renamed project to dehydrated and main script to dehydrated.sh

CHANGELOG

@@ -1,10 +1,14 @@
 # Change Log
-This file contains a log of major changes in letsencrypt.sh
+This file contains a log of major changes in dehydrated.sh
 
 ## [x.x.x] - xxxx-xx-xx
 ## Changed
 - ...
 
+## [0.3.1] - 2016-09-13
+## Changed
+- Renamed project to `dehydrated` and main script to `dehydrated.sh`.
+
 ## [0.3.0] - 2016-09-07
 ## Changed
 - Config is now named `config` instead of `config.sh`!

README.md

@@ -1,4 +1,6 @@
-# letsencrypt.sh [![Build Status](https://travis-ci.org/lukas2511/letsencrypt.sh.svg?branch=master)](https://travis-ci.org/lukas2511/letsencrypt.sh)
+# dehydrated.sh [![Build Status](https://travis-ci.org/lukas2511/dehydrated.svg?branch=master)](https://travis-ci.org/lukas2511/dehydrated)
+
+![](docs/logo.jpg)
 
 This is a client for signing certificates with an ACME-server (currently only provided by letsencrypt) implemented as a relatively simple bash-script.
 
@@ -28,7 +30,7 @@ If you have any problems take a look at our [Troubleshooting](docs/troubleshooti
 ## Usage:
 
 ```text
-Usage: ./letsencrypt.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
+Usage: ./dehydrated.sh [-h] [command [argument]] [parameter [argument]] [parameter [argument]] ...
 
 Default command: help
 

letsencrypt.sh → dehydrated.sh

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 
-# letsencrypt.sh by lukas2511
-# Source: https://github.com/lukas2511/letsencrypt.sh
+# dehydrated.sh by lukas2511
+# Source: https://github.com/lukas2511/dehydrated
 #
 # This script is licensed under The MIT License (see LICENSE for more information).
 
@@ -25,7 +25,7 @@ BASEDIR="${SCRIPTDIR}"
 # Create (identifiable) temporary files
 _mktemp() {
   # shellcheck disable=SC2068
-  mktemp ${@:-} "${TMPDIR:-/tmp}/letsencrypt.sh-XXXXXX"
+  mktemp ${@:-} "${TMPDIR:-/tmp}/dehydrated.sh-XXXXXX"
 }
 
 # Check for script dependencies
@@ -94,7 +94,7 @@ verify_config() {
 load_config() {
   # Check for config in various locations
   if [[ -z "${CONFIG:-}" ]]; then
-    for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
+    for check_config in "/etc/dehydrated.sh" "/usr/local/etc/dehydrated.sh" "${PWD}" "${SCRIPTDIR}"; do
       if [[ -f "${check_config}/config" ]]; then
         BASEDIR="${check_config}"
         CONFIG="${check_config}/config"
@@ -181,7 +181,7 @@ load_config() {
 
   [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
   [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
-  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/letsencrypt"
+  [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
   [[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
   [[ -n "${PARAM_NO_LOCK:-}" ]] && LOCKFILE=""
 
@@ -246,7 +246,7 @@ init_system() {
 
   # If we generated a new private key in the step above we have to register it with the acme-server
   if [[ "${register_new_key}" = "yes" ]]; then
-    echo "+ Registering account key with letsencrypt..."
+    echo "+ Registering account key with ACME server..."
     [[ ! -z "${CA_NEW_REG}" ]] || _exiterr "Certificate authority doesn't allow registrations."
     # If an email for the contact has been provided then adding it to the registration request
     FAILED=false
@@ -924,7 +924,7 @@ command_help() {
 # Usage: --env (-e)
 # Description: Output configuration variables for use in other scripts
 command_env() {
-  echo "# letsencrypt.sh configuration"
+  echo "# dehydrated.sh configuration"
   load_config
   typeset -p CA LICENSE CERTDIR CHALLENGETYPE DOMAINS_D DOMAINS_TXT HOOK HOOK_CHAIN RENEW_DAYS ACCOUNT_KEY ACCOUNT_KEY_JSON KEYSIZE WELLKNOWN PRIVATE_KEY_RENEW OPENSSL_CNF CONTACT_EMAIL LOCKFILE
