added config option to set path for openssl config file (currently only used...

added config option to set path for openssl config file (currently only used for generating a signing request)

added config option to set path for openssl config file (currently only used...
added config option to set path for openssl config file (currently only used for generating a signing request)
474f33d2 · Lukas Schauer · cd13a9c2 · 474f33d2 · 474f33d2
Commit 474f33d2 authored Dec 07, 2015 by Lukas Schauer
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 1 deletion

config.sh.example config.sh.example +1 -0

letsencrypt.sh letsencrypt.sh +2 -1

No files found.
--- a/config.sh.example
+++ b/config.sh.example
@@ -4,6 +4,7 @@
 #WELLKNOWN=".acme-challenges"
 #KEYSIZE=4096
 #BASEDIR=./
+#OPENSSL_CNF=.... # system default (see openssl version -d)

 # program called before responding to the challenge, arguments: path/to/token
 # token; can be used to e.g. upload the challenge if this script doesn't run

--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -13,6 +13,7 @@ KEYSIZE="4096"
 WELLKNOWN=".acme-challenges"
 PRIVATE_KEY_RENEW=no
 BASEDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+OPENSSL_CNF="$(openssl version -d | cut -d'"' -f2)/openssl.cnf"

 # If exists load config from same directory as this script
 if [[ -e "${BASEDIR}/config.sh" ]]; then
@@ -131,7 +132,7 @@ sign_domain() {
  done
  SAN="${SAN%%, }"
  echo " + Generating signing request..."
-  openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null
+  openssl req -new -sha256 -key "${BASEDIR}/certs/${domain}/privkey.pem" -out "${BASEDIR}/certs/${domain}/cert.csr" -subj "/CN=${domain}/" -reqexts SAN -config <(cat "${OPENSSL_CNF}" <(printf "[SAN]\nsubjectAltName=%s" "${SAN}")) > /dev/null

  # Request and respond to challenges
  for altname in $altnames; do