQQ7P{u_o9##RTJ%t z&Wvw1XcIrsSYSv|pO$`{OE1mQ5hx|a_&v}cP4Od?bXqp6{x0+CU?*pax67%WN>se0 zz(+3=8rrC`^A`Xn;F>M|ILLc^erThe+`tL(#rW}_#dB&^r{4XFd=*dfh3gnGgdl>( z?o69mjZO)i`7;d!=_<62pwd(2UC>E0cQx3z7t7bsksUK>ZQ!7N6uKE3`ZWLX=&iEh zcfs;i{D}$^>Cy9HF-|v*7bkO(mSrpvgn)G@G@1pwu)iT z`>SK|?!>o0eH)bkQAY(rCutFh)1)?`Em}`V1NQ?L>jT(hme&dY>UHdpu)_KA5V40fl<)ZS%HhL@rh= zm``ZhyMp$olQjzq%RQ2nN=)GznlWU7X#{Gs1-2*}lG&aG9iLzK*~0H-PGsfCT?I4q zAs?dL@1+QZ-)A{06Gi(zU!oW;ctsbpui0H@Y!NRj5@BM+5J;RsYSSyv^ZaCtun-$T zu;5_if+<5E5$a%(SN^#S(cKTT>F-Tm-)dNh2(f=i!YxUQu!$&$3~G27 zj@kAkVPG843>ls>5`6WbZ4|l!D_9$!#E|KxEl>PT5-sb@^9^a0+tec>_8ByIW7)ZBq>U}MrG(BGgyrAoU|jI*cnQ~$ezTXFvgnhxI=A5N8u zUAd}tW0y9vnUf4GEQxXfCq}%xoZXfnuw~A)-y*q|?4Ij=oGMpZ!3g+GQfO-~JM9P( zl}~Uo;J$44-5XsqxwN+PKc$hLG8muQxA$(RPyft3{K2>7s9ZWNjL4qwciS;g;CEp0g@2NM z;!~Oe4${rffHr`5-@;@qN#yr4r=6CXbCcmq;m5Q|ie8d~yKge42-{jPcW%{=a6%Lv zSGrepP17$t`4w)zu0@~j_~B20KXy)s@e~{mdd+9gZJWh}A~}^uxQT&_H5xaL@c3sH zHw8Nb>u)f0Sp94u&0$IZtF}${V{@4%nZiLHOU@5nLn-(37mc}wMNP7OlzkrvCoN`$ zHmV$yL_%@0qTM7YAgE19zid6Okz<#tT=9hsyAzMGcc}g4nz!7{iJ?6x2F3ROi>bG8 zi!xgKwg(VUK)PE%kW{)`y1PLby1PTVyQI4rx=VWK&Y`=z({J{(_j?@Q|8U=HUDq$p zmCvnPL}5h+&=weGZ+`)4t8RMC;DkFIHZoQPeS6?JK_+74N8wP%=>GjHY>rWa**AD& za|r?8ZRlj>wwNg48`bC4oQ14mt1(yB>p=gzV_KF_OmN=ndNKzU%a#lUro+*=+B1BP z;^zkAApr5_tegwHTkXCdR)<<{Qz}A0dSk(cf(!Z&D*qgq`XLe?4JK-h@Z(K;7fYG6 z3QFuYAmG4%kVj*5d~NmlkzTw{h2#&$Yq_mr;rk7A4SH6lQpGnlLO9RSb^}<$4{;x4 z^Q4;>hK38Ml5sHmAJT@>(g7TroAYv0VE$kVt$rH7n+m$a&bcs)mCnHV^|cl}i@n~R zQgW~n3$4(WJXTk~2A@Cw11y?W|NYNipOgO@`+LBTw4~y7vQ`aY%F(?#I(2ZeDYQE@ z4jUtDW1=Y45b>*1fP(Hb5^f)Q>9B1pLEi7eW<)sHB0}pba&-vDn;a{f_(|%?q^D@j zDIA!9_<)2~FJ_1%WHSa)RG0;>=F5cB%8>}!GC`WaIU@1AW)c$`+>>g9TIlzUZen79 zm!hH#B4t#J7%X}j!x90B!;z{ey}quPiS_IlcqH~hea@mSQAvW`bA1F=+_bi;Da-8h zs*Z8+RceskryLdiN_(;icN|vnwfN4$M_#onluuq9jd0p6t0)Tlz+*(%wgt=|8WPyG zju|{>f?Iz>PM3{4Vr1_1o#+jrcWt4Ea&4e;V!N4|nN9H$9oWJOr;fQBBNwp*#IYfK z%~ZG#B*Y&)BI80?PfC7Hk4w((6TrtectCnf7@X0jUdjq z%yTx=_3P!{){*dEpLvsTvDfk=)O~HsYr|7Fzxqq&ZaUd}1M26De@i!gqA-10ygcVW zX-c8hQHjy=E&;PB?(>(rU02JUNgCPI^<51*^h37b6w+()9|iYRXeUbAoMAP|{E>5a zXS`eE%Z+3!T~tXcI8PvJ5y;BUT}%mufFCOCC68W*05-p)|MT^gj=rS1k`m`VNIo zi^*gK4^0%v&fKmsVd18kz}KNY?f;>!i;AbPt50*b3>W=dw2CF>1&8cCQSm2<7y7&cMj~{HEtv?%KD3yU4vjL7k|dvD424l7 z#wTxbT`9CoI8g%leij5~7dJ?z$P+YSp2T>n)C^Pp!sBgolJ7_Te4Rh$w+0R;{4|pgQCfeF;SOH91-&O^W70IrlZPj0-~YpdsJ(&s}S| zlw2DW`*4SMfsvRDwoKs&`l|NlAK>GWFe3~JGxRjdMTlX|F3Bwy;?{`%9n~naYA*hH z$qf5*%vxZ>C9hEkm9cxUY7(EpA)L<)17m)*@#=Hz>qs?ZRJcKdi#YHc%!1{gB99`omk#=&W z%L&&6x;K)@(-Zx&=WB^M02is^F%^wIWS@MkpJ|9ML2lokNpXyexsG*^ns=kacNf;I zuqo(%kg;vT8er%+Gr#Qg47@Eq(L%ze95-s53_aa^G0XC`vBOTNt?8{fi`AZCuQF6Y zNt_yulxS&T?(BCGuL69ohl4cUADNrh%%tYZ6dqfC4L36LM|&P5cDPU@pe2yc2nlwc zb@?oEELh)tM*dPBnYnOfLF%J5U_NPdDbe>mEIqj;9GE?_JSg2I^n5eZ;PM4HTAp;z zeq6u%F$^oI<{P@uN~6RdWr%F<2Js7R@cE+V{PGdhjXzR7{IDl_ciH>a{92L3{Pwd|(S zCFv)2>OK>ewB$A)g{kL5w~QNL7$nb=XI-4d-bL|@ahIh%^!auuOuZ|gQ+-p&IKWML zo|&URr-{Dn{e|~FJ4ahi3v+(?Kl?w~WrMd?Ob+D1@0t7LqULXRD0FU^yfOfn9sdKc zp8g<6<$~K-=;D!CH(U9>mFI!3>S zBy`d(!OYaq@o`U17iXaF*RO<@yhHvVhbVeXrz1#Y9q9v1Fm|Z@FshW0QxD=Si3REo z0^9**e9WKXV4I(GI<_+st!x*Dv5KO^@hxt*g*{09SVOPo$e&tlVQORMkb$iIp#ns$ z2Os>wrQ@!@HZGL8m?2Z~@!Pe~Ta7JE|5H%%?Gu>&?&eY9ci;E*7)is#LG9qqfi}5M zwLvUxyQFd|3+n9U7r0{v=to!(B6_b+xZAxR_ZdWi$rEU6wiQZ@_%%241u==@Qh!zt zOMx9tY00-QV}j&6d%%U73Yj$ByHX=H+5tB@J%i&^H^riHP-D>jH7w5J{^aaT$C0x6 z^EabBHF~HZY0%XiCw@<{x`!+&@UUrxtd*TmT7pc8>z=+o?|c$SH7ke_l=K0SU!hUg zc1eEN5)Yy~1*uH1tQiB6XPA0dc&RMhn>vQ1hEqy7Rp=m_H>?Q^eF2=43y7nU21MhQ zMbi(CMHqUf#z(gQDNeu

