From a2b7d3d8377e767c73371e3aafbf84d40fa78d27 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Thu, 31 Dec 2015 15:53:27 +0100 Subject: rename -apache.crt to -combined.crt, load dh params based on rsa key size, use just .pem if it exists --- letsencrypt-helpers/make-apache-crt | 39 -------------------------- letsencrypt-helpers/make-combined-crt | 53 +++++++++++++++++++++++++++++++++++ letsencrypt-helpers/renew-as-required | 4 +-- letsencrypt-helpers/vhost-step-1 | 2 +- letsencrypt-helpers/vhost-step-2 | 2 +- 5 files changed, 57 insertions(+), 43 deletions(-) delete mode 100755 letsencrypt-helpers/make-apache-crt create mode 100755 letsencrypt-helpers/make-combined-crt (limited to 'letsencrypt-helpers') diff --git a/letsencrypt-helpers/make-apache-crt b/letsencrypt-helpers/make-apache-crt deleted file mode 100755 index 8c7eb09..0000000 --- a/letsencrypt-helpers/make-apache-crt +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -set -e -set -u - -cd ~/certs - -if [ "$#" != 1 ]; then - echo >&2 "Usage: $0 " - exit 1 -fi - -cn="$1" -shift - -if ! [ -e "$cn.key" ] ; then - echo >&2 "$cn.key does not exist." - exit 1 -fi - -if [ -e "$cn-letsencrypt.pem" ] ; then - pem="$cn-letsencrypt.pem" - chain="extra/letsencryptauthorityx1.pem" -elif [ -e "$cn-selfsigned.pem" ] ; then - pem="$cn-selfsigned.pem" - chain="" - echo >&2 "Warning: only selfsigned cert available for $cn." -else - echo >&2 "Error: no cert available for $cn." - exit 1 -fi