| 1 | #! /bin/sh |
| 2 | set -e |
| 3 | usage=" TAG" |
| 4 | . "${0%/*}/../config.sh" |
| 5 | . "$home/lib/lib.sh" |
| 6 | |
| 7 | run_as_user "$@" |
| 8 | |
| 9 | ## Pick out the certificate tag. |
| 10 | case $# in 0) fail_usage ;; esac |
| 11 | tag=$1; shift |
| 12 | case $# in 0) ;; *) fail_usage ;; esac |
| 13 | |
| 14 | prepare_tmp $tag |
| 15 | |
| 16 | ## Get started. |
| 17 | cert=$home/cert/$tag |
| 18 | cd $cert |
| 19 | openssl req -in req -out $tmp/req.der -outform der |
| 20 | sans=$(openssl req -in req -text -noout | |
| 21 | sed -n ' |
| 22 | x |
| 23 | /^ *X509v3 Subject Alternative Name: $/ { |
| 24 | x |
| 25 | s/ *DNS://g |
| 26 | s/,/ /g |
| 27 | p |
| 28 | x |
| 29 | }') |
| 30 | make_le_conf $sans |
| 31 | |
| 32 | cd $tmp |
| 33 | $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \ |
| 34 | -a webroot --csr $tmp/req.der certonly |
| 35 | |
| 36 | cd $cert |
| 37 | cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new |
| 38 | mv full-chain.new full-chain |