diff options
author | Thomas Lange <code@nerdmind.de> | 2022-10-24 18:57:03 +0200 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2022-10-24 18:57:03 +0200 |
commit | ee55f1d2d75078c6d96da875166c2c82e04a668c (patch) | |
tree | 8a181f47e7389cc447c7bf8daec47ad30738f013 /package | |
parent | ff4d5ef9628c3c6f442596ffe5a18ff633a54cb4 (diff) | |
download | painlessle-ee55f1d2d75078c6d96da875166c2c82e04a668c.tar.gz painlessle-ee55f1d2d75078c6d96da875166c2c82e04a668c.tar.xz painlessle-ee55f1d2d75078c6d96da875166c2c82e04a668c.zip |
Use positional args (change usage instructions)
Use positional arguments for providing the target directory and the list
of DNS hostnames to include within the certificate. Change the usage
instructions accordingly and optimize some sentences in README file.
Diffstat (limited to 'package')
-rwxr-xr-x | package/sbin/painless-le | 52 |
1 files changed, 30 insertions, 22 deletions
diff --git a/package/sbin/painless-le b/package/sbin/painless-le index 4577e19..82886ee 100755 --- a/package/sbin/painless-le +++ b/package/sbin/painless-le @@ -1,6 +1,6 @@ #!/bin/bash #%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# -# Painless Let's Encrypt Certificate Issuing [Thomas Lange <code@nerdmind.de>] # +# PainlessLE – A wrapper script for Certbot [Thomas Lange <code@nerdmind.de>] # #%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# # # # Easily get an X.509 certificate from the Let's Encrypt Certificate Authority # @@ -8,28 +8,30 @@ # assumes that you have an existing private key stored within your desired # # install directory (with the filename which is defined in "${CONFIDENTIAL}"). # # # -# OPTION [-i]: Full path to the install directory for the certificates. # -# OPTION [-h]: List of hostnames for the certificate: example.org[:...] # -# OPTION [-K]: Filename for the existing private key relative to [-i] # -# OPTION [-I]: Target filename for the intermediate cert relative to [-i] # -# OPTION [-C]: Target filename for the certificate only file relative to [-i] # -# OPTION [-F]: Target filename for the certificate full file relative to [-i] # +# USAGE: # +# painless-le [OPTIONS] TARGET_DIR DNS_DOMAIN [DNS_DOMAIN ...] # +# # +# TARGET_DIR: Path to the target directory for the certificate files. # +# DNS_DOMAIN: One or more DNS hostnames to include in the certficate. # +# # +# OPTION [-K]: Filename of the existing private key in target directory. # +# OPTION [-I]: Filename for the intermediate certificate in target directory. # +# OPTION [-C]: Filename for the standalone certificate in target directory. # +# OPTION [-F]: Filename for the certificate+intermediate in target directory. # # # #%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%# #=============================================================================== # Normalize command-line arguments with GNU getopt #=============================================================================== -set -- $(getopt -uo i:h:K:I:C:F: -- "$@") +set -- $(getopt -uo K:I:C:F: -- "$@") #=============================================================================== -# Parse command-line arguments with the getopts shell built-in +# Parse command-line options with getopts #=============================================================================== -while getopts :i:h:K:I:C:F: option +while getopts :K:I:C:F: option do case $option in - i) ARGUMENT_DIRECTORY="$OPTARG" ;; - h) ARGUMENT_HOSTNAMES="$OPTARG" ;; K) ARGUMENT_CONFIDENTIAL="$OPTARG" ;; I) ARGUMENT_INTERMEDIATE="$OPTARG" ;; C) ARGUMENT_CERTIFICATE_ONLY="$OPTARG" ;; @@ -38,15 +40,21 @@ do done; shift $((OPTIND-1)) #=============================================================================== -# Checking if all required command-line arguments are provided +# Set positional argument variables +#=============================================================================== +TARGET_DIR="$1" +DNS_DOMAIN="${@:2}" + +#=============================================================================== +# Check if required positional arguments are given #=============================================================================== -[ -z "${ARGUMENT_DIRECTORY}" ] && echo "$0: Missing argument: [-i directory]" >&2 -[ -z "${ARGUMENT_HOSTNAMES}" ] && echo "$0: Missing argument: [-h hostnames]" >&2 +[ -z "${TARGET_DIR}" ] && echo "$0: Missing argument: TARGET_DIR" >&2 +[ -z "${DNS_DOMAIN}" ] && echo "$0: Missing argument: DNS_DOMAIN" >&2 #=============================================================================== -# Abort execution if required command-line argument is missing +# Exit script if required positional argument is missing #=============================================================================== -[ -z "${ARGUMENT_DIRECTORY}" ] || [ -z "${ARGUMENT_HOSTNAMES}" ] && exit 1 +[ -z "${TARGET_DIR}" ] || [ -z "${DNS_DOMAIN}" ] && exit 1 #=============================================================================== # Define the ACME endpoint address @@ -65,10 +73,10 @@ LETSENCRYPT_ENDPOINT="https://acme-v02.api.letsencrypt.org/directory" #=============================================================================== OPENSSLCONF="/etc/ssl/openssl.cnf" REQUESTFILE=`mktemp /tmp/painless-le.XXXXXXXXXX.csr` - CONFIDENTIAL="${ARGUMENT_DIRECTORY%/}/${ARGUMENT_CONFIDENTIAL:-confidential.pem}" - INTERMEDIATE="${ARGUMENT_DIRECTORY%/}/${ARGUMENT_INTERMEDIATE:-intermediate.pem}" -CERTIFICATE_ONLY="${ARGUMENT_DIRECTORY%/}/${ARGUMENT_CERTIFICATE_ONLY:-certificate_only.pem}" -CERTIFICATE_FULL="${ARGUMENT_DIRECTORY%/}/${ARGUMENT_CERTIFICATE_FULL:-certificate_full.pem}" + CONFIDENTIAL="${TARGET_DIR%/}/${ARGUMENT_CONFIDENTIAL:-confidential.pem}" + INTERMEDIATE="${TARGET_DIR%/}/${ARGUMENT_INTERMEDIATE:-intermediate.pem}" +CERTIFICATE_ONLY="${TARGET_DIR%/}/${ARGUMENT_CERTIFICATE_ONLY:-certificate_only.pem}" +CERTIFICATE_FULL="${TARGET_DIR%/}/${ARGUMENT_CERTIFICATE_FULL:-certificate_full.pem}" #=============================================================================== # Delete Certificate-Signing-Request (CSR) file on exit @@ -78,7 +86,7 @@ trap 'rm ${REQUESTFILE}' EXIT #=============================================================================== # Generate Certificate-Signing-Request (CSR) #=============================================================================== -openssl req -config <(cat "${OPENSSLCONF}" <(printf "[SAN]\nsubjectAltName=DNS:`echo ${ARGUMENT_HOSTNAMES} | sed "s/:/,DNS:/g"`")) \ +openssl req -config <(cat "${OPENSSLCONF}" <(printf "[SAN]\nsubjectAltName=DNS:`echo ${DNS_DOMAIN} | sed "s/ /,DNS:/g"`")) \ -new -sha256 -key "${CONFIDENTIAL}" -out "${REQUESTFILE}" -outform der -reqexts SAN -subj "/" #=============================================================================== |