Kp{cvg0^>}~$ZPi>wTu+9IID6E;yiuh+{cI!h?QKgRT ze0{3c7j~&A4LG|If=h=DxP_ACCY|)igLwGX#yP%8frWjqGW=u{g5^p4+X~e*unLhJ z|HO&-C0=ZYtfAz^CUS_O(=mqpY+trt8uS=0a!lv~ z3syZI^!gG7?=HBs>zMWQ+O78g1GIgUbKwj@1xc7wj<{?<=tfyYw`^c-gbrZ6a@HiC zT-cM!2grnjw;*@=ZKNhuuZmX>VSQpQ)g%JTEiX`)R}-9PTU_HF;$w>yVlk^x>TqKB zF>Y+QOLupe63@uDxHU_Ht0}giZ}Z!f_LrBCtrRlZgUiYcw`LX4e8ALULoB?N=URe+ zcA<>rKY*)NCd|8&F1y2Rnd-guje}M+AMalFF5y9liyzuB=CNX_)ZcmOAZ(|@&laHr zy=}8jd`uS74Ns&Y%2D1+gY@|`Yo|V++0t7In0C16pAu4B1LpIZqK`2lTjyRok;4{Wxe0s- zqluWt4j%no&KlqVo(U~uNdKW~1F*?El@ZNS-QkPc;XaeJ+-4Tg-`;dB#>G$=2J0TA zf349`+58?Rc&+NKmGg|e2DK3nsyqH?BMR~j`~&=V-$494bil=ab^TcAQ}>8LPZ#&8 zn=<#Ilr0Q?=%cs?)bc0G%@Fzh34kPv4s-p+Js>n>YkPJU!8Y?@-5!SDH@T90ucnBe zf_e^=N(y}X((;*RgudXoUi(jZ;bFyJx}F%%Y^!X^d9VIpRhWkR%4v0cVXA8>XnNLm zd`yQJ#0DFKD&xp3_uB>micpgKg81=8YSQ-`;45r^pn>)$7Cwc^kaN_TA282OdhQB4 zKlcX3Z>dZlOUNz*rI8Q9+!5azt7}rmUY|pfe_{d$7rEbg@vnWOtW-NU%iqAqoc-{8 zYcv2`yt2hZOXI4cK0%MTqZD{%5L}XARRj0GoWt8ovqlPp;D^mOMt-*_q4)~wN*Z>eg@8DG4ZP=^){b2@YkdmW zh!iiVuz36v5Edv;WRjcnG7mn|HwjsTsAIl4j|(`s#R<#X`@C71$m_{-@09hBoQH3c z5uO-+;9y?v7e}f4_TeSRb6HU*+sAt5c$yzk^by$(U$o*FLD_@3M0WnAj8yhY&7^(m zj-Rr}mvri^-!Zv5?{k!__Z&k+#y!Ute{Oj?;k zQ&ExO%AnM656M4(Hls1K>u)y~^}^s5mJ1{7TLN~wU*@{r1#wOyA1h9Oon*6IR)=g^ zuxIH*ma2JW0>FpxH1s4Gy>n%k1*44@5E?1jzAX^$j$+(xy2DulRvj=1ne2<+QV5Y)zS%zqS7{Sx{;!-3;VO{M7++Z7vD$Y zGwlTldyEW~^MhRYv|GpVd3Bek**X!vBd@wA8obEH>5Lg&lT$LegO9B;aJWa>@_ydj z5RW)0?au6*wpJZImuoK_c~W`mb=Iejau~)k+Hk)Y3C)8md;3R}g&---3sz{TZTjy9e@{i_m5MrQY?H)BahC)~~#{dl2ScBU$e zPkE(1VZhOYpsWlY#Tnaoy30%ipJ#5Br#?}=n-A#XnSDKdEAX6@9`SSf8)b}_G7pdL z?L~0Po^!=Z4XSZVw?MbLX6ShiR@%fJgC_?7K8A%Cb-p_m-!a&*CC2Av9x(HpNs{vM z@8p3{Tts`IiKn9Cu42c{g=!inVVLUMYAFFirBN=7o9$+1oH_E6=88Re0HQ23zKI-G zZVbGMV&a1RgXz$k7J}`RD7u6OEdY{bLX&+;ck};eMrf=X`uU@YJ&|P_{R6DidHx-H zA#_gABo-zYw~dWGG9VeZjCygecECTesTM)PXE=A?gNTb)h0CKZB1As_n!{aJIKzq7 z%h^>mdeJ!1Qd9E6!L({$vO(u772<=HN3h~ibbL^hs-xGFpE>Jimi&;jhJv3nQstb< z`LR8uq)794p%`*aaWb!^gHkd_IKs|NGOZjDAB^YU!1hg3Phqdd1Z!gK6Y2aRnD`7R z_$#JJ@dE%o*HDNwJ9*z}T`uEWY2I$I@G;Mo))GcWxn-P1eD94IJ$(XaKCaq57YIn| z15ab(i0?wn&d4DHVxero44hETdjmIG(K!S@L_KAQjk34Ce0x!hoj4Y`FDsq(#351Q zQuq^7TzjY&wi_>su0g{kFfS>Ksre^axjpokqk}?X86GR2{FXPrvy4N7cZH6jUo=(* z5xrt^3?5kEi_T}6Mx6g}_+Fl+hk_HMQ zEr%Q2<%)9=Aq?BzdVxXFfF8iGP?1Q zmv(6?vbKNYQI}Rw)~2RPj1Q)|$)0Df7dEU*;D|b)DWYiV{fGMl$z{k9FG(!S zqYb5UOpa`U)4G%3-W&FNqu+D zIB!COE2c--YvVml?QLLZ`A)M2aI0kI3NxH7qeM}sRSX_#1aX`Q zU*Rl7x{q9olu<|q!v3VJKF|oQAQmT44|N*tHvOwpek2fTvuTI9!ckvju1-oC#!bXz zw-3i4v|C!u`J+!^d8Ba?nK_19&4i{73X#IGgcLVdA4~a^DKKWb$q~EuG!4RLvmolv zZv^Ebu^E2*?g5gmtAwpavk*AYDndic2^PFk)*H40Qs?&n3DH`1_>EXL;NgO!5xrN` z88HD-OVW^w5!7y-s&2$5>P!E5uU;eGv)3ZnkrjRtGk>ymG#5lz%_x7`7DA_1pzTHF z{7zN#_wVI}KSL$s*H&k#LVCgn6Mzp-`i;HI(QLK8Qz|f`QL>LUs#vh!iY(Nd#BK|N zPN2-=TU(dr6ME@Osn79ct&7!*TisHtsz(a5MWH+w%p$(vNGIf8|mX+wSO7`hI_VLu|m{WO@b9RB7ev&20AFhyw@hF6Jun zRZP-HOLPq?;@E{hXe&dfon?8(Mz7d=nz6xygV%`!GU4QG+3o}dyU6{9m9F&t4*%!s+#tXHpOAC& zKOtusRPO`;5FFEQn_RV%xsdsPreZ#ry2~5r?8y^?=Q@*0CP4ui8?cvhG+DXlfC=Cj z`0Mpl2_v!BQ@L9jWgaC1WiRhmm79bGG}RD^jTgP{ZS?AK#wNN3F60UgY}I0RtBjGS zh&3|QBr-&{AtpuKJ*%t{2TM(Nfb#Ou1O%rDF-=1TsRKdj3Z$*YvPEq?DEpaxcWr{h8rX^s^+SMX@YQb#Eu6ii3?Bw0#OW9aq5wS_VX| zL){0L`wjQ$nlZ|$VM6cS?N4xV9sZDpJ_|M04D7#7lw(~~7H+8!{+I&Wh)Zpn3y-JY zMu448pT6W)V{cRpNM{UkpYPZ9%l*6qx~I6h(*zFw`fPq~&|Iu|BRkhiNr|3&tlXk? z!)PR}ut{g6v$g$*57=|U@*r70scd+4c^YlJ{PWuPJ>u9RSxL~nB%k8$(SjKz!uglQ zn1+&;OV2T{y$;**T;M6g$D>!H>N9e`zQh|2{C#SHRbUKV+5u=%@==9=^pnOCz+%_% z;zr}M51LU-twcV#TrR2P=0TDDs3-`F86u!8VI9+3?-{d5J=onEhtB;fbtGfVj{Bhu z_?LXs?L;wAXub(Phs@sTWTCQ4-S~v`+f;)j-5-yo2P+~>Mrz5O-3is|#fS%33v?PQw$zUcEJYZ$5uX)r;(ji}|d&_NNvPuQvY+g*1wJ^I?6a0}F?uN2|Vc@l=mWuvgi5nMCK8-$6*c zyE(Fp$?`4^>?I#9M!Zu5nJehJMq(c5+?z#bZ&w(}bf&cxPS<3dy{Nd&Gf{Q~b_A0x zQnyL8BoNRzR`?ETy?ZLq?^O;}Nt8la#8ZjSfkKZa=c7HpuSLWrP*Q|aV_sD7K6VJC zSNDN%Xy(o;8MivT(x}odr893yPQWn~s#mB=(QB3N+(|ok?JK5^kX7vu8XQf}s3p|- zYC30_$-QtZIEPBn7R4t8%e_Vw^Hs?p>}a;Di%1RW=9$VWn}!v0%Ip3(aGN?lSY@W( zotU@un7x7}TZU)8weW%a7L{O^r6Zwr_57?g^Eq+7?W@UU1(`xX_iV4&0DaePk${MT zipqG|;q^PIDP#VOX(GPI=WtgpTKkQ$)nV?oScX(h zo<)eX&>=lu*GiltuB1w;IN$-lT!CQoJz0a~l>6f~n789Bs0l&bCE<^o)GnXKMcun z#6z&isp8Z!E;RV=ViEiNo@9p7DfSOWOy+%2X?FRJ8WGLk*>qznX~(iSKOXU{j~#WY zWqP2P!7^*fo9miYRI6>fu>ndF)UUv>bw&70nTfi3 z$9`Z$T2d>zC1Kls|6BF76O|`cd)q6^mDKntpdFnb(GyABwxY`X`DT;>7rA`KbNV_`Ph($Ctd7)aJ|isOSD%;Dlk_mp3^R+NEb=CJCPQY=cT~xvTru zE^ZgU(^1#S^U6gFvgltYn$J-J!XK->cl8AY3^>j$st)*#(?&Dj*#pa$&t^ssXQVW< zfbl~yT+2(B<&g<~Fq+c&(igy19_Q^1!-dOXC(owxk4eM3NtEz9Ts_aqNlCOf1=;v* zF666PdDRw?c_%r`0SA)_T=V<9_AtQi*9sKAHB04+2U2}9=49#mfEOB*>c{MzUY_Kp zyF_R?_1I}o<&q5q}n*AGU~?Kn?