diff options
| author | Peter Palfrader <peter@palfrader.org> | 2015-12-31 15:53:27 +0100 |
|---|---|---|
| committer | Peter Palfrader <peter@palfrader.org> | 2015-12-31 15:53:27 +0100 |
| commit | a2b7d3d8377e767c73371e3aafbf84d40fa78d27 (patch) | |
| tree | b29b687ad38216269b55b045467ddcec10044a70 | |
| parent | a495a8822f58085f94e2d1205aa5c7de56b5ea23 (diff) | |
rename -apache.crt to -combined.crt, load dh params based on rsa key size, use just .pem if it exists
| -rwxr-xr-x | letsencrypt-helpers/make-combined-crt (renamed from letsencrypt-helpers/make-apache-crt) | 18 | ||||
| -rwxr-xr-x | letsencrypt-helpers/renew-as-required | 4 | ||||
| -rwxr-xr-x | letsencrypt-helpers/vhost-step-1 | 2 | ||||
| -rwxr-xr-x | letsencrypt-helpers/vhost-step-2 | 2 |
4 files changed, 20 insertions, 6 deletions
diff --git a/letsencrypt-helpers/make-apache-crt b/letsencrypt-helpers/make-combined-crt index 8c7eb09..b605765 100755 --- a/letsencrypt-helpers/make-apache-crt +++ b/letsencrypt-helpers/make-combined-crt @@ -21,6 +21,13 @@ fi if [ -e "$cn-letsencrypt.pem" ] ; then pem="$cn-letsencrypt.pem" chain="extra/letsencryptauthorityx1.pem" +elif [ -e "$cn.pem" ] ; then + pem="$cn.pem" + if [ -e "$cn-chain.pem" ]; then + chain="$cn-chain.pem" + else + chain="" + fi elif [ -e "$cn-selfsigned.pem" ] ; then pem="$cn-selfsigned.pem" chain="" @@ -34,6 +41,13 @@ fi cat "$pem" if [ -n "$chain" ]; then cat "$chain" -if [ -e extra/dh-4096.pem ]; then cat extra/dh-4096.pem; fi fi -) > $cn-apache.crt + +size=$(openssl rsa < "$cn".key -text -noout | awk -F: '$1 == "Private-Key" {print $2}' | sed -e 's/[^0-9]//g') +if [ -e extra/dh-"$size".pem ]; then + cat extra/dh-"$size".pem; +else + echo >&2 "Warning: No extra/dh-$size.pem file found." +fi + +) > $cn-combined.crt diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required index 0b404e4..768d23f 100755 --- a/letsencrypt-helpers/renew-as-required +++ b/letsencrypt-helpers/renew-as-required @@ -27,8 +27,8 @@ for i in *-letsencrypt.pem; do err=1 continue fi - if ! make-apache-crt "$cn"; then - echo >&2 "make-apache-crt for $cn failed." + if ! make-combined-crt "$cn"; then + echo >&2 "make-combined-crt for $cn failed." err=1 continue fi diff --git a/letsencrypt-helpers/vhost-step-1 b/letsencrypt-helpers/vhost-step-1 index 1549d3b..cbe850a 100755 --- a/letsencrypt-helpers/vhost-step-1 +++ b/letsencrypt-helpers/vhost-step-1 @@ -13,6 +13,6 @@ shift new-key "$cn" new-csr "$cn" -make-apache-crt "$cn" +make-combined-crt "$cn" echo "Enable vhost and " echo " service apache2 reload" diff --git a/letsencrypt-helpers/vhost-step-2 b/letsencrypt-helpers/vhost-step-2 index 7ddc2e6..03cc6f1 100755 --- a/letsencrypt-helpers/vhost-step-2 +++ b/letsencrypt-helpers/vhost-step-2 @@ -12,6 +12,6 @@ cn="$1" shift request-letsencrypt "$cn" -make-apache-crt "$cn" +make-combined-crt "$cn" echo "Now" echo " service apache2 reload" |