From b3f309c5a7dcb482dacebcdb69cddf9bf77e3dd9 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 1 Jan 2016 17:35:02 +0100
Subject: And make TLSA records

---
 letsencrypt-helpers/make-tlsa | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100755 letsencrypt-helpers/make-tlsa

diff --git a/letsencrypt-helpers/make-tlsa b/letsencrypt-helpers/make-tlsa
new file mode 100755
index 0000000..6a88b92
--- /dev/null
+++ b/letsencrypt-helpers/make-tlsa
@@ -0,0 +1,23 @@
+#!/bin/sh
+
+set -e
+set -u
+
+cd ~/certs
+
+for crt in *-combined.crt; do
+  (
+  openssl x509 -noout -text < "$crt" | awk '/X509v3 Subject Alternative Name/ {getline;gsub(/ /, "", $0); print}' | tr ',' '\n' | awk -F: '$1=="DNS" {print $2}';
+  openssl x509 -noout -subject < "$crt"| sed -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/'
+  ) | sort -u | while read cn; do
+    ports="443"
+    portsfile="${crt%-combined.crt}.ports"
+    if [ -e "$portsfile" ] ; then
+      ports=$(cat "$portsfile")
+    fi
+    for port in $ports; do
+      ~/swede/swede create --output rfc --usage=3 --selector=1 --mtype=1 --certificate "$crt" --port "$port" "$cn"
+    done
+  done
+done
+
-- 
cgit v1.2.3