bin/make-cert, bin/fix-cert-chain: Hack certificate chains for compatiblity.

[distorted-letsencrypt] / bin / make-cert

diff --git a/bin/make-cert b/bin/make-cert
index 19808c6..a094a53 100755 (executable)
--- a/bin/make-cert
+++ b/bin/make-cert
@@ -14,26 +14,14 @@ case $# in 0) ;; *) fail_usage ;; esac
 
 prepare_tmp $tag
 
-## Get started.
-cert=$home/cert/$tag
-cd $cert
-openssl req -in req -out $tmp/req.der -outform der
-sans=$(openssl req -in req -text -noout |
-       sed -n '
-         x
-         /^ *X509v3 Subject Alternative Name: $/ {
-           x
-           s/ *DNS://g
-           s/,/ /g
-           p
-           x
-         }')
-make_le_conf $sans
-
-cd $tmp
-$home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \
-       -a webroot --csr $tmp/req.der certonly
+## Make sure there's no proxy.  I get `urn:acme:error:badNonce' with high
+## probability if I use IPv6, so avoid rolling the dice.
+unset http_proxy
 
+## Let's go.
+cert=$home/cert/$tag
 cd $cert
-cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new
-mv full-chain.new full-chain
+dehydrated -f $HOME/dehydrated-config.sh -fc -s req >full-chain.new
+fix-cert-chain full-chain.new >full-chain.fixed
+mv full-chain.fixed full-chain
+rm full-chain.new