| 1 | #! /bin/sh |
| 2 | set -e |
| 3 | usage=" TAG" |
| 4 | prog=$(readlink -e "$0") |
| 5 | . "${prog%/*}/../config.sh" |
| 6 | . "$home/lib/lib.sh" |
| 7 | |
| 8 | run_as_user "$@" |
| 9 | |
| 10 | ## Pick out the certificate tag. |
| 11 | case $# in 0) fail_usage ;; esac |
| 12 | tag=$1; shift |
| 13 | case $# in 0) ;; *) fail_usage ;; esac |
| 14 | |
| 15 | prepare_tmp $tag |
| 16 | |
| 17 | ## Get started. |
| 18 | cert=$home/cert/$tag |
| 19 | cd $cert |
| 20 | openssl req -in req -out $tmp/req.der -outform der |
| 21 | sans=$(openssl req -in req -text -noout | |
| 22 | sed -n ' |
| 23 | x |
| 24 | /^ *X509v3 Subject Alternative Name: $/ { |
| 25 | x |
| 26 | s/ *DNS://g |
| 27 | s/,/ /g |
| 28 | p |
| 29 | x |
| 30 | }') |
| 31 | make_le_conf $sans |
| 32 | |
| 33 | cd $tmp |
| 34 | $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \ |
| 35 | -a webroot --csr $tmp/req.der certonly |
| 36 | |
| 37 | cd $cert |
| 38 | cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new |
| 39 | mv full-chain.new full-chain |