subcommands

Signed-off-by: fbt <fbt@fleshless.org>
This commit is contained in:
Jack L. Frost 2018-08-31 05:39:43 +03:00
parent a919c17dee
commit 495175cd96
3 changed files with 156 additions and 156 deletions

158
le
View File

@ -1,159 +1,5 @@
#!/usr/bin/env bash
err() {
printf '%s\n' "$*" >&2
}
subcommand=$1; shift
msg() {
printf '%s\n' "$*"
}
set_default() {
declare -n _vref=$1
if ! [[ "$_vref" ]]; then
_vref=$2
fi
}
gen_san_string() {
declare d
declare -a argv
argv=( "$@" )
printf '[SAN]\nsubjectAltName='
for d in "${argv[@]}"; do
printf 'DNS:%s' "$d"
if ! [[ "$d" == "${argv[-1]}" ]]; then
printf ','
fi
done
}
gen_renew_config() {
declare d
printf 'domains=(\n'
for d in "$@"; do
printf " %s\n" "$d"
done
printf ')\n'
}
usage() {
while read -r line; do printf '%s\n' "$line"; done <<- EOF
Usage: le [options] <-d domain> [-d domain] ...
Options:
-c <dir> # Configuration directory. Default: \$HOME/.acme
-a <dir> # A dir to put challenges in. Default: /tmp/acme/challenges
-d <domain> # Domain to issue the certificate for.
# Can be specified multiple time for multi-domain certs.
-h # Show this message.
EOF
}
main() {
declare cfg_dir
declare -a domains
while (( $# )); do
case $1 in
-c)
cfg_dir=$2
shift;;
-a)
challenge_dir=$2
shift;;
-d)
domains+=( "$2" )
shift;;
-h)
usage
return 0;;
--)
shift
break;;
*) break;;
esac
shift
done
if ! (( ${#domains[@]} )); then
err "Use -d, luke"
return 1
fi
set_default cfg_dir "$HOME/.acme"
set_default challenge_dir '/tmp/acme/challenges'
if ! [[ -d "$cfg_dir" ]]; then
err "Config dir ($cfg_dir) not found, creating."
if ! mkdir -m700 "$cfg_dir"; then
err "Can't create config dir: $cfg_dir"
return 1
fi
fi
if ! [[ -f "$cfg_dir/account.key" ]]; then
err "Account key not found, generating a new one."
openssl genrsa 4096 > "$cfg_dir/account.key"
fi
if ! [[ -d "$cfg_dir/domains/${domains[0]}" ]]; then
mkdir -p "$cfg_dir/domains/${domains[0]}"
fi
if ! [[ -f "$cfg_dir/domains/${domains[0]}/privkey.pem" ]]; then
err "Generating a new key for ${domains[0]}."
openssl genrsa 4096 > "$cfg_dir/domains/${domains[0]}/privkey.pem"
fi
if ! [[ -d "$challenge_dir" ]]; then
err "Challenge dir does not exist: $challenge_dir"
return 1
fi
err "Generating a certificate request for: ${domains[@]}."
if (( ${#domains[@]} > 1 )); then
openssl req -new -sha256 \
-key "$cfg_dir/domains/${domains[0]}/privkey.pem" \
-subj "/" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf <(gen_san_string "${domains[@]}")) > "$cfg_dir/domains/${domains[0]}/request.csr"
else
openssl req -new -sha256 \
-key "$cfg_dir/domains/${domains[0]}/privkey.pem" \
-subj "/CN=${domains[0]}" > "$cfg_dir/domains/${domains[0]}/request.csr"
fi
err "Getting a signed certificate."
acme-tiny \
--account-key "$cfg_dir/account.key" \
--csr "$cfg_dir/domains/${domains[0]}/request.csr" \
--acme-dir "$challenge_dir" > "$cfg_dir/domains/${domains[0]}/certificate.pem"
if (( $? )); then
return 1
fi
gen_renew_config "${domains[@]}" > "$cfg_dir/domains/${domains[0]}/renew.cfg"
if ! [[ -f "$cfg_dir/chain.pem" ]]; then
err "Intermediate certificate not found, downloading."
curl "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem" > "$cfg_dir/letsencrypt.pem"
fi
cat "$cfg_dir/domains/${domains[0]}/certificate.pem" "$cfg_dir/letsencrypt.pem" > "$cfg_dir/domains/${domains[0]}/fullchain.pem"
err "Your certificate is available at $cfg_dir/domains/${domains[0]}/fullchain.pem"
}
main "$@"
source "sub/$subcommand" "$@"

