| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Introduce a "--server" and "--staging" option to easily specify a custom
ACME endpoint (or use of the staging server) which eliminates the hassle
of manually editing the script for specifying a different ACME endpoint.
|
|
The "getopts" shell built-in works perfectly with short options but does
not support long options, unfortunately. To be more flexible when adding
new options, get rid of "getopts" and use a traditional loop instead.
|
|
Fix a bug where an argument containing white space is processed as two
different arguments even if the argument was quoted correctly. Example:
$ painless-le "target dir" example.org www.example.org
> $1="target", $2="dir", $3="example.org" [...]
To ensure that white space within arguments will be processed correctly,
we must call "set" within "eval", and because of "eval" we need quoted
arguments, so remove the "-u" („unquoted“) option from getopt.
|
|
Instead of manually editing the script for defining commands that should
be execute BEFORE and AFTER the ACME challenge, the users of this script
better should execute those commands in their shell before and after
running PainlessLE. There is no need for editing the script...
|
|
|
|
Use an inline assembled OpenSSL configuration instead of relying on the
system-wide OpenSSL configuration (/etc/ssl/openssl.cnf) which location
was specified by the hardcoded OPENSSLCONF variable inside the script.
If the system-wide OpenSSL configuration file was not properly formatted
or otherwise customized by the system administrator, it could've lead to
conflicts with the CSR generation process in PainlessLE.
The inline configuration now only consists of the neccessary parts which
are relevant for generating the Certificate-Signing-Request.
Tested on:
- OpenSSL 1.1.1n @ Debian 11 (bullseye)
- OpenSSL 1.1.1d @ openSUSE Leap 15.3
|
|
The Certificate-Signing-Request file which is passed to Certbot must be
encoded either in PEM or DER format. Because PEM is the default, we can
omit the unnecessary "-outform der" option of the openssl command.
|
|
Do some code cleanup and optimizing, and fix a bug where the script will
always return exit code 1 if LETSENCRYPT_COMMAND_AFTER wasn't defined.
The bug was caused by this last line in the script:
[ ! -z "${LETSENCRYPT_COMMAND_AFTER}" ] \
&& eval $LETSENCRYPT_COMMAND_AFTER
... and has been fixed by putting the "eval $LETSENCRYPT_COMMAND_AFTER"
line into a real "if" container so that it doesn't affect the exit code
of the script when LETSENCRYPT_COMMAND_AFTER is undefined:
if [ ! -z "${LETSENCRYPT_COMMAND_AFTER}" ]; then
eval $LETSENCRYPT_COMMAND_AFTER
fi
|
|
Use positional arguments for providing the target directory and the list
of DNS hostnames to include within the certificate. Change the usage
instructions accordingly and optimize some sentences in README file.
|
|
|
|
|
|
Put the script into the package directory which reflects the directory
structure of /usr/local. This makes it easily possible to install the
script to /usr/local/sbin with a tool like *GNU Stow*.
|
