-
Notifications
You must be signed in to change notification settings - Fork 0
/
le-certlist-generate
executable file
·54 lines (42 loc) · 1.82 KB
/
le-certlist-generate
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
#!/bin/sh
FOLDER=/etc/le-certlist
FILE=$FOLDER/certlist
wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /tmp/intermediate.pem 2>/dev/null
while read line; do
[ -z "$line" ] && continue
MAIN=`echo $line | cut -d' ' -f1`
TARGET=$FOLDER/$MAIN
echo "=> $MAIN"
if [ ! -f $FOLDER/$MAIN.key ]; then
echo " - generating private key for $MAIN"
openssl genrsa 4096 > $FOLDER/$MAIN.key
else
echo " - private key for $MAIN already exists"
fi
ALIASES=`echo $line | cut -d' ' -f 1 --complement`
DATA=`echo $ALIASES | sed "s/^/DNS:${MAIN},DNS:/g" | sed 's/ /,DNS:/g'`
echo " - generating CSR for $MAIN"
if [ "$MAIN" = "$ALIASES" ]; then
openssl req -new -sha256 -key $TARGET.key -subj "/CN=$MAIN" > $TARGET.csr
else
cat /etc/ssl/openssl.cnf > /tmp/openssl.cnf
printf "[SAN]\nsubjectAltName=$DATA" >> /tmp/openssl.cnf
openssl req -new -sha256 -key $TARGET.key -subj "/" -reqexts SAN -config /tmp/openssl.cnf > $TARGET.csr
rm /tmp/openssl.cnf
fi
# request certificates
if [ ! -f $FOLDER/$MAIN.pem ]; then
acme_tiny.py --account-key $FOLDER/account.key --csr $TARGET.csr --acme-dir /var/www/challenges/ > /tmp/signed.crt || continue
cp /tmp/signed.crt $TARGET.crt
cat /tmp/signed.crt /tmp/intermediate.pem > $TARGET.pem
echo " - certificate installed successfully"
else
echo " - certificate exists, skipping request"
fi
if [ "$1" = "$MAIN" ]; then
acme_tiny.py --account-key $FOLDER/account.key --csr $TARGET.csr --acme-dir /var/www/challenges/ > /tmp/signed.crt || continue
cp /tmp/signed.crt $TARGET.crt
cat /tmp/signed.crt /tmp/intermediate.pem > $TARGET.pem
echo " - certificate installed successfully"
fi
done <$FILE