+DKNEzLWl4!7YN$&{qJ;Hg#r72QX zTq<9wS5j~o3)YnnWkv5g}~>T^M!kUI#Krdsa*m|%25MdlY0GZgha<| z7R%L<1@>N=m_eR5atqqa_vp(P`Q|J9miUWePNVfT#~I-H0i+eg^H_X%Gy-yD<>Yw` z#=oVWySTkT_okYknUv+Rw5Vh3r)LY~7Hz+wbi-k*X{>o%nvj2(ew~n2BWx%koL7O) zd1xoK=FK3Vdkb4a9k-Y-qzD8dFjR}R251D}<&ElHAAOF@T70&=b{3Gbq|J`R;6K3j zLF;}~Mtj}Tt>Y_OsUeWSmPbd3)GSlv_E!fUTEfLJ$De>715TU&ofewgqGOLODR^ zW7+=N3OM#Ik%H{yP(6;X!x|)(BTezKH<%L1U+A`)r=)+j^dO# zXB!a`iMpev%6*c#yE!XLTn^wiTnyk*`&9dA4Hxr-J^VAnjr=5YzYt+JU?nxM`yub6 zm928eZwYyxd8FN_Ke~Y2_@Tn=0@)yVku*d*JJ0D;?f(vEidP12!T$}?{lDEc=l|`l z&w+}Urv9a?Qhc>CR;<@EIzt)`lMV))#4X!z(#^htElv?GOh9SuclhMztEus%>E`y^u8*tLEamoW`c%*PsC=4 z^4p!^EI7a6sNC-I_cX;P?4eQ7!Y?rNS$zaY>4*-T#`ZrH5T~Zt2G73UjKm*$PPcHN zyhmm;-xh}fSucSwO<$|mmp9Un`uqrK zn7%{LH3clapWakJGnie;FlFCM)K>iJ7OPdWgCv#vHiGOgMs<(Dsqo@i_;4$X@;Vt> zkae?I3)gTTkk-;)WWI<{#Q1bKGmw|w6KVs5Qn|O3Kkw=uc3!<&(JBgUGu@kMz z+|tY|&=o#71d4`)tZ#kA;$+BmeZWqi8&SpfC?YK>g{+EtY~Q7?yQCo247qUA9AL9w zP>v)KTS)J}f^nQ?mzY*6*mrHH?6X76{LifZt$ex;St zqWrG^xV-h5&NN_9%Ox_2m@$9P=}_}ZS2ZYcq+0tAFyRqxku5LTdeCsLrvjsjz?h>5fiF!GuJIEH>f^V zbV|ii{e~f9xb9N4*-M>F@Jb3Z1DY(Wtn=LGzR!#ls*(ydLicB}NF1``F z@lJ2yFvH7*eb782=dj7Y${XuCR_Ci}M9*2r=$^t_;w^BQk|+Q_8*WFSpr(=uceGG| z@>b;8nAZg6r(Xm+F@=C5*dsfUl`d`OFa?$vL`RVlK2&s*#}+wG^$k`xD^#o=X!_Yj zIoOHDTrs3G__DMminPd_30%R?GQhpbB;J4%H~#MEPY|;62LV-14_%E%K%eIOu8*b? zbr;UPg-d%J?`2GEtN_i;{ss#R&aWS3!#e4TOj3k)}(cvF-ENJpBfL%@E*gBG+9Sc&1})D)}$tFYd^?l;V#fE28xxOWQ zngJJ(W0v^n=y|o?tYyOE-BE4ZISKbU5ENEKI9CLkFy-$huiSBk;UYF|E2)q;;!@p` z68B1oB1>~G^U5knI_JX}|H3&ncR63O;;m6AoLQYs9IM#z4-+G%Qze$dX$R z=&X;`zAmC~^5(J`>e*@fEZ6O>|Jz}5PZEBWd1%m`a-n>aCM8cu5jN(xB1#+zdiMcI zDSB{{z?ADv;-rG5acnnZtN%a1i6Q_tt4NiZpINAiEzTfu=q$qA4PgHR&*AR2!cMr@ z*ZWm?@|E#Bu37c{e+R+U{|}(3 z0&#^nw2>bz!xROk3QEi!03x{cxCgv*|CC*Osay^WQOBM5St!+=3zjU~y^tKv{Gi%U z&Z_1k*Z~oLCv)y)c*&K*9`6Erx#>Q8&R;jt6c@OC`2}aj|HCqg02(A=h89*r8$UDa zvfcnnXh2dHht#N^>DGv_pH3CLXO_ez!l7p4$MO61VBYlO-V^QrI}Z8$ww>*Wc^FDH z17QfD_<5J=7C$%vG^802RAbjr#uz8)N_`mK8zRoEdnUdI=~a0W*CxRiPoXODt^m)O*Cw?Att53@`gNu(n5|P}=`o!%>lQ(LKRwCtWJiC>G zzjQDfcVIX5td=p`rfwP<>MiE6wI-=2#J4nZ>YkCOdwF3`l3CeH78u3S6cnyu2iNE({wJEVYy zj{Tx+c?O0(gQ!+0atdZrW0_)Zrz^$xJbDKGZ3@BcUY(S}m;J1|D`zTBj!#5klk$yy zAw6>gGiv3kb!L4|+qF*K)uP|GZf8e#RQP7TWN(?eEeR-sXWHt2<^?xfY2NDLh4%2a zH|bwO$#Eg6)yqwJ70Y0j)qO6E2j18Icbw6%fwm+&{39z;Up)M>tz>K?_pah&`-DvEJjBXP{U6{1dyocEo@od*zep1c;@h3RoHUYFGHq2S ziqq1!2~?u`fTn9;_MGHMTxEQSk-Or@39CaoeGMyTAFP0)Kt;V+;dvOj&5ubVa_!aQVqX3Z~>xVps17H<|Q7HLY@B;;BAe zbA91%8%frC?G_rGW#SQ`Td3(mqm{Ksoo)?A9wjBsRW&_YaQ{vjU41Hp0r2Jt$gDZs zX3yFI=jPydMe(4~rW&I2m%}wiuqB5aMq-n`o?WRVIGSc=@TOM*IUuq0e3x}=-@lR! zV_=)U_G@r*RGsds-l~Zxlfr1?9AOj~Lt@$M8-1%5J+T9n_e|#FH8#+=Xh(6yz7clY z%rUF0H|~HA{%Jb&!7EBbCXWn=gtahCdC1c7H{;{HT458X%iOHD#?~lQhtyo5POCa9 zuUj9$du}hi30OMysH~Z%39TT+T=)(g>YuJiUWkl*&>AVQ73z=rf&Z*wJ)hN;;5}P+M~{M-R1qYn9Y5#wN$scM>Im%ywS6xz74&?7nEG zS!HEHI=cm$INQA_yS9@9(1NMZbf@A_>2DksvVz!fZMh!u`$$&sKaj%nx}yI=!9;Z! zD)~i{+)a~t^Bam|+5P>X-#YN2)~UJl z%KjCi-qik>_#M*BMRlylX>JFPEffdO95Au)5aDYi_S9%{OVu-r zT4Sv)Z^Y)lyO_rxG~%X`>U!yN;F$|fvgJ=i{0SE!9`vog9JVfOkkQj@ZTlngA^vSP z>L8+cG%rfIb8PvY*s9htx@4uXbF~65)3s?M)s=TvK}B*qe|y&x6x}(H8b}^+#Md6i z7%)`$HiJNCa>+XKx1n;9x#{Z}9H~>{^u=^Sp(m2UeM2sM_{OlExfZVN9HITHiluMFuAE=@t6NwP zr;pN%dtkpl*({$y>04r-AVj;;(Vy)B(AaEFGN>i4f;Mcr(qq$!gm6W$3XdF9|%Eoocg&Wa-cA*-jTs(@qorD`{w}fp` z>DuZcdh;X}Mc4!ovTeX3(@OO797XYnOY(biy*h9yTnQE!v0l z`H}IZhXOf~97g%Td}CA9SX9>Eh{Vq-NvlAIDNXlTryw~WH<9+sxB0BbOR?;IIKdQ9 z)^B2z#jk|x%iJ`z;Lx#T?XHop&|3krV&Fc~J9CVk&P`Ak!@?RBaR8Q9>}!h294rVS zm8UVxe}sV5uhrY}QIv|gPaeadwUoW%|`V5b@>1UEn z@69+1Ex?kGO>JB@8>a1$!n<$cs_$yc$|a56US{nQwLxH>N6Uy3(Yz}LgU`4B0Qein zJPQSGWydO#q;fpVQZT;(w1UC*n_r{KLV}DyICD=OU!_x%%t6Mc-aJ+g+iMDn&CM@V zpNJoz?|#|QdX{6Ia#dAMJ1IsHwYy3*hDB?05oxSWFE)~hLJ2OPZ0=4h@a0Ncy-x7u z=Mn@i{1=Hi_*u0Kk3_$N>0H>AA#VgX<)}nsmp=0^)i9t0D^PVz){J3L@Ja!nj%B# zVC_aq9>}+2ceO8JV_$KUcq!8rbA#2$QGdX@dD~^aKz`gi&q*}I7Z_&R(gf?K*yR=` zdTP>bm(A+mES-1@UhWLO)0jj0L=$G_uig_q`5M8cByujIpPlw!g>w zkGunmDH?9u*H?@f#l~{ARr^$Q?`m8S{SjONb?&|~x{(#idL#{eK@KmCpe9Z%b7iRR zaWX5!9S-@+$$v?kkev^c!lm4DA%yBQC_&nKCf@l$?R};;MuE1<2yI#G(#l*h^G--B z#(a+;I*|5&e!bojY7Hxv(byh~7)3d4beW^)VzN%Gci-p6_kBQ#u>cJ=3-SqkF@9CK zvf%e?V)|eEPT|4xKQ$e^|Ml_TRDJ_i;u8&sXfEn6$Tuj^ckIt4xY?o^0D1V7iNccZ zLvN7S!NhM81{qw)cNZeYb&^wqB`n5_vNMNt2!