Age | Commit message (Collapse) | Author | Files | Lines |
|
Use an inline assembled OpenSSL configuration instead of relying on the
system-wide OpenSSL configuration (/etc/ssl/openssl.cnf) which location
was specified by the hardcoded OPENSSLCONF variable inside the script.
If the system-wide OpenSSL configuration file was not properly formatted
or otherwise customized by the system administrator, it could've lead to
conflicts with the CSR generation process in PainlessLE.
The inline configuration now only consists of the neccessary parts which
are relevant for generating the Certificate-Signing-Request.
Tested on:
- OpenSSL 1.1.1n @ Debian 11 (bullseye)
- OpenSSL 1.1.1d @ openSUSE Leap 15.3
|
|
The Certificate-Signing-Request file which is passed to Certbot must be
encoded either in PEM or DER format. Because PEM is the default, we can
omit the unnecessary "-outform der" option of the openssl command.
|
|
Do some code cleanup and optimizing, and fix a bug where the script will
always return exit code 1 if LETSENCRYPT_COMMAND_AFTER wasn't defined.
The bug was caused by this last line in the script:
[ ! -z "${LETSENCRYPT_COMMAND_AFTER}" ] \
&& eval $LETSENCRYPT_COMMAND_AFTER
... and has been fixed by putting the "eval $LETSENCRYPT_COMMAND_AFTER"
line into a real "if" container so that it doesn't affect the exit code
of the script when LETSENCRYPT_COMMAND_AFTER is undefined:
if [ ! -z "${LETSENCRYPT_COMMAND_AFTER}" ]; then
eval $LETSENCRYPT_COMMAND_AFTER
fi
|
|
Use positional arguments for providing the target directory and the list
of DNS hostnames to include within the certificate. Change the usage
instructions accordingly and optimize some sentences in README file.
|
|
|
|
|
|
Put the script into the package directory which reflects the directory
structure of /usr/local. This makes it easily possible to install the
script to /usr/local/sbin with a tool like *GNU Stow*.
|