 }

docs/dns-verification.md

@@ -19,4 +19,4 @@ Or when you do have a DNS API, pass the details accordingly to achieve the same
 
 You can delete the TXT record when called with operation clean_challenge, when $2 is also the domain name.
 
-Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/letsencrypt.sh/wiki/Examples-for-DNS-01-hooks)
+Here are some examples: [Examples for DNS-01 hooks](https://github.com/lukas2511/dehydrated/wiki/Examples-for-DNS-01-hooks)

docs/domains_txt.md

@@ -1,6 +1,6 @@
 ### domains.txt
 
-letsencrypt.sh uses the file `domains.txt` as configuration for which certificates should be requested.
+dehydrated.sh uses the file `domains.txt` as configuration for which certificates should be requested.
 
 The file should have the following format:
 

docs/examples/config

@@ -1,10 +1,10 @@
 ########################################################
-# This is the main config file for letsencrypt.sh      #
+# This is the main config file for dehydrated.sh       #
 #                                                      #
 # This file is looked for in the following locations:  #
 # $SCRIPTDIR/config (next to this script)              #
-# /usr/local/etc/letsencrypt.sh/config                 #
-# /etc/letsencrypt.sh/config                           #
+# /usr/local/etc/dehydrated/config                     #
+# /etc/dehydrated/config                               #
 # ${PWD}/config (in current working-directory)         #
 #                                                      #
 # Default values of this config are in comments        #
@@ -42,8 +42,8 @@
 # Directory for account keys and registration information
 #ACCOUNTDIR="${BASEDIR}/accounts"
 
-# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/letsencrypt)
-#WELLKNOWN="/var/www/letsencrypt"
+# Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
+#WELLKNOWN="/var/www/dehydrated"
 
 # Default keysize for private keys (default: 4096)
 #KEYSIZE="4096"

docs/hook_chain.md

@@ -9,7 +9,7 @@ See below for an example on how the calls change:
 
 ### HOOK_CHAIN="no" (default behaviour)
 ```
-# INFO: Using main config file /etc/letsencrypt.sh/config
+# INFO: Using main config file /etc/dehydrated/config
 Processing lukas.im with alternative names: www.lukas.im
  + Checking domain name(s) of existing cert... unchanged.
  + Checking expire date of existing cert...
@@ -31,13 +31,13 @@ HOOK: clean_challenge www.lukas.im blublublu blublublu.supersecure
  + Checking certificate...
  + Done!
  + Creating fullchain.pem...
-HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152442
+HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152442
  + Done!
 ```
 
 ### HOOK_CHAIN="yes"
 ```
-# INFO: Using main config file /etc/letsencrypt.sh/config
+# INFO: Using main config file /etc/dehydrated/config
 Processing lukas.im with alternative names: www.lukas.im
  + Checking domain name(s) of existing cert... unchanged.
  + Checking expire date of existing cert...
@@ -57,7 +57,7 @@ HOOK: clean_challenge lukas.im blablabla blablabla.supersecure www.lukas.im blub
  + Checking certificate...
  + Done!
  + Creating fullchain.pem...
-HOOK: deploy_cert lukas.im /etc/letsencrypt.sh/certs/lukas.im/privkey.pem /etc/letsencrypt.sh/certs/lukas.im/cert.pem /etc/letsencrypt.sh/certs/lukas.im/fullchain.pem /etc/letsencrypt.sh/certs/lukas.im/chain.pem 1460152408
+HOOK: deploy_cert lukas.im /etc/dehydrated/certs/lukas.im/privkey.pem /etc/dehydrated/certs/lukas.im/cert.pem /etc/dehydrated/certs/lukas.im/fullchain.pem /etc/dehydrated/certs/lukas.im/chain.pem 1460152408
  + Done!
 ```
 

docs/import-from-official-client.md

@@ -1,3 +1,3 @@
