summaryrefslogtreecommitdiff
path: root/letsencrypt-helpers
diff options
context:
space:
mode:
Diffstat (limited to 'letsencrypt-helpers')
-rw-r--r--letsencrypt-helpers/README2
-rwxr-xr-xletsencrypt-helpers/make-combined-crt11
2 files changed, 10 insertions, 3 deletions
diff --git a/letsencrypt-helpers/README b/letsencrypt-helpers/README
index e5f65fa..6909fcf 100644
--- a/letsencrypt-helpers/README
+++ b/letsencrypt-helpers/README
@@ -6,8 +6,6 @@ o Furthermore, that there is a ~/acme-challenge and that is aliased in apache:
| Alias "/.well-known/acme-challenge" "/srv/letsencrypt/acme-challenge"
o Also, we want an account key in ~:
(umask 277 && ! [ -e account.key ] && openssl genrsa 4096 > account.key)
-o And you want the letsencrypt chain file lets-encrypt-x1-cross-signed.pem
- in ~/certs/extra
o Optionally, a dh file in ~/certs/extra/dh-4096.pem
openssl dhparam -out ~/certs/extra/dh-4096.pem 4096
o And you want this bin directory in PATH for your letsencrypt role user.
diff --git a/letsencrypt-helpers/make-combined-crt b/letsencrypt-helpers/make-combined-crt
index 2c6dc59..56a2989 100755
--- a/letsencrypt-helpers/make-combined-crt
+++ b/letsencrypt-helpers/make-combined-crt
@@ -41,7 +41,16 @@ fi
if [ -e "$cn-letsencrypt.pem" ] ; then
pem="$cn-letsencrypt.pem"
- chain="extra/lets-encrypt-x1-cross-signed.pem"
+
+ tmp=$(tempfile)
+ trap "rm -f '$tmp'" EXIT
+ issuers_uri="$(openssl x509 -in "$pem" -noout -text | grep 'CA Issuers - URI:' | cut -d':' -f2-)"
+ if [ "${issuers_uri#http}" != "$issuers_uri" ]; then
+ wget -q -O "$tmp" "$issuers_uri"
+ chain="$tmp"
+ else
+ chain=""
+ fi
elif [ -e "$cn.pem" ] ; then
pem="$cn.pem"
if [ -e "$cn-chain.pem" ]; then