154
sub/issue Executable file
View File

@ -0,0 +1,154 @@
#!/usr/bin/env bash
err() {
printf '%s\n' "$*" >&2
}
msg() {
printf '%s\n' "$*"
}
set_default() {
declare -n _vref=$1
if ! [[ "$_vref" ]]; then
_vref=$2
fi
}
gen_san_string() {
declare d
declare -a argv
argv=( "$@" )
printf '[SAN]\nsubjectAltName='
for d in "${argv[@]}"; do
printf 'DNS:%s' "$d"
if ! [[ "$d" == "${argv[-1]}" ]]; then
printf ','
fi
done
}
gen_renew_config() {
declare d
printf 'domains=(\n'
for d in "$@"; do
printf " %s\n" "$d"
done
printf ')\n'
}
usage() {
while read -r line; do printf '%s\n' "$line"; done <<- EOF
Usage: le [options] <domain> [domain ...]
Options:
-c <dir> # Configuration directory. Default: \$HOME/.acme
-a <dir> # A dir to put challenges in. Default: /var/www/acme
-h # Show this message.
EOF
}
main() {
declare cfg_dir
declare -a domains
while (( $# )); do
case $1 in
-c)
cfg_dir=$2
shift;;
-a)
challenge_dir=$2
shift;;
-h)
usage
return 0;;
--)
shift
break;;
*) break;;
esac
shift
done
domains=( "$@" )
(( ${#domains[@]} )) || {
usage; return 1
}
set_default cfg_dir "$HOME/.acme"
set_default challenge_dir '/var/www/acme'
if ! [[ -d "$cfg_dir" ]]; then
err "Config dir ($cfg_dir) not found, creating."
if ! mkdir -m700 "$cfg_dir"; then
err "Can't create config dir: $cfg_dir"
return 1
fi
fi
if ! [[ -f "$cfg_dir/account.key" ]]; then
err "Account key not found, generating a new one."
openssl genrsa 4096 > "$cfg_dir/account.key"
fi
if ! [[ -d "$cfg_dir/domains/${domains[0]}" ]]; then
mkdir -p "$cfg_dir/domains/${domains[0]}"
fi
if ! [[ -f "$cfg_dir/domains/${domains[0]}/privkey.pem" ]]; then
err "Generating a new key for ${domains[0]}."
openssl genrsa 4096 > "$cfg_dir/domains/${domains[0]}/privkey.pem"
fi
if ! [[ -d "$challenge_dir" ]]; then
err "Challenge dir does not exist: $challenge_dir"
return 1
fi
err "Generating a certificate request for: ${domains[@]}."
if (( ${#domains[@]} > 1 )); then
openssl req -new -sha256 \
-key "$cfg_dir/domains/${domains[0]}/privkey.pem" \
-subj "/" \
-reqexts SAN \
-config <(cat /etc/ssl/openssl.cnf <(gen_san_string "${domains[@]}")) > "$cfg_dir/domains/${domains[0]}/request.csr"
else
openssl req -new -sha256 \
-key "$cfg_dir/domains/${domains[0]}/privkey.pem" \
-subj "/CN=${domains[0]}" > "$cfg_dir/domains/${domains[0]}/request.csr"
fi
err "Getting a signed certificate."
acme-tiny \
--account-key "$cfg_dir/account.key" \
--csr "$cfg_dir/domains/${domains[0]}/request.csr" \
--acme-dir "$challenge_dir" > "$cfg_dir/domains/${domains[0]}/certificate.pem"
if (( $? )); then
return 1
fi
gen_renew_config "${domains[@]}" > "$cfg_dir/domains/${domains[0]}/renew.cfg"
if ! [[ -f "$cfg_dir/chain.pem" ]]; then
err "Intermediate certificate not found, downloading."
curl "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem" > "$cfg_dir/letsencrypt.pem"
fi
cat "$cfg_dir/domains/${domains[0]}/certificate.pem" "$cfg_dir/letsencrypt.pem" > "$cfg_dir/domains/${domains[0]}/fullchain.pem"
err "Your certificate is available at $cfg_dir/domains/${domains[0]}/fullchain.pem"
}
main "$@"

View File