add ca cert

This commit is contained in:
neil 2015-12-27 14:36:09 +08:00
parent cd3cdb5453
commit d4df6ad178

36
le.sh
View File

@ -3,22 +3,11 @@
WORKING_DIR=~/.le WORKING_DIR=~/.le
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
CERT_KEY_PATH=$WORKING_DIR/domain.key
CSR_PATH=$WORKING_DIR/domain.csr
CERT_PATH=$WORKING_DIR/domain.cer
DOMAIN_CONF=$WORKING_DIR/domain.conf
CURL_HEADER="" CURL_HEADER=""
HEADER="" HEADER=""
HEADERPLACE="" HEADERPLACE=""
ACCOUNT_EMAIL="" ACCOUNT_EMAIL=""
DEFAULT_CA="https://acme-v01.api.letsencrypt.org" DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
API=$DEFAULT_CA API=$DEFAULT_CA
@ -58,7 +47,7 @@ createAccountKey() {
echo Use default length 2048 echo Use default length 2048
length=2048 length=2048
fi fi
_initpath
mkdir -p $WORKING_DIR mkdir -p $WORKING_DIR
ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
@ -85,7 +74,7 @@ createDomainKey() {
echo Use default length 2048 echo Use default length 2048
length=2048 length=2048
fi fi
_initpath $domain
mkdir -p $WORKING_DIR/$domain mkdir -p $WORKING_DIR/$domain
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
@ -185,10 +174,10 @@ _send_signed_request() {
_get() { _get() {
url="$1" url="$1"
_debug url $url _debug url $url
response=$(curl --silent $url) response="$(curl --silent $url)"
ret=$? ret=$?
_debug response "$response" _debug response "$response"
code=$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2) code="$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)"
_debug code $code _debug code $code
return $ret return $ret
} }
@ -229,13 +218,13 @@ _initpath() {
mkdir -p $WORKING_DIR/$domain mkdir -p $WORKING_DIR/$domain
CSR_PATH=$WORKING_DIR/$domain/$domain.csr CSR_PATH=$WORKING_DIR/$domain/$domain.csr
CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
CERT_PATH=$WORKING_DIR/$domain/$domain.cer CERT_PATH=$WORKING_DIR/$domain/$domain.cer
CA_CERT_PATH=$WORKING_DIR/$domain/ca.cer
} }
#issue webroot a.com [www.a.com,b.com,c.com] [key-length] [cert-file-path] [key-file-path] [reloadCmd] #issue webroot a.com [www.a.com,b.com,c.com] [key-length] [cert-file-path] [key-file-path] [reloadCmd]
@ -423,7 +412,14 @@ issue() {
Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g') Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
_setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer" _setopt $DOMAIN_CONF "Le_LinkIssuer" "=" "$Le_LinkIssuer"
if [ "$Le_LinkIssuer" ] ; then
_get "$Le_LinkIssuer"
echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH
echo $response | base64 | sed "s/ /\n/g" >> $CA_CERT_PATH
echo -----END CERTIFICATE----- >> $CA_CERT_PATH
_info "The intermediate CA cert is in $CA_CERT_PATH"
fi
Le_CertCreateTime=$(date -u "+%s") Le_CertCreateTime=$(date -u "+%s")
_setopt $DOMAIN_CONF "Le_CertCreateTime" "=" "$Le_CertCreateTime" _setopt $DOMAIN_CONF "Le_CertCreateTime" "=" "$Le_CertCreateTime"
@ -468,8 +464,6 @@ issue() {
} }
renew() { renew() {
Le_Domain="$1" Le_Domain="$1"
if [ -z "$Le_Domain" ] ; then if [ -z "$Le_Domain" ] ; then