Skip to content

sysadmin / acme-ssl

Go to a project
Commit 3567b93f by Никита Миропольский
Options

freebsd and old openssl compatible

1 parent a3b771d5
Pipeline #1980 for 3567b93f skipped in 0 seconds
Inline Side-by-side
Showing 1 changed file with 30 additions and 12 deletions
acme_init
......@@ -32,12 +32,6 @@ function readconfig {
fi
}
OPENSSL=$(/usr/bin/env which openssl)
if [[ ! -x $OPENSSL ]] ; then
echo Cannot find openssl
exit 1
fi
# теперь считываем конфиг
readconfig acme_dir
ACMEDIR=$readconfig_return_value
......@@ -53,8 +47,28 @@ then
exit 0
fi
# создаём путь
mkdir -p $ACMEDIR/challenges
# находим openssl
OPENSSL=$(/usr/bin/env which openssl)
if [[ ! -x $OPENSSL ]] ; then
echo Cannot find openssl
exit 1
fi
# вычисляем версию
OPENSSL_VERSION=$(${OPENSSL} version)
# для старых версий выбираем sha1
if [[ "OPENSSL_VERSION" < "OpenSSL 0.9.8" ]] ; then
OPT_DIGEST="-sha1"
else
OPT_DIGEST="-sha256"
fi
echo "Using ${OPT_DIGEST} digest."
# создаём необходимые сертификаты
$OPENSSL genrsa 4096 > $ACMEDIR/account.key
$OPENSSL genrsa 4096 > $ACMEDIR/site.key
......@@ -72,21 +86,25 @@ if [[ -z "$ALT_DOMAINS" ]]
then
$OPENSSL req \
-new \
-sha256 \
$OPT_DIGEST \
-key $ACMEDIR/site.key \
-subj "/CN=$PRIMARY_DOMAIN"
else
cat /etc/ssl/openssl.cnf > $ACMEDIR/openssl.cnf
echo "[SAN]" >> $ACMEDIR/openssl.cnf
echo $ALT_DOMAINS | sed \
-e 's/[[:space:], ]\{1,\}/,DNS:/g' \
-e 's/^/subjectAltName=DNS:/' \
>> $ACMEDIR/openssl.cnf
$OPENSSL req \
-new \
-sha256 \
$OPT_DIGEST \
-key $ACMEDIR/site.key \
-subj "/CN=$PRIMARY_DOMAIN" \
-reqexts SAN \
-config \
<(cat /etc/ssl/openssl.cnf \
<(sed -e 's/[[:space:],]\+/,DNS:/g' -e 's/^/[SAN]\nsubjectAltName=DNS:/' \
<(echo "$ALT_DOMAINS")))
-config $ACMEDIR/openssl.cnf
fi \
> $ACMEDIR/site.csr
# пишем в лог
echo "`date` initialized" > $ACMEDIR/log.txt
Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!