afkcodes · July 2, 2023 11:06
diff --git a/letsencrypt_create.sh b/letsencrypt_create.sh
 #!/bin/sh
 #
 # Wrapper script for the letsencrypt client to generate a server certificate in
 # manual mode. It uses openssl to generate the key and should not modify the
 # server configuration. It can be called off-side, i.e. not on the destination
 # server.
 #
 # usage: letsencrypt_create.sh DOMAIN [DOMAIN...]
 set -e

 if [ $# -lt 1 ]; then
    echo "Error: domain required. Usage: $0 <domain-name>"
    exit 1
 fi

 if [ ! -d ".letsencrypt_repo" ]; then
    echo "Getting letsencrypt ..."
    git clone https://github.com/letsencrypt/letsencrypt .letsencrypt_repo 1>&2 2>/dev/null || true
 fi

 exit 0;

 domain=$1
 country=""
 state=""
 town=""
 email=""

 outdir="certs/$domain"
 key="$outdir/privkey1.pem"
 csr="$outdir/signreq.der"

 shift
 other_domains=
 while [ $# -gt 0 ]; do
    other_domains="$other_domains,DNS:$1"
    shift
 done

 if [ -d "$outdir" ]; then
    echo "output directory $outdir exists"
    exit 1
 fi

 tmpdir=
 cleanup() {
    if [ -n "$tmpdir" -a -d "$tmpdir" ]; then
        rm -rf "$tmpdir"
    fi
 }
 trap cleanup INT QUIT TERM EXIT
 tmpdir=`mktemp -d -t mkcert-XXXXXXX`

 sslcnf="$tmpdir/openssl.cnf"
 cat /etc/ssl/openssl.cnf > "$sslcnf"
 echo "[SAN]" >> "$sslcnf"
 echo "subjectAltName=DNS:$domain$other_domains" >> "$sslcnf"

 mkdir -p "$outdir"
 openssl req \
    -new -newkey rsa:2048 -sha256 -nodes \
    -keyout "$key" -out "$csr" -outform der \
    -subj "/C=$country/ST=$state/L=$town/O=$domain/emailAddress=$email/CN=$domain" \
    -reqexts SAN \
    -config "$sslcnf"

 ./.letsencrypt_repo/letsencrypt-auto certonly \
    --authenticator manual \
    --server https://acme-v01.api.letsencrypt.org/directory --text \
    --config-dir letsencrypt/etc --logs-dir letsencrypt/log \
    --work-dir letsencrypt/lib --email "$email" \
    --csr "$csr"
	#!/bin/sh
	#
	# Wrapper script for the letsencrypt client to generate a server certificate in
	# manual mode. It uses openssl to generate the key and should not modify the
	# server configuration. It can be called off-side, i.e. not on the destination
	# server.
	#
	# usage: letsencrypt_create.sh DOMAIN [DOMAIN...]
	set -e

	if [ $# -lt 1 ]; then
	echo "Error: domain required. Usage: $0 <domain-name>"
	exit 1
	fi

	if [ ! -d ".letsencrypt_repo" ]; then
	echo "Getting letsencrypt ..."
	git clone https://github.com/letsencrypt/letsencrypt .letsencrypt_repo 1>&2 2>/dev/null \|\| true
	fi

	exit 0;

	domain=$1
	country=""
	state=""
	town=""
	email=""

	outdir="certs/$domain"
	key="$outdir/privkey1.pem"
	csr="$outdir/signreq.der"

	shift
	other_domains=
	while [ $# -gt 0 ]; do
	other_domains="$other_domains,DNS:$1"
	shift
	done

	if [ -d "$outdir" ]; then
	echo "output directory $outdir exists"
	exit 1
	fi

	tmpdir=
	cleanup() {
	if [ -n "$tmpdir" -a -d "$tmpdir" ]; then
	rm -rf "$tmpdir"
	fi
	}
	trap cleanup INT QUIT TERM EXIT
	tmpdir=`mktemp -d -t mkcert-XXXXXXX`

	sslcnf="$tmpdir/openssl.cnf"
	cat /etc/ssl/openssl.cnf > "$sslcnf"
	echo "[SAN]" >> "$sslcnf"
	echo "subjectAltName=DNS:$domain$other_domains" >> "$sslcnf"

	mkdir -p "$outdir"
	openssl req \
	-new -newkey rsa:2048 -sha256 -nodes \
	-keyout "$key" -out "$csr" -outform der \
	-subj "/C=$country/ST=$state/L=$town/O=$domain/emailAddress=$email/CN=$domain" \
	-reqexts SAN \
	-config "$sslcnf"

	./.letsencrypt_repo/letsencrypt-auto certonly \
	--authenticator manual \
	--server https://acme-v01.api.letsencrypt.org/directory --text \
	--config-dir letsencrypt/etc --logs-dir letsencrypt/log \
	--work-dir letsencrypt/lib --email "$email" \
	--csr "$csr"
No results found