>6BDrl%bvxZfp01EUoHCCkqe9UW!LMi*4 z;qzpDoVf=Gg1Usq&{z>J4HV+0%(a1IuncjhfBVwy7Q!qJ3OYcG-QuV3 zzef@@HM7n`I9|V9S?6wMeiuCVyF2OWr@CrT;p2OI<)DA%YF^uRzo6o^Ikj2W!oP*H z(YH}aLFH|l$n;S#3zX^#CW9MG_2q5uGNQy<8+SOy7gd~`xj!hUX(J1_8~}jOL&C5qGMUg>l_6pErluu5DSu1K(ovhK zvGj0}b?s;<>;^HK@2X`m%6(@M=TyCKuqaO;v=xafN*r%vE$vFj-#Y$$NMU<|_eISK z?COPWuT&($W_(YrnFL$f@~nDeWpy~whJB=>9?5aaMihC5s5)PejKTI86-89mn?N7o z9@eW^@;U*|NdsmRW@nB1ehOKC8A!L*u&*p5rz(i5UK?ldUgKeLpvTi!>3xwu98W8V z?AOpy6UjIL!1zZ$9v$h3HH&dB?T%OuZ|RuHTuH0@k*%PZjm#?gew}>OAXOl{x8Qso zyLL=@Z|8{EK;z_$y}f#WB6}Fu7u05WMp+v+%n;`Yw&UN3n370Iv5^+}c=Fzm_*zkd zK4(q?p}*$qC`tZBL!0#~_xS?+lJ?7f6gwjA&LlQxp~LOFS&EaKonQYA%Y!w$Wwb4; z;w3_b%QnA(+FaEcTRU$>bEX`hzx-qozHX05G!Jw1S|beuc(zx?g{t!;b1~#q*ew4D z(ylAPaI>yGYzN!l!Auq1e@}8U1qyL7LAb4#y}No}Bnpn&Y&Ic7JBBQVIxjZOe#c!} z6{7gVg7^WLiKah4ub<2yC&m-GwRH9lR;!5%mN1P_qQb?U?lpm+|H9)-pI-MYSnCtX z#tjH6s^fIdL2)n9Q-lZvJMmxw-1I5}H>ew;5vKRlCu)|Q=O@*t1kG%Wu5nWP)1mRR zQDI9Khxe7ta;{5e>3qO5b6aU>W<(Q^N&4<;L)r(N7BP zG?N5~iR&HoWKzH0(b0$#p~ZYA7;>|i+fNZfT)UUw@PE8|6laAPuep0Ev_lQ|*wHxB ziVd7KQS2kpq!df|FR)cyJ28TUyNUZY!O&+n`jx4-q6E08ZX!Mbd(S>(o1;S?2?0*c zcrim!cW7Y-*Q&2N{{V)OlW)X#&!}i`>p71ayWSi$|Hrz!$93cU(_tJ3vx9S0_qhCU z*-Sx*MC}x7cp^J<_{;hlarDiH7U?;0(5;%G^*`(}_&b!cK^6sr(lTv;e+FDGA`~U! zf)l!jlPpB;#+H6e{e47gcsD)%qfFH1ZwbqGU4OMuA@GG0SX+)F5qNDs=6Mi*{7wCv z?(QaOLCc`IRZV&;{+7gqqX&0k4?QMqZZb`^@X>`Rq#NajBvk@{3p;_v)aWsF|8o3> z7^A+ds^j}rzQYdLxv@K0%*9^oLS7?P*k&+}#^r?7IjHPPQ`RfNd0y22#fKkk;`{-77gpM4XMJ?Ckj!&NGuSAO>fnCnan!Z+Ht`XFKqdkdr zX7q`88^l{sER7iv3$5-6Q0VFD9l1j8XGuD?MY-@PqnxBFjvd?RI34)KXUwa-Rrsc* z>%|u&M~)qtJEodj_obQGAT(EBkhgp!P&~r+^Q*gup$9qUx9b%X>Io)?>jRwY#&>$M zDFS1Inuu%OSdH?OiF}1>^bqDC{WLFV&v&7{qn$X({xM2-rnG_kJ{tDpVi3TY ztGjA+ZT01AXlUKN`ZQX|n)LQM!cHcI8JTuynDm43x2+=y6&N|o{n+61vxf?*O}vD zP$&^M455RD+V)XNbOBD|xlNY38m-s^>pN+g9f3s)Uof9vw^aqRYY}~RvWEen6Xj1& zqMqx-*4edTwNI=O!ZRlGCZe>LFk5?{RF_iIHQKULEpTtpcnk@8=y%lKS61~Uq023h)6T@C z&Xx%+vQRygGyJ?>ZQtaHn&whA+>LBUK<>*AuWKQ#o#j$b%tXoog$2BFUlI+r^)a-~ z_iHn@JJtGnIJ^eips=TujO=jbBfU?mEb}p6vi1g(0+v{x-RInSTk_& z9_#sr{OSEd;g$YcfDG%u1gEX@FIvAnRIz5W8?Tl1Zv>9fRz=sv@FA@iLzR&&V`bco zv(TiQsuqPYCLSELC1YMu5n=MwQO5;VI#Dq)27iKW;y8#MNe*d3;8H|m%)Slj;S5h( z3v_r&XOIMOUT43_RXOO>R_ZvTk9$cL{h>$hFC}=q;wrJFGeDW&$vf-HZ!jR(ewp=b zOXOWJQ&U|?uxI!;8fV`ltL7g-B#i7l(11omi}e|cX(q@A{$qPoyK0UychMP1OsaI! z+Y#eWCK=WS{ZMe&<}lbdF!$%JrqOCc)Y=R6}B20{kf|0u47TI zR{IC|QRAq_O6KEC|M@QvHVOakU01_9FPNB=(5cl9p9ScyaWxksl0hR3}&hcVl)^>IZKSNtmS8n2|Tk{5v zi^s0%G@FdoC!*L!-K>k4CD;yc4mt6Rjv}X?g5+)L72DxVswt|i@guCEa}zf{1mN(I z{)i=y7@39yQ;B>)&>fNWbUUaj!}4adTNAW1d0inbx0XKQ&c|LED-0Ekdp5#IDVHvc z)A{Q+LtDA6edsl(_XWIg`c=y|lCuZ4s+U)K+pNo+sz*5*od$oFSpR}{N_aJlzlqs; zr+g2mS5prOtvPCAN-WX_HD#3aSYSqd2#1aG#hJ!0t=~5bFH>31VEYjfT61=${cQu7 zBey(xOv-vWk;*>MI8keJpW#lrFNx8|^^*YTf2Lgul^jKf*e)Q1b_9>3a#OGHTalwL z+_uR~ji08<#YlaP1d-Zx94sd&`ysB4S1R`@S7-t31~>*sT|_fB+Pg&^891=PaDtcA z6ADGDY$AKSXv>Z_syqr24Hk{Gjf^z1bF%6xBQnNLnV6o$a1r5WPR^CFUJF&hDS@T> zoRW;YiPy?jII9Y^JHDi0;H`F44%{FC=C^Y{khd#`Mm6PGP5fRS5uxaBDf|HkYPT=| zeL`n_1p1$H)+k@+ekRZCk}fpMUtg3zQBq;8G&0BF4*sbu_rYd_T_Qhk)-woVx-1Udn{PrLt%(oju#=%(*2uN)PF{ir>713`B{> zALs2kF@{UcDH`Ep0|V?m2+l2ZZ4!$`ssJDEXgVpG3Lby`V3F`d`tT3ng;-4yPw%iq zWkXZlNbv`&Q70WZSywd4}W z7VF9yO$Jsb&IhNQ-lX{@L!%3)!A4f=Y>JLl`Tb>E+U5(44Oow%lPs)SOeZ>Tb|Lx;#gy|Ac(Ch6Og%^-DsHu0TCwQ9K^@ z5w^>h5Zve5Q9<8YnK*fFu7u|jWAKq^8e`;g(q5U3P@mI&Gp@bVG&-HPutd&o%3pDT zt;u)Ek@cviSQ70Omkbyyq|Bb6+~!%#Nh! zCM7!6#-@c^Sr(@{GAU=IgzJf+?bqZdTFQ?pYX%ew5OeTt*`PC#zK@*<)t?Rd?eC)Rl6EL!_`Vikuc~1CYUZ@&&fZfRF1cGxY(P^3@311*Ci-^r zC}{)7>y1xz$JQ{YJNTo`a110+kdUN|OJ4^_dHXh=m$T~IQ4hYYIWjy@`a1m^RbX1# zZ~hZGemNaQ&-Wqp{$l}(Gzp4!I;tF!Fx|F8-+Ka^WcQKz){<8Uqw9ITlNd+>=xLPl z#fac>Y!!gInZ-tgzzOVx_wxqq7#cMVRC$;G7!QYR-`CB$!