rename -apache.crt to -combined.crt, load dh params based on rsa key size, use just .pem if it exists

1 files changed, 53 insertions, 0 deletions

diff --git a/letsencrypt-helpers/make-combined-crt b/letsencrypt-helpers/make-combined-crt
new file mode 100755
index 0000000..b605765
--- /dev/null
+++ b/letsencrypt-helpers/make-combined-crt
@@ -0,0 +1,53 @@
+#!/bin/sh
+
+set -e
+set -u
+
+cd ~/certs
+
+if [ "$#" != 1 ]; then
+  echo >&2 "Usage: $0 <fqdn>"
+  exit 1
+fi
+
+cn="$1"
+shift
+
+if ! [ -e "$cn.key" ] ; then
+  echo >&2 "$cn.key does not exist."
+  exit 1
+fi
+
+if [ -e "$cn-letsencrypt.pem" ] ; then
+  pem="$cn-letsencrypt.pem"
+  chain="extra/letsencryptauthorityx1.pem"
+elif [ -e "$cn.pem" ] ; then
+  pem="$cn.pem"
+  if [ -e "$cn-chain.pem" ]; then
+    chain="$cn-chain.pem"
+  else
+    chain=""
+  fi
+elif [ -e "$cn-selfsigned.pem" ] ; then
+  pem="$cn-selfsigned.pem"
+  chain=""
+  echo >&2 "Warning: only selfsigned cert available for $cn."
+else
+  echo >&2 "Error: no cert available for $cn."
+  exit 1
+fi
+
+(
+cat "$pem"
+if [ -n "$chain" ]; then
+cat "$chain"
+fi
+
+size=$(openssl rsa  < "$cn".key -text -noout | awk -F: '$1 == "Private-Key" {print $2}' | sed -e 's/[^0-9]//g')
+if [ -e extra/dh-"$size".pem ]; then
+  cat extra/dh-"$size".pem;
+else
+  echo >&2 "Warning: No extra/dh-$size.pem file found."
+fi
+
+) > $cn-combined.crt