From 8a0c5e387ace2086ff659ae2f9baccaae387bcf1 Mon Sep 17 00:00:00 2001
From: Mark Wooding <mdw@distorted.org.uk>
Date: Wed, 12 Jul 2017 23:02:16 +0100
Subject: [PATCH] Switch to running dehydrated.

It's packaged by Debian and seems much less disastrous.  Simplify much
of the machinery.
---
 .gitignore           |  5 -----
 .gitmodules          |  3 ---
 bin/le               | 11 -----------
 bin/make-cert        | 22 ++--------------------
 bin/setup            |  4 ----
 bin/sudo             |  2 --
 dehydrated-config.sh | 10 ++++++++++
 le-root.cert         | 20 --------------------
 le.conf.skel         |  3 ---
 letsencrypt          |  1 -
 lib/lib.sh           | 20 --------------------
 11 files changed, 12 insertions(+), 89 deletions(-)
 delete mode 100644 .gitmodules
 delete mode 100755 bin/le
 delete mode 100755 bin/sudo
 create mode 100644 dehydrated-config.sh
 delete mode 100644 le-root.cert
 delete mode 100644 le.conf.skel
 delete mode 160000 letsencrypt

diff --git a/.gitignore b/.gitignore
index 2978b42..bdc19ef 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,6 @@
-.cache
-.ccache
-.config
 .lesshst
-.local
 cert/
 etc/
 log/
-req/
 tmp/
 webroot/
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index e087ce7..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "letsencrypt"]
-	path = letsencrypt
-	url = https://github.com/letsencrypt/letsencrypt/
diff --git a/bin/le b/bin/le
deleted file mode 100755
index 0ec46b2..0000000
--- a/bin/le
+++ /dev/null
@@ -1,11 +0,0 @@
-#! /bin/sh
-set -e
-prog=$(readlink -e "$0")
-. "${prog%/*}/../config.sh"
-. "$home/lib/lib.sh"
-
-run_as_user "$@"
-prepare_tmp le-user
-make_le_conf
-
-exec $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" "$@"
diff --git a/bin/make-cert b/bin/make-cert
index 19808c6..fd0cdf5 100755
--- a/bin/make-cert
+++ b/bin/make-cert
@@ -14,26 +14,8 @@ case $# in 0) ;; *) fail_usage ;; esac
 
 prepare_tmp $tag
 
-## Get started.
+## Let's go.
 cert=$home/cert/$tag
 cd $cert
-openssl req -in req -out $tmp/req.der -outform der
-sans=$(openssl req -in req -text -noout |
-	sed -n '
-	  x
-	  /^ *X509v3 Subject Alternative Name: $/ {
-	    x
-	    s/ *DNS://g
-	    s/,/ /g
-	    p
-	    x
-	  }')
-make_le_conf $sans
-
-cd $tmp
-$home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \
-	-a webroot --csr $tmp/req.der certonly
-
-cd $cert
-cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new
+dehydrated -f $HOME/dehydrated-config.sh -fc -s req >full-chain.new
 mv full-chain.new full-chain
diff --git a/bin/setup b/bin/setup
index dc243a0..4b4ad14 100755
--- a/bin/setup
+++ b/bin/setup
@@ -13,12 +13,8 @@ while read d m u g; do
   chown $u:$g $d
 done <<EOF
 .					 755	root	root
-.cache					2775	root	$user
-.config					2775	root	$user
-.local					2775	root	$user
 cert					2755	root	$user
 etc					2770	root	$user
-log					2775	root	$user
 tmp					2770	root	$user
 webroot					 755	root	root
 webroot/.well-known			 755	root	root
diff --git a/bin/sudo b/bin/sudo
deleted file mode 100755
index ee70818..0000000
--- a/bin/sudo
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-exec "$@"
diff --git a/dehydrated-config.sh b/dehydrated-config.sh
new file mode 100644
index 0000000..3dbf84b
--- /dev/null
+++ b/dehydrated-config.sh
@@ -0,0 +1,10 @@
+### -*-sh-*-
+
+BASEDIR=$HOME
+CHALLENGETYPE=http-01
+WELLKNOWN=$BASEDIR/webroot/.well-known/acme-challenge
+PRIVATE_KEY_RENEW=no
+ACCOUNTDIR=$BASEDIR/etc/account
+LOCKFILE=$BASEDIR/etc/lock
+
+##CA="https://acme-staging.api.letsencrypt.org/directory"
diff --git a/le-root.cert b/le-root.cert
deleted file mode 100644
index b2e43c9..0000000
--- a/le-root.cert
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----
diff --git a/le.conf.skel b/le.conf.skel
deleted file mode 100644
index 9bf3272..0000000
--- a/le.conf.skel
+++ /dev/null
@@ -1,3 +0,0 @@
-### -*-conf-*-
-
-email = mdw@distorted.org.uk
diff --git a/letsencrypt b/letsencrypt
deleted file mode 160000
index ce14851..0000000
--- a/letsencrypt
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ce14851232c39aa1151ecd9c7b77ef910059d46c
diff --git a/lib/lib.sh b/lib/lib.sh
index dd85bbf..de5ac44 100644
--- a/lib/lib.sh
+++ b/lib/lib.sh
@@ -25,23 +25,3 @@ prepare_tmp () {
   mkdir $tmp
   trap 'cd $home; rm -rf $tmp' EXIT INT TERM
 }
-
-make_le_conf () {
-  { cat $home/le.conf.skel
-    echo "config-dir = $home/etc"
-    echo "logs-dir = $home/log"
-    echo "work-dir = $tmp"
-    echo
-    case $# in
-      0) ;;
-      *)
-	map="webroot-map = {" sep=" "
-	for san in "$@"; do
-	  map="$map$sep\"$san\": \"$home/webroot\"" sep=", "
-	done
-	map="$map }"
-	echo "$map"
-	;;
-    esac
-  } >$tmp/le.conf
-}
\ No newline at end of file
-- 
2.11.0