aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2018-05-20 17:55:39 +0200
committerThomas Lange <code@nerdmind.de>2018-05-20 17:55:39 +0200
commit7155b9765422cc0bbd54824acdf6d5fa1836c2a2 (patch)
tree8e6c97983419fb52934fd7e5c8e44fdde8bba0f1
parentf380c7b264ab0ea0d1edfc2fa37082be5bc949c2 (diff)
downloadpainlessle-7155b9765422cc0bbd54824acdf6d5fa1836c2a2.tar.gz
painlessle-7155b9765422cc0bbd54824acdf6d5fa1836c2a2.tar.xz
painlessle-7155b9765422cc0bbd54824acdf6d5fa1836c2a2.zip
Remove the special emphasis of "RSA" because EC keys are working too
-rwxr-xr-xpainless-le.sh4
-rw-r--r--readme.md10
2 files changed, 7 insertions, 7 deletions
diff --git a/painless-le.sh b/painless-le.sh
index 9b265a4..48d65ed 100755
--- a/painless-le.sh
+++ b/painless-le.sh
@@ -5,12 +5,12 @@
# #
# Easily get an X.509 certificate from the Let's Encrypt Certificate Authority #
# for a bunch of hostnames without having an HTTP server installed. The script #
-# assumes that you have an existing RSA private key stored within your desired #
+# assumes that you have an existing private key stored within your desired #
# install directory (with the filename which is defined in "${CONFIDENTIAL}"). #
# #
# OPTION [-i]: Full path to the install directory for the certificates. #
# OPTION [-h]: List of hostnames for the certificate: example.org[:...] #
-# OPTION [-K]: Filename for the existing RSA private key relative to [-i] #
+# OPTION [-K]: Filename for the existing private key relative to [-i] #
# OPTION [-I]: Target filename for the intermediate cert relative to [-i] #
# OPTION [-C]: Target filename for the certificate only file relative to [-i] #
# OPTION [-F]: Target filename for the certificate full file relative to [-i] #
diff --git a/readme.md b/readme.md
index c07d115..98b2d66 100644
--- a/readme.md
+++ b/readme.md
@@ -1,5 +1,5 @@
# PainlessLE: Let's Encrypt Certificate Issuing
-Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having an HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created RSA private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the RSA private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the correct UNIX file permissions.
+Painless issuing a single [X.509 certificate](https://tools.ietf.org/html/rfc5280) for a bunch of hostnames from the **Let's Encrypt** Certification Authority (CA) without having an HTTP server installed (or for those people who do not want to touch their HTTP web directories and place a specific file to accomplish the ACME challenge). PainlessLE assumes that there is already a manually created private key which is used for the Certificate-Signing-Request (CSR) by OpenSSL. The location for the private key is defined within the `"CONFIDENTIAL"` variable and the path should exist with the correct UNIX file permissions.
## Requirements
The [Certbot client](https://certbot.eff.org/) must be installed on your machine because PainlessLE uses this piece of software to communicate over the [ACME protocol](https://tools.ietf.org/html/draft-ietf-acme-acme-01) with the ACME endpoint of Let's Encrypt and runs the ACME challenge. There are no known further requirements for using PainlessLE on Debian GNU/Linux at this time.
@@ -10,18 +10,18 @@ Change the `LETSENCRYPT_ENDPOINT` to the address of the ACME staging API for tes
## Arguments
### Required command-line options:
-* `[-i]`: Contains a string with the directory path where the certificates should be installed. This directory should already contain a manually created RSA private key (filename can be overwritten by providing the `[-K]` option) for the Certificate-Signing-Request (CSR). It's always a good idea to handle the RSA private keys manually because you may use [HTTP Public-Key-Pinning (HPKP)](https://tools.ietf.org/html/rfc7469) so that you must ensure, that the RSA private key does not change.
+* `[-i]`: Contains a string with the directory path where the certificates should be installed. This directory should already contain a manually created private key (filename can be overwritten by providing the `[-K]` option) for the Certificate-Signing-Request (CSR). It's always a good idea to handle the private keys manually because you may use [HTTP Public-Key-Pinning (HPKP)](https://tools.ietf.org/html/rfc7469) so that you must ensure, that the private key does not change.
* `[-h]`: Contains a colon (`:`) separated string with the DNS hostnames to include within the certificate. The string must be formatted as follows, without containing colons anywhere except **between** the hostnames: `example.org:blog.example.org:shop.example.org`
### Additional command-line options:
-* `[-K]`: Filename for the existing RSA private key relative to `[-i]`
+* `[-K]`: Filename for the existing private key relative to `[-i]`
* `[-I]`: Target filename for the intermediate certificate relative to `[-i]`
* `[-C]`: Target filename for the certificate only file relative to `[-i]`
* `[-F]`: Target filename for the certificate full fiĺe relative to `[-i]`
## Example
-Lets assume that you want to get a single X.509 certificate from the Let's Encrypt CA which includes three hostnames of your domain `example.org` (main domain, blog subdomain and shop subdomain). You already have an RSA private key with the correct UNIX file permissions stored within the following example directory with the name `confidential.pem`:
+Lets assume that you want to get a single X.509 certificate from the Let's Encrypt CA which includes three hostnames of your domain `example.org` (main domain, blog subdomain and shop subdomain). You already have an private key with the correct UNIX file permissions stored within the following example directory with the name `confidential.pem`:
/etc/painless-le/example.org/
└── [-rw-r----- user group ] confidential.pem
@@ -38,4 +38,4 @@ The certbot client will now contact the ACME challenge servers and runs a tempor
├── [-rw-r----- user group ] confidential.pem
└── [-rw-r----- user group ] intermediate.pem
-**Note:** The new certificates inherit the UNIX file permissions (**chmod** and **chown**) of the RSA private key `confidential.pem`! \ No newline at end of file
+**Note:** The new certificates inherit the UNIX file permissions (**chmod** and **chown**) of the private key `confidential.pem`! \ No newline at end of file