 # Import
 
-If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/letsencrypt.sh/wiki/Import-from-official-letsencrypt-client).
+If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/dehydrated/wiki/Import-from-official-letsencrypt-client).

docs/per-certificate-config.md

@@ -1,6 +1,6 @@
 # Config on per-certificate base
 
-letsencrypt.sh allows a few configuration variables to be set on a per-certificate base.
+dehydrated.sh allows a few configuration variables to be set on a per-certificate base.
 
 To use this feature create a `config` file in the certificates output directory (e.g. `certs/example.org/config`).
 

docs/troubleshooting.md

@@ -6,7 +6,7 @@ Generally if the following information doesn't provide a solution to your proble
 
 You probably changed from staging-CA to production-CA (or the other way).
 
-Currently letsencrypt.sh doesn't detect a missing registration on the selected CA,
+Currently dehydrated.sh doesn't detect a missing registration on the selected CA,
 the current workaround is to move `private_key.pem` (and, if you care, `private_key.json`) out of the way so the scripts generates and registers a new one.
 
 This will hopefully be fixed in the future.
@@ -19,13 +19,13 @@ LICENSE1 and LICENSE2 are just placeholders for the real values in this troubles
 
 ## "Error creating new cert :: Too many certificates already issued for: [...]"
 
-This is not an issue with letsencrypt.sh but an API limit with letsencrypt.
+This is not an issue with dehydrated.sh but an API limit with boulder (the ACME server).
 
 At the time of writing this you can only create 5 certificates per domain in a sliding window of 7 days.
 
 ## "Certificate request has 123 names, maximum is 100."
 
-This also is an API limit from letsencrypt, you are requesting to sign a certificate with way too many domains.
+This also is an API limit from boulder, you are requesting to sign a certificate with way too many domains.
 
 ## Invalid challenges
 

docs/wellknown.md

@@ -5,15 +5,15 @@ It will do that for any (sub-)domain you want to sign a certificate for.
 
 At the moment you'll need to have that location available over normal HTTP on port 80 (redirect to HTTPS will work, but starting point is always HTTP!).
 
-letsencrypt.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`.
+dehydrated.sh has a config variable called `WELLKNOWN`, which corresponds to the directory which should be served under `/.well-known/acme-challenge` on your domain. So in the above example the token would have been saved as `$WELLKNOWN/m4g1C-t0k3n`.
 
 If you only have one docroot on your server you could easily do something like `WELLKNOWN=/var/www/.well-known/acme-challenge`, for anything else look at the example below.
 
 ## Example Usage
 
 If you have more than one docroot (or you are using your server as a reverse proxy / load balancer) the simple configuration mentioned above wouldn't work, but with just a few lines of webserver configuration this can be solved.
 
-An example would be to create a directory `/var/www/letsencrypt` and set `WELLKNOWN=/var/www/letsencrypt` in the scripts config.
+An example would be to create a directory `/var/www/dehydrated` and set `WELLKNOWN=/var/www/dehydrated` in the scripts config.
 
 You'll need to configure aliases on your Webserver:
 
@@ -25,7 +25,7 @@ With Nginx you'll need to add this to any of your `server`/VHost config blocks:
 server {
   [...]
   location /.well-known/acme-challenge {
-    alias /var/www/letsencrypt;
+    alias /var/www/dehydrated;
   }
   [...]
 }
@@ -36,9 +36,9 @@ server {
 With Apache just add this to your config and it should work in any VHost:
 
