mdw@git.distorted.org.uk Git - distorted-letsencrypt/blob - bin/make-cert

   1 #! /bin/sh
   2 set -e
   3 usage=" TAG"
   4 . "${0%/*}/../config.sh"
   5 . "$home/lib/lib.sh"
   6
   7 run_as_user "$@"
   8
   9 ## Pick out the certificate tag.
  10 case $# in 0) fail_usage ;; esac
  11 tag=$1; shift
  12 case $# in 0) ;; *) fail_usage ;; esac
  13
  14 prepare_tmp $tag
  15
  16 ## Get started.
  17 cert=$home/cert/$tag
  18 cd $cert
  19 openssl req -in req -out $tmp/req.der -outform der
  20 sans=$(openssl req -in req -text -noout |
  21         sed -n '
  22           x
  23           /^ *X509v3 Subject Alternative Name: $/ {
  24             x
  25             s/ *DNS://g
  26             s/,/ /g
  27             p
  28             x
  29           }')
  30 make_le_conf $sans
  31
  32 cd $tmp
  33 $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \
  34         -a webroot --csr $tmp/req.der certonly
  35
  36 cd $cert
  37 cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new
  38 mv full-chain.new full-chain