diff options
| author | Thomas Lange <code@nerdmind.de> | 2022-11-01 19:16:58 +0100 |
|---|---|---|
| committer | Thomas Lange <code@nerdmind.de> | 2022-11-01 19:16:58 +0100 |
| commit | 077d8cbceb893e83a5425f73a9236b146f0de983 (patch) | |
| tree | eb458ce55acbd31b69ab62daa771b2b1bc07d00f | |
| parent | c4a81aadf94dcf40e8d3835b0b2e7f35c691a19c (diff) | |
| download | painlessle-077d8cbceb893e83a5425f73a9236b146f0de983.tar.gz painlessle-077d8cbceb893e83a5425f73a9236b146f0de983.tar.xz painlessle-077d8cbceb893e83a5425f73a9236b146f0de983.zip | |
Remove "LETSENCRYPT_COMMAND_(AFTER|BEFORE)" hooks
Instead of manually editing the script for defining commands that should
be execute BEFORE and AFTER the ACME challenge, the users of this script
better should execute those commands in their shell before and after
running PainlessLE. There is no need for editing the script...
| -rwxr-xr-x | package/sbin/painless-le | 17 | ||||
| -rw-r--r-- | readme.md | 4 |
2 files changed, 1 insertions, 20 deletions
diff --git a/package/sbin/painless-le b/package/sbin/painless-le index a990ef7..53015e3 100755 --- a/package/sbin/painless-le +++ b/package/sbin/painless-le @@ -27,9 +27,6 @@ ACME_ENDPOINT="https://acme-v02.api.letsencrypt.org/directory" #ACME_ENDPOINT="https://acme-staging-v02.api.letsencrypt.org/directory" -#LETSENCRYPT_COMMAND_BEFORE="systemctl stop apache2" -#LETSENCRYPT_COMMAND_AFTER="systemctl start apache2" - #=============================================================================== # Normalize command-line arguments with GNU getopt #=============================================================================== @@ -100,13 +97,6 @@ if [ $? != 0 ]; then fi #=============================================================================== -# Run defined "BEFORE" command -#=============================================================================== -if [ ! -z "${LETSENCRYPT_COMMAND_BEFORE}" ]; then - eval $LETSENCRYPT_COMMAND_BEFORE -fi - -#=============================================================================== # Run Certbot to accomplish the ACME challenge to get the certificate #=============================================================================== certbot certonly --authenticator standalone --server "${ACME_ENDPOINT}" --csr "${REQUESTFILE}" \ @@ -136,10 +126,3 @@ for command in "chmod" "chown"; do $command --reference "${CONFIDENTIAL}" \ "${INTERMEDIATE}" "${CERTIFICATE_ONLY}" "${CERTIFICATE_FULL}" done - -#=============================================================================== -# Run defined "AFTER" command -#=============================================================================== -if [ ! -z "${LETSENCRYPT_COMMAND_AFTER}" ]; then - eval $LETSENCRYPT_COMMAND_AFTER -fi @@ -22,9 +22,7 @@ stow -t /usr/local package Make sure that no unprivileged user has write permissions on `/usr/local/sbin`, the symlink targets (in case you've choosen `stow`) and/or the `painless-le` script, because PainlessLE is usually executed with `root` privileges. ## Configuration -First, change the `ACME_ENDPOINT` variable to the address of the ACME staging API for testing purposes. - -You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shut down a running web server to release the HTTP port for the standalone web server before Certbot runs the ACME challenge. You can restart your web server after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`. +You can change the `ACME_ENDPOINT` variable to the URL of the ACME staging API for testing purposes. ## Usage ~~~ |