bin/make-cert, bin/fix-cert-chain: Hack certificate chains for compatiblity.

[distorted-letsencrypt] / bin / make-cert

diff --git a/bin/make-cert b/bin/make-cert
index 8c5605b..a094a53 100755 (executable)
--- a/bin/make-cert
+++ b/bin/make-cert
@@ -1,6 +1,8 @@
 #! /bin/sh
 set -e
-. "${0%/*}/../config.sh"
+usage=" TAG"
+prog=$(readlink -e "$0")
+. "${prog%/*}/../config.sh"
 . "$home/lib/lib.sh"
 
 run_as_user "$@"
@@ -12,19 +14,14 @@ case $# in 0) ;; *) fail_usage ;; esac
 
 prepare_tmp $tag
 
-## Get started.
-cd $home/cert/$tag
-openssl req -in req -out $tmp/req.der -outform der
-sans=$(openssl req -in req -text -noout |
-       sed -n '
-         x
-         /^ *X509v3 Subject Alternative Name: $/ {
-           x
-           s/ *DNS://g
-           s/,/ /g
-           p
-           x
-         }')
-make_le_conf $sans
+## Make sure there's no proxy.  I get `urn:acme:error:badNonce' with high
+## probability if I use IPv6, so avoid rolling the dice.
+unset http_proxy
 
-cat "$tmp/le.conf"
+## Let's go.
+cert=$home/cert/$tag
+cd $cert
+dehydrated -f $HOME/dehydrated-config.sh -fc -s req >full-chain.new
+fix-cert-chain full-chain.new >full-chain.fixed
+mv full-chain.fixed full-chain
+rm full-chain.new