moved import scripts from repository to wiki and updated readme a bit

README.md

@@ -4,14 +4,11 @@ This is a client for signing certificates with an ACME-server (currently only pr
 
 It uses the `openssl` utility for everything related to actually handling keys and certificates, so you need to have that installed.
 
-Other dependencies are (for now): curl, sed
-
-Perl no longer is a dependency.
-The only remaining perl code in this repository is the script you can use to convert your existing letsencrypt-keyfile into something openssl (and this script) can read.
+Other dependencies are: curl, sed, grep, mktemp (all found on almost any system, curl being the only exception)
 
 Current features:
 - Signing of a list of domains
-- Renewal if a certificate is about to expire
+- Renewal if a certificate is about to expire or SAN (subdomains) changed
 - Certificate revocation
 
 Please keep in mind that this software and even the acme-protocol are relatively young and may still have some unresolved issues.
@@ -81,20 +78,4 @@ An alternative to setting the WELLKNOWN variable would be to create a symlink to
 
 ## Import
 
-### import-account.pl
-
-This perl-script can be used to import the account key from the original letsencrypt client.
-
-You should copy `private_key.json` to the same directory as the script.
-The json-file can be found in a subdirectory of `/etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory`.
-
-Usage: `./import-account.pl`
-
-### import-certs.sh
-
-This script can be used to import private keys and certificates created by the original letsencrypt client.
-
-By default it expects the certificates to be found under `/etc/letsencrypt`, which is the default output directory of the original client.
-You can change the path by setting LETSENCRYPT in your config file: ```LETSENCRYPT="/etc/letsencrypt"```.
-
-Usage: `./import-certs.sh`
+If you want to import existing keys from the official letsencrypt client have a look at [Import from official letsencrypt client](https://github.com/lukas2511/letsencrypt.sh/wiki/Import-from-official-letsencrypt-client).

import-account.pl

-#!/usr/bin/env perl
-
-use strict;
-
-use Crypt::OpenSSL::RSA;
-use Crypt::OpenSSL::Bignum;
-use JSON;
-use File::Slurp;
-use MIME::Base64;
-
-my $json_file = "private_key.json";
-my $json_content = read_file($json_file);
-$json_content =~ tr/-/+/;
-$json_content =~ tr/_/\//;
-
-my $json = decode_json($json_content);
-
-my $n = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{n}));
-my $e = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{e}));
-my $d = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{d}));
-my $p = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{p}));
-my $q = Crypt::OpenSSL::Bignum->new_from_bin(decode_base64($json->{q}));
-
-my $rsa = Crypt::OpenSSL::RSA->new_key_from_parameters($n, $e, $d, $p, $q);
-
-print($rsa->get_private_key_string());

import-certs.sh

-#!/usr/bin/env bash
-
-set -e
-set -u
-set -o pipefail
-
-umask 077 # paranoid umask, we're creating private keys
-
-SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-BASEDIR="${SCRIPTDIR}"
-LETSENCRYPT="/etc/letsencrypt"
-
-eval "$("${SCRIPTDIR}/letsencrypt.sh" --env)"
-
-if [[ ! -e "${LETSENCRYPT}" ]]; then
-  echo "No existing letsencrypt files found."
-  exit 1
-fi
-
-if [[ -e "${BASEDIR}/domains.txt" ]]; then
-  DOMAINS_TXT="${BASEDIR}/domains.txt"
-elif [[ -e "${SCRIPTDIR}/domains.txt" ]]; then
-  DOMAINS_TXT="${SCRIPTDIR}/domains.txt"
-else
-  echo "You have to create a domains.txt file listing the domains you want certificates for. Have a look at domains.txt.example."
-  echo "For the purpose of this import script the file can be empty, but it has to exist."
-  exit 1
-fi
-
-for certdir in "${LETSENCRYPT}/live/"*; do
-  domain="$(basename "${certdir}")"
-  echo "Processing ${domain}"
-
-  # Check if we already have a certificate for the same (main) domain
-  if [ -e "${BASEDIR}/certs/${domain}" ]; then
-    echo " + Skipping: Found existing certificate directory, don't want to delete anything."
-    continue
-  fi
-
-  # Check if private-key, certificate and fullchain exist
-  if [[ ! -e "${certdir}/privkey.pem" ]]; then
-    echo " + Skipping: Private key is missing."
-    continue
-  fi
-  if [[ ! -e "${certdir}/cert.pem" ]]; then
-    echo " + Skipping: Certificate is missing."
-    continue
-  fi
-  if [[ ! -e "${certdir}/fullchain.pem" ]]; then
-    echo " + Skipping: Chain is missing."
-    continue
-  fi
-
-  # Check if certificate still valid
-  if ! openssl x509 -checkend 0 -noout -in "${certdir}/cert.pem" >/dev/null 2>&1; then
-    echo " + Skipping: Certificate is expired."
-    continue
-  fi
-
-  # Import certificate
-  timestamp="$(date +%s)"
-
-  echo " + Adding list of domains to ${DOMAINS_TXT}"
-  SAN="$(openssl x509 -in "${certdir}/cert.pem" -noout -text | grep -A1 "Subject Alternative Name" | grep "DNS")"
-  SAN="${SAN//DNS:/}"
-  SAN="${SAN//, / }"
-  altnames="${domain}"
-  for altname in ${SAN}; do
-    if [[ ! "${altname}" = "${domain}" ]]; then
-      altnames="${altnames} ${altname}"
-    fi
-  done
-  echo "${altnames}" >> "${DOMAINS_TXT}"
-
-  mkdir -p "${BASEDIR}/certs/${domain}"
-
-  echo " + Importing private key"
-  cat "${certdir}/privkey.pem" > "${BASEDIR}/certs/${domain}/privkey-${timestamp}.pem"
-  ln -s "privkey-${timestamp}.pem" "${BASEDIR}/certs/${domain}/privkey.pem"
-
-  echo " + Importing certificate"
-  cat "${certdir}/cert.pem" > "${BASEDIR}/certs/${domain}/cert-${timestamp}.pem"
-  ln -s "cert-${timestamp}.pem" "${BASEDIR}/certs/${domain}/cert.pem"
-
-  echo " + Importing chain"
-  cat "${certdir}/fullchain.pem" > "${BASEDIR}/certs/${domain}/fullchain-${timestamp}.pem"
-  ln -s "fullchain-${timestamp}.pem" "${BASEDIR}/certs/${domain}/fullchain.pem"
-done