=={0{O9_4`xp&3 zo}}ilOS0cezW@G$#ID7IK*yCkX5hHiZTR*Z z#RM6V_>hrV3Ao{gpjwIiCb#LsV?sL{gla*Vmw7K{6tPD zUKKfgFa=Zag?mVKaWHs5#IL}8w7b&5>PrQhGR& z+n5~@xl>_QlQr~X`BNx&rj7ArAFR%ObgeP z(V|3)v=EWu@^9ftwaH=1n5Smhj!d~kBr!eOnzLP4RmS!Tmfl36YT9}(eypxAphFK6 zIqr~u^{q1jBVAZC%46klW!u?W!;la#&kIv$Na`Uk5aoHuA6bgvN{g~*`cRni()>_* zm03pEUERZ2U6Jie(0BOpt*Te|m#PcK(bzUthPJ2k=&74oZ^TE>KQwaz+yQzO$7@M3 zHFHc++V3u5SG@Qbu5)edw;U8e_1G0?0P6?Moc4Fs`?r&t_WG66uNw{Y3N=}-Iazz+3Dl~dee+<%K$D91EUjEJH8Z{T34O#Eq zbcK{$4v<)l)>`(Oe9fxeKBrT@z3>z~L*Lm-gemHrlDuzdG0kuKk{eFZR;B5bA^_3b zBT)!cQG=g;PIsL4tRT|8EPvP)+26+8+}5Vad5Rk24EbL%<@FZ?@LdK+f)ltmaZxsc z$7PI8gYopssrNaEoBdjw61yeky=n;%`bG%suzv3SE=vDpk!O}1K_?=msS)>H#L4}O zFhm2&)|XWmGq3C@yCO+zZ|T?>>6-K8S*hOn(RBN2A93s2iYr4MqS+8{x zGkr-tb!?;hUE#0$q7QrJ#baeb1KN8&w%jfS^e5fVVkEJ#i_8plo|3~*YLIg*VOH>0 z7+Wz^uBjKp_TZUMy-g*{au?QqOGlqViuJk8_DH|$P=pQ^uB?qu1d z@m9N%uPEM&@#zDF64%^vw;}>)3!qGcki$IEhIiT=4X#9HZX*>m_rL$VJ});HI+8hCj6_W#dUR)&G#5HiWucUuT6`pvMqrJ^Vr{ zlR6TG3>!+q1vDZv40UdwMj~Y5p_IYvFR=x_=wxO*T2{9{Zz zLC+h*nuroCH|kLPiV$#jbMYzC5+iET^WbR&xkQM)ew#Wb2AL+_#H*w}3tzFfGae_M zpSa9KvVs^XoyzZ^`#p~vc1Wiq+~d6ynE`L5HegFoCBqs3F_1278M->=#cz+8vcw4g z#v#`<-W)X@$WpDqC~3j$3&buhVd8jKQ>X2tIz}vGnp=D&P<^bv=ZELEzcp&TWC1D{C$c79{)d5mc2kZbs zpd(04uenIx8WBV-g<0my+S2A~sTWL$S5-YrraxJ8SyQOzbLD}5an8|AP zq$o+?aDSo3QyTU0U3P?#7f(&1u(?N@kW{>N()}dw^PS`is%{(*Vm;s&22N-vx|ozQ z4vmA0jZu`r{ULD~L^Q48;YVxV!HisU@XwbT$i8pbDileg6utB?*ZhI+Z#r>)* zjiPt8Ng9_Ir%%iS3^0xA6v}!l)NAsLEida&FP5#I`ru zMiaq!2L9XulL2$hmj1aZK-_wxPEG7jRq+l!SCz*?axtFey0-cjt&h1wUg-_B2Px76 z<&R4hhQk3BWW(VQnZ7R{7ckQbp;=4&XUa(8^}0{iHF%|S9bD=Lx)9^ozW|&b`nq9b zs7@Xrg+BkZVS{Rgubolvm&#m+NlLtzHz>IpMV&ufo)ytCWx^5tgAv;AeF zrPF7`kTYy+LZ^C7P4T;*_h|<$g&2e~rkU;o3*zTwiTbCU5aj2p8Vvy(bjiv5(0tSz zv6!VGI*4Ek@Hf4P0Sr$ zp6saT_j3#r;`MfM^Fc(cO@PV?C%fo+4C#vYBTln6T>2Gs%MWi2i1 zFyS^78XLDNZ+#x;4u;fKs(!6@wH%>*bNd=ecUhX;uO7urBERY1{$yb8-OVNXV;-QxgA~lK@jaO&!>m~i>ttj8BDvMZd2Y54lJ8HJ5ao`RisjR#@ch!_ zC2p1cAqbhLs))+q7Frk9&U5Ko;*V*;d(~inypu_f;S^D?9#{R+nB3xb$)Bsg4L20t zpz%U(YJ43Fh4nLH8~qxbotrjUXEwI}h+8{_zfp)mvOf#6TNL0*(dcaa*x23L(-3(# zyki~aiAC1Xvgav+!p&nYd4{*2za|7~jSb)dov^+2G1jz~jmYTe;6Ug~8L^?O2Lv_G zN;Bk4-M25pRF_rY@~alBo-4a7ckBGLW|+RCn~&id^jDg!e4>pxApjuLzO{< zuZll|-&DUQI{Sn`N2bws?#q@?f(KLj73HNpt>nGB!c`A=N!v5uv$HNqAI$0<4R>7+ zk#;v`*vvO+st*@&&mk$+z#}s599fD)0q`S}emYafrCd5Wop^nrgyui+|0 z249Xu>B5JO99kb8*faKG$lk<>7?7W=56BxPX48tO#K0`w-yS5vq zEX~9uj1}bcb97Qfss9_a=*x5%*@t@=VCtghSR0a^-co}Z&#&cv8m8p?G?H* zd7u66#6~&$EG30WJjQWHj&h-8HMEN`47?6C8mUnTCkK98cNk4WK>R6kRIbz=(?QKC zY2b7N@TPIs_eZ@jy?#$(Lu*!D5QY}gR+Lh>G+?U_ig@)lx{ZuQAwGM-Rj$xw#QV=v zFFj9AZrIWXPq*=IH-uqZxkLjj}| zb+(0LB_m{fI`8~9JaE(09w`0Ptn1M3Qrq``tT|5Qd(t*9HV%HsAuvr8sWPwSp{D&g zdq{!O0YT_+WWC!=C(mx(3%Z| zupgJPuF|Q;7ZNC9wH*uo3;n{<)C%iG<67X|V{^dik^f|VvF7vxefg)`8p0j#P?+er zyLmyM(;Klsu?r&e6aCLwqJF+Le%&5IV$7#k;FU^_2(>;+`C0m_t%^PQ>Pn%pH0P4Y zxiy9C&hna{U!8nu94o7iRrd7VxF>uUZv~7AVTzX{;V|4h`t}aOrAFRy%VweYvm9)! z1057md)#9Wne3x2lH09leTv2+AL_yDqaOMQTz`wse(BHsdRP7-_TDHm+VmA;$3CY$ zSP<{n9+6cj7Dz0Hwf18=PoDEf^>HGLt!5b&yQQ4e@W43DIqNn3H*ux~K0$+$^>S}( zaukrHlK9CdT^7=Axl`mQ$$SQfDDW49xB}#QAq3|`Pe>hB*(5*RuHxybR~+dewH*v@ z$7Xf*g?FKK&z*N%5Z3r9`1Sr$vi$(%6a~hWr4@K2l~6`&rQ7sF3ko*fHjWZ}{e4hk zCPlzg;Yb68h!q8S#R5y+c41F_pM|N}eHNzoB;*qZ?0wg4j1xQ{nZ+C9mi#HkNiGwl zJK!jq2{fs4vx(h1^zRK9rYwR|4&3#S&p1waePh!Rur^;zYOl8BrCZrj+CfPLfT4^U zxHM>d=}6mmK&5p{LtlPGy349|zWOqXwrRTpLgKXn+m${UIqr?(CWpF6U^>KL9z@wZj0aA{FcU%(TkJ@l$9VA?F2#1=acZZkIH+Ctz zvQKg!zCY3pWdqe%J8g-kHHm5n>`+=Q8}zymLD?;vfuMVl*aH5_$4&a1_f^sPXoZe- zfgsZH5KQ^7PbcaSh)NcH`G^KMm}CuT4%fL$SGE4#x^Ql$c)Rwio)T`;SS0G_n(vVm z373`)f-6anGn10HO97@8;LtkyL&1@(c*S=V&@{OmPE$1X1Y~b>G@ktm)BkKR$KMbm+6>vJ#4DdCzJlpfC2Ea7ty?>;oPv>-)PE`)ymI5Af?(kCu7WJ5 zJ$H4OFGbAkO6MARb{0Og#rtBClIwK4j=$x%H~XG8&S=OA>dKQATox{JoWxU<{xg1+ z^U8HOX8~C~vOfF;=jjsbPiWM9Y)3E&M;(mU#qX}`5$h}WLqNU=odi1EU++ri&xiqK zroX6N(gJWcz`clhjm-Ovg1I%i1hs5CS?J8Oy|P3{3wh_tCL}jK284w^S-!p@PCLPf z;Y=Fl%imu@YvHzYAgJCblP1pExm}0Nu5CkW=%n#`v|DB=hxk~Ty@p&xstb~s4-!Ki z<$EBEqp{pEpZ;^)(^M(_STtP{aA3;RH*#eq{(2nXaEJM;QW0SZqezAT%k z5#tJU>cV?{;3EU=Iak&-!#cjfGwC8atLbgyG zsV*maXdxp}s?c!N&J-6m4R;{%(N$iQfLMaFb{R{%61C0Hc^A*6SidM`>vDBhj3>I0 zoiQ&6J^ZN|p_Q?mJVLT^6E}DI(`*wt>EIHoY0-*!*%}pyUX@<-V5wo>(I~XQ7^@90 z@|K()?#MYfsb#t5o*Mh3LGriYJzb)ZhGM#`v}=6q((g4CMe>|$ITSBJzt{#$fChSK zDb=|Rf^Ep0Z+Uuou+3!+{X@rebY1v6LXz(p0#lza#nJ-qY?