 ```apache
-Alias /.well-known/acme-challenge /var/www/letsencrypt
+Alias /.well-known/acme-challenge /var/www/dehydrated
 
-<Directory /var/www/letsencrypt>
+<Directory /var/www/dehydrated>
         Options None
         AllowOverride None
 
@@ -63,6 +63,6 @@ With Lighttpd just add this to your config and it should work in any VHost:
 modules += "alias"
 
 alias.url += (
- "/.well-known/acme-challenge/" => "/var/www/letsencrypt/"
+ "/.well-known/acme-challenge/" => "/var/www/dehydrated/"
 )
 ```

test.sh

@@ -84,7 +84,7 @@ TMP_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp.log | head -1 | cut -d':'
 TMP2_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp2.log | head -1 | cut -d':' -f2)"
 TMP3_URL="$(grep -Eo "Hostname:[a-z0-9]+.ngrok.io" tmp3.log | head -1 | cut -d':' -f2)"
 if [[ -z "${TMP_URL}" ]] || [[ -z "${TMP2_URL}" ]] || [[ -z "${TMP3_URL}" ]]; then
-  echo "Couldn't get an url from ngrok, not a letsencrypt.sh bug, tests can't continue."
+  echo "Couldn't get an url from ngrok, not a dehydrated.sh bug, tests can't continue."
   exit 1
 fi
 
@@ -104,23 +104,23 @@ touch domains.txt
 
 # Check if help command is working
 _TEST "Checking if help command is working..."
-./letsencrypt.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --help > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Default command: help"
 _CHECK_LOG "--help (-h)"
 _CHECK_LOG "--domain (-d) domain.tld"
 _CHECK_ERRORLOG
 
 # Run in cron mode with empty domains.txt (should only generate private key and exit)
 _TEST "First run in cron mode, checking if private key is generated and registered"
-./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Registering account key"
 _CHECK_FILE accounts/*/account_key.pem
 _CHECK_ERRORLOG
 
 # Temporarily move config out of the way and try signing certificate by using temporary config location
 _TEST "Try signing using temporary config location and with domain as command line parameter"
 mv config tmp_config
-./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" -f tmp_config > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_NOT_LOG "Checking domain name(s) of existing cert"
 _CHECK_LOG "Generating private key"
 _CHECK_LOG "Requesting challenge for ${TMP_URL}"
@@ -133,7 +133,7 @@ mv tmp_config config
 
 # Add third domain to command-lime, should force renewal.
 _TEST "Run in cron mode again, this time adding third domain, should force renewal."
-./letsencrypt.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron --domain "${TMP_URL}" --domain "${TMP2_URL}" --domain "${TMP3_URL}" > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Domain name(s) are not matching!"
 _CHECK_LOG "Forcing renew."
 _CHECK_LOG "Generating private key"
@@ -151,7 +151,7 @@ echo "${TMP_URL} ${TMP2_URL} $(tr 'a-z' 'A-Z' <<<"${TMP3_URL}")" >> domains.txt
 
 # Run in cron mode again (should find a non-expiring certificate and do nothing)
 _TEST "Run in cron mode again, this time with domain in domains.txt, should find non-expiring certificate"
-./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
 _CHECK_LOG "Skipping renew"
 _CHECK_ERRORLOG
@@ -161,7 +161,7 @@ echo 'PRIVATE_KEY_RENEW="no"' >> config
 
 # Run in cron mode one last time, with domain in domains.txt and force-resign (should find certificate, resign anyway, and not generate private key)
 _TEST "Run in cron mode one last time, with domain in domains.txt and force-resign"
-./letsencrypt.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron --force > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
 _CHECK_LOG "Ignoring because renew was forced!"
 _CHECK_NOT_LOG "Generating private key"
@@ -175,15 +175,15 @@ _CHECK_ERRORLOG
 
 # Check if signcsr command is working
 _TEST "Running signcsr command"
-./letsencrypt.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --signcsr certs/${TMP_URL}/cert.csr > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "BEGIN CERTIFICATE"
 _CHECK_LOG "END CERTIFICATE"
 _CHECK_NOT_LOG "ERROR"
 
 # Check if renewal works
 _TEST "Run in cron mode again, to check if renewal works"
 echo 'RENEW_DAYS="300"' >> config
-./letsencrypt.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cron > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Checking domain name(s) of existing cert... unchanged."
 _CHECK_LOG "Renewing!"
 _CHECK_ERRORLOG
@@ -202,7 +202,7 @@ _CHECK_ERRORLOG
 
 # Revoke certificate using certificate key
 _TEST "Revoking certificate..."
-./letsencrypt.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --revoke "certs/${TMP_URL}/cert.pem" --privkey "certs/${TMP_URL}/privkey.pem" > tmplog 2> errorlog || _FAIL "Script execution failed"
 REAL_CERT="$(readlink -n "certs/${TMP_URL}/cert.pem")"
 _CHECK_LOG "Revoking certs/${TMP_URL}/${REAL_CERT}"
 _CHECK_LOG "Done."
@@ -211,7 +211,7 @@ _CHECK_ERRORLOG
 
 # Test cleanup command
 _TEST "Cleaning up certificates"
-./letsencrypt.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed"
+./dehydrated.sh --cleanup > tmplog 2> errorlog || _FAIL "Script execution failed"
 _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/cert-"
 _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/chain-"
 _CHECK_LOG "Moving unused file to archive directory: ${TMP_URL}/fullchain-"