aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2016-12-20 01:22:44 +0100
committerThomas Lange <code@nerdmind.de>2016-12-20 01:22:44 +0100
commit63dc4d1ebc662026e6442229b31587dff886c1cd (patch)
tree15ad976cfc76ce2664291d5ceeaf1a933fda3730
parentc24b4bbe90eda4942932c1edbed9a242fcc72380 (diff)
downloadpainlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.tar.gz
painlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.tar.xz
painlessle-63dc4d1ebc662026e6442229b31587dff886c1cd.zip
Email address is only needed when creating an account on the ACME server.
-rwxr-xr-xpainless-le.sh7
-rw-r--r--readme.md2
2 files changed, 4 insertions, 5 deletions
diff --git a/painless-le.sh b/painless-le.sh
index f36a3a8..ad5a376 100755
--- a/painless-le.sh
+++ b/painless-le.sh
@@ -18,9 +18,8 @@
[ -z "$2" ] && echo 'Missing argument $2' && exit 1 || ARGUMENT_HOSTNAMES="$2"
#===============================================================================
-# Information about the Let's encrypt account
+# Define the ACME endpoint address
#===============================================================================
-LETSENCRYPT_MAILADDR="john.doe@example.org"
LETSENCRYPT_ENDPOINT="https://acme-v01.api.letsencrypt.org/directory"
#LETSENCRYPT_ENDPOINT="https://acme-staging.api.letsencrypt.org/directory"
@@ -69,8 +68,8 @@ fi
#===============================================================================
# Execute Let's Encrypt and accomplish the ACME challenge to get the certificate
#===============================================================================
-certbot certonly --authenticator standalone --text --server "${LETSENCRYPT_ENDPOINT}" --email "${LETSENCRYPT_MAILADDR}" \
---csr "${REQUESTFILE}" --cert-path "${CERTIFICATE_ONLY}" --fullchain-path "${CERTIFICATE_FULL}" --chain-path "${INTERMEDIATE}"
+certbot certonly --authenticator standalone --text --server "${LETSENCRYPT_ENDPOINT}" --csr "${REQUESTFILE}" \
+--cert-path "${CERTIFICATE_ONLY}" --fullchain-path "${CERTIFICATE_FULL}" --chain-path "${INTERMEDIATE}"
#===============================================================================
# Adjust the UNIX permissions with owner and group for the new created files
diff --git a/readme.md b/readme.md
index c2f6498..a4d6902 100644
--- a/readme.md
+++ b/readme.md
@@ -2,7 +2,7 @@
Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having a HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created RSA private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the RSA private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the correct UNIX file permissions.
## Configuration
-The email address which is used for the **Let's Encrypt** account is defined within `LETSENCRYPT_MAILADDR`. It is possible to change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shutting down a running webserver to release the HTTP(S) port for the standalone webserver before certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`.
+Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for testing purposes. You also can define a command within `LETSENCRYPT_COMMAND_BEFORE` to shutting down a running webserver to release the HTTP(S) port for the standalone webserver before certbot runs the ACME challenge. You can restart your webserver after the ACME challenge is completed within `LETSENCRYPT_COMMAND_AFTER`.
## Arguments
1. `ARGUMENT_DIRECTORY` contains a string with the directory path where the certificates should be installed. This directory should already contain a manually created RSA private key for the Certificate-Signing-Request (CSR). It's always a good idea to handle the RSA private keys manually because you may use [HTTP Public-Key-Pinning (HPKP)](https://tools.ietf.org/html/rfc7469) so that you must ensure, that the RSA private key does not change.