&shkKCfyvaPDf!jwPV z+|=PX`5!v@ncP+qfu|+%2SVA^zQHA4XFjMFk^9gQ6)TW`LqX5E1rjzOw$hIZnD}L} zhV{94C1k+tsu2x@#Le^k5*LP>iJ-b6M#FIg1m5M7Kyj;Q8`&!C3*-axD5tc57O553 z6EyrUfK~wrCr*K!{~y))|JqAE;g>tGlg zdMaC@J{##1HFa|R_Oc>Js{F(ceD&QKIWZ434 zwX8CnObAPt&Xja}bZg|%sb#2=Ijb=>t$F-N^tk3>1mFxx-8PbwYImb**Wx}?&Mu6n ze0{^R+?e7Gy(7VLU#d`?>+I+$zrO(N;>Bc;hIVe|O_L0^Oq1gP!suNcBb<6|$6V!e ziuW5wAW=7;wb;}}=-HlJ&aF{Y6>9kvssM3S#jV=k&R5L3_;ESQ%W81K>qS|=akmd* zd6Fb#d|pouHE|PA z=ie{YP|s3y;pEyU7>&EJzF@Pg*F3vDhevY;>Wp%G!4y!mid%Cf?oSOqdH9 zo4;8LgeWR;t9**`DnR@3E6$%ZE=(3@X!_xmZH>$ynMkNElaCYeGTj;LHD2QB(DIo1 z)&+B*lOBaW`oxOkW)e8|TEz&h{e_A>&@RL{!;?~R?vs3uYhs}7w?4+ISH^U3FLd13 zzi(-7AKHK7va(Byste7TAR>o;lOeD-A=&szyg7ZKXcOJGHc0ekAmhwYR=2@5%%J_Q zN^urrJ?ss;%AQW3eEY)#1j!tf6!*qG;mbw-lf&)3kMXtyoT=3JU#5~7AYOrw?2-v= z@q8D!!4rm^X4>pNe_g@CqWEke+q&eSKX=CY_40Y)aajuOWmpFls30-Hqw)qCH`w|S zESsWN@I~U&h|6Q_T?OcHK|Awcp#WS-)eMaQv53GrOXPm%N&eQVl8OAO1L&rJNMqN)!N<%~^TDUTsW@89ND!_IR4El(f*nC)y>MUA)MDO&(fHbmYCnBF z-uc}9hnqnG#drG^uUD0-4FJR$4Mmc6|#jt*E=4}olvJ_OYo zc7U~MrQK%<*96j9t90!n`fdT0d!`Upw>^QD%ftrTa@l!PM)j7j1tgnk0o^x6Z9 z<1*#bd#2%Q0~J!YNSj2zU~EvXOleeTQF$P1$Ymuv+O|KLPAc7nonMTN&oU5;(C5Bi zl%=U-rb~dgv(RYeL5WB`p#8pef@41HwJoZ&K1Z8j)g@k^U`gQEMI_0mZ2*=x-_V(pw(r#9PfW`ThZNHraiz)>xTcUN1Lj@o6 z*01{gBqR8Y)F?%8-#^N41e0nlzb#IQKNwZMO5_cVSGPT98NKofZNeKRyS}NsrqN9c zuXn0?0HrRg%hgYKI}?*pzH}>i;jqr;0)L4xuYOlZ)O3 z|0??7Qe+30Sng(O4ATAh-CKwN{g%9SZ0@nsI0HOreBZ%QK1eqZ>XRjiR%J?>v5>Q8WUuv-8HjMGrmRsb%|F1#fB24O|KU5D?nWkjW}x||Qq~<{ z0Y5%$1R>Ex*`iH%iqNw-mOl@@)>19Lp64%A5C^6Zs)}Ate-1n$_ag}OWH8b_B8l_W z(N3Qi3icJJTjyCsOZ(7-rxu7o+8dSku1g)XShE86ZDI)#xT%e{A}}qo5X81S5b(du z3^F&b#2?#MWSS|bSE~kWuBf1O<6;X5A}So;lr->_$0frgA)nMT%{|HU1Shv`8!9we z*I|l_Mf-uGtHZ$&(ba$63jtFzImnmtyzyOy;#iyA4;ACSz;Cg}5$`RS`hA2kcqi*u~wt!sSo zypvChRj@Mmn<6+uld|iYWdf#vc7s;6tH1O^M2Ka6h6hsD!cbt8bM$>sOcODD1Hc-)-E?Sarz3^ zO`m5n)pR7o6@rYyj+0rcFs}(QCi*|;9lQ#W>rQmmglt7NE&24UEVs&IvQ&Scd{5o- zE?jr#;G?TxE0D!>wdQ8?gNUF+*xS?W{r;mCnlUj6rN)lDw=5RcV`cCM6g5<*-EJTG zbKI@pEG8O9dv!E{c3P{mlRryAoxi~c0G(EjGvrpUm$(dAUMd$I0xFfGn zM-Rwt*SM_);P;%njSWy zTA~|s(pLmQo$uo+2-@6$g{Z;;g|84-V^EJG$k6I)7vHPP8bhUTw3unGAz{+b5qB z%}wcQlGpQZ<`34BZWS?ua_#wt4M(%mcdav_?Rq_Ub<^J{#GcU!?rxkas`9htd4XKv z(0~Hy+Dr=amm+~}h!I^)^pErNBn3#)S8ju6l5151&(^L;E~*rckd;#@1uvO!83NWI zjlnmEr9ukG8X<$>I>_#aB`A|mBNCMHJYMsWnf|VKaVCd-qnzVS;Xqt|a8wk}?C}?T z2*r=e6aC_Pl|AlZmS`Bq!1gS`!Zk$oN8>}TL!01mYCqMNVFNLJEneYALXC!-9Oe`% z>M+;Vqc7YqAN{?VUC8)H`Pakzo|a5jb{QL;O#Iw0v}Q8Sm7+%`qzP;7)JjI;5fh7q zA#${ZNBdY=rp!M|IK*$*x&q#=V-Hhaxj(T~Na$$IPSN6Gw8_bmIeLCG}^iRC-^ zL0q`9&6C0RKg!g*#jgpwf1IZG-jD7+GwOAjD+_(d&n#R$k3BH7H6XGVL1U>(+{v#y zQ45Ofxt{&N4KV^Ho9_g_wO!L7W6Kn~s5O4B#&~J|^7V=EZttflHzl_HH_~q3x{D~9 zo+7c;njbHKuH@UoIXumum%qL~jtoA(`PjH1Y-oiVzj8RXR~yL3Mt5Djp}h|&imq{z zO}nY_9;Bd!U`5t;ag5i+=cT#QkHXWDJh9puKbw>66Hu1I5u%i5 zpoBZj(K*$lZF!4^T3z*fVYP>ZZ1KCY*($k}H|Ik%DjJsa&pNnn#OnQXvV~NB+RI76 z>Mc()OZXmXkf%l{dPfiPi;iXrOfzV-i*u+Lyne%zSv4UxVCPU%3IR2=RH7x)&0JntadKKZNC}Ywa#JpAH#2i`5o>3y$H;~K@XxwhWXAtvwW(4KdGU?X8 zijD&mF!bM6|EZp}i+9F7t|_${6AURBEuRqkinr9k4pG*&a-YTDX?il0bA7H(j7LBq z6`1tXxF;`+|4H+w#8JU3-v+vX@2sA!5O^+#<^i6jod~NktR3>wx2&z%&ZuTfornSN z$rv8QKHB?7!+v)wXn*gTA{^`?XrJfFrPfo3;GLfs)qs8vgDWhMCn=XmF0&;c<-JFK z!Esdbim%2Bg{tR`#7O^{HAXDyyn{BEf%>CmsFHozE(@p zSPnmcPMYRXQ!6cVcgKEgK`zg@xOCHLl8@k{&w`^!klh+dUYceJA>qs;C;x174FxW0 z{GZ|W@`_4PFG`^3x0aZcP0cF+0NWmzcY23A(^l{UQwOodo})<@4HG;QPvNJ98-b}T zS%l;|A`gEvP7`-sPJ}Det2^kBe>=Hqk%zB+JWCrl!TZD;5iCtdUSm9`bc{S z&35VxnipT$XDwd-1PM@Lh1;ZKnSr?VdwvAD_6+Oiv~9{71#3@X8uhM;s0R42bg#oA zRr{6rbavH7wE4)hyYY!em0%H(j2UX`;L`b}Lgi%n#xT1>lWq&0Nb9r6q3j&lQ?X9c zkPh}m%goI6k4t+&4!6^o`hjtS`i|u%;$sxyIqh23u@w#x3MY&5+o=vnzl&xws)WtIH40#+IyDfa%KS z(mIkPgZu(M!!dScpsjx~b_a0#zTi%{!D{lQ&%fT>R=qG*wrJ=GjK-Ss_6Qk{eb5!| z#MpcYCVa7$pJ)&;ps~jPQ%)Y!zvW0I4O2#s z)J0Ffy!!taLI-2TiXKFM!DY?=Pg4}0_|X6Friksh1V|%NUM9Q#1$_Ay48ae!+6n#v z3EpQr6V|zYL5GFE5F!s5KN9s`sbjr-NIKnM`=^p4&tPMBpF@{w&*ALxnMwQlf+fULYI!+FDID z$@%DykY1~=Uq?Gxqwq8819 zVo+PG1k!&%;8yTKGx$B`>_m zNl>_o{3*HZU%+tr9sB8fl`{@VTTVVH8Jy872nTH@sGTz00Vtb#hi7wqR<7KFK}P>c zi~j`3znt456+86&3;69=_7^}>w4!l}EL0U>0!^qj+SokKqp{s@k9nUKQO(efzb8!q zIFYF@TUjG0Q`xafOB$JuU9)Umy}7_0w58y9%4MC!+W#=gRyBXh7hQgDWpn`Cie5_? zYwLw@w>oVGK+Rkq2u6-%7LV>2%ct8_u~Bwg;Kcs~`OZD4N5UknOV!*1xNiBe;6C4)*+S z8mV!(VK4VQ*yoHVpT)>XH!$zxXmIzUKd4F9PQelm%y(EOH2PC~ab>*gn4cJoKcRy| zi4Xh1dtyufP8;l@aIf=hOsO`h10M*G=dlPWuf|;tbcX~*;L1nYENH2?lMzah$; z?&Idl1=RK;(fCFicajZL1(}N=Ru|1ZT?F>+BxUM^5x{teg>KKTz{Cg5+5|A6Ht z#F{yR|JecX1H7QssMJ82yxzlqDw=dU!FCnI2J7F?XubO*;doSh@0Dx0& Y8$&1H!%qUD(?nvqDP{G|{J*RJ3$QJ1zyJUM literal 0 HcmV?d00001 diff --git a/docs/per-certificate-config.md b/docs/per-certificate-config.md index 4862a4e..708346e 100644 --- a/docs/per-certificate-config.md +++ b/docs/per-certificate-config.md @@ -1,6 +1,6 @@ # Config on per-certificate base -letsencrypt.sh allows a few configuration variables to be set on a per-certificate base. +dehydrated.sh allows a few configuration variables to be set on a per-certificate base. To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`). diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md index ace8f32..ec50571 100644 --- a/docs/troubleshooting.md +++ b/docs/troubleshooting.md @@ -6,7 +6,7 @@ Generally if the following information doesn't provide a solution to your proble You probably changed from staging-CA to production-CA (or the other way). -Currently letsencrypt.sh doesn't detect a missing registration on the selected CA, +Currently dehydrated.sh doesn't detect a missing registration on the selected CA, the current workaround is to move `private_key.pem` (and, if you care, `private_key.json`) out of the way so the scripts generates and registers a new one. This will hopefully be fixed in the future. @@ -19,13 +19,13 @@ LICENSE1 and LICENSE2 are just placeholders for the real values in this troubles ## "Error creating new cert :: Too many certificates already issued for: [...]" -This is not an issue with letsencrypt.sh but an API limit with letsencrypt. +This is not an issue with dehydrated.sh but an API limit with boulder (the ACME server). At the time of writing this you can only create 5 certificates per domain in a sliding window of 7 days. ## "Certificate request has 123 names, maximum is 100." -This also is an API limit from letsencrypt, you are requesting to sign a certificate with way too many domains. +This also is an API limit from boulder, you are requesting to sign a certificate with way too many domains. ## Invalid challenges diff --git a/docs/wellknown.md b/docs/wellknown.md index f7b1d19..4456181 100644 --- a/docs/wellknown.md +++ b/docs/wellknown.md @@ -5,7 +5,7 @@ It will do that for any (sub-)domain you want to sign a certificate for. At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!). -letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. +dehydrated.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`. If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below. @@ -13,7 +13,7 @@ If you only have one docroot on your server you could easily do something like ` If you have more than one docroot (or you are using your server as a reverse proxy / load balancer) the simple configuration mentioned above wouldn't work, but with just a few lines of webserver configuration this can be solved. -An example would be to create a directory `/var/www/letsencrypt` and set `WELLKNOWN=/var/www/letsencrypt` in the scripts config. +An example would be to create a directory `/var/www/dehydrated` and set `WELLKNOWN=/var/www/dehydrated` in the scripts config. You'll need to configure aliases on your Webserver: @@ -25,7 +25,7 @@ With Nginx you'll need to add this to any of your `server`/VHost config blocks: server { [...] location /.well-known/acme-challenge { - alias /var/www/letsencrypt; + alias /var/www/dehydrated; } [...] } @@ -36,9 +36,9 @@ server { With Apache just add this to your config and it should work in any VHost: ```apache -Alias /.well-known/acme-challenge /var/www/letsencrypt +Alias /.well-known/acme-challenge /var/www/dehydrated - + Options None AllowOverride None @@ -63,6 +63,6 @@ With Lighttpd just add this to your config and it should work in any VHost: modules += "alias" alias.url += ( - "/.well-known/acme-challenge/" => "/var/www/letsencrypt/" + "/.well-known/acme-challenge/" => "/var/www/dehydrated/" ) ``` diff --git a/test.sh b/test.sh index 0d81d69..93ddb50 100755 --- a/test.sh +++ b/test.sh @@ -84,7 +84,7 @@ TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':' TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)" TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)" if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then - echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue." + echo "Couldn't get an url from ngrok, not a dehydrated.sh bug, tests can't continue." exit 1 fi @@ -104,7 +104,7 @@ touch domains.txt # Check if help command is working _TEST "Checking if help command is working..." -./letsencrypt.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Default command: help" _CHECK_LOG "--help (-h)" _CHECK_LOG "--domain (-d) domain.tld" @@ -112,7 +112,7 @@ _CHECK_ERRORLOG # Run in cron mode with empty domains.txt (should only generate private key and exit) _TEST "First run in cron mode, checking if private key is generated and registered" -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Registering account key" _CHECK_FILE accounts/*/account_key.pem _CHECK_ERRORLOG @@ -120,7 +120,7 @@ _CHECK_ERRORLOG # Temporarily move config out of the way and try signing certificate by using temporary config location _TEST "Try signing using temporary config location and with domain as command line parameter" mv config tmp_config -./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_NOT_LOG "Checking domain name(s) of existing cert" _CHECK_LOG "Generating private key" _CHECK_LOG "Requesting challenge for ${TMP_URL}" @@ -133,7 +133,7 @@ mv tmp_config config # Add third domain to command-lime, should force renewal. _TEST "Run in cron mode again, this time adding third domain, should force renewal." -./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Domain name(s) are not matching!" _CHECK_LOG "Forcing renew." _CHECK_LOG "Generating private key" @@ -151,7 +151,7 @@ echo "${TMP_URL} ${TMP2_URL} $(tr 'a-z' 'A-Z' <<<"${TMP3_URL}")" >> domains.txt # Run in cron mode again (should find a non-expiring certificate and do nothing) _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate" -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Skipping renew" _CHECK_ERRORLOG @@ -161,7 +161,7 @@ echo 'PRIVATE_KEY_RENEW="no"' >> config # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key) _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign" -./letsencrypt.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Ignoring because renew was forced!" _CHECK_NOT_LOG "Generating private key" @@ -175,7 +175,7 @@ _CHECK_ERRORLOG # Check if signcsr command is working _TEST "Running signcsr command" -./letsencrypt.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "BEGIN CERTIFICATE" _CHECK_LOG "END CERTIFICATE" _CHECK_NOT_LOG "ERROR" @@ -183,7 +183,7 @@ _CHECK_NOT_LOG "ERROR" # Check if renewal works _TEST "Run in cron mode again, to check if renewal works" echo 'RENEW_DAYS="300"' >> config -./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Checking domain name(s) of existing cert... unchanged." _CHECK_LOG "Renewing!" _CHECK_ERRORLOG @@ -202,7 +202,7 @@ _CHECK_ERRORLOG # Revoke certificate using certificate key _TEST "Revoking certificate..." -./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed" REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")" _CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}" _CHECK_LOG "Done." @@ -211,7 +211,7 @@ _CHECK_ERRORLOG # Test cleanup command _TEST "Cleaning up certificates" -./letsencrypt.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed" +./dehydrated.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/cert-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/chain-" _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/fullchain-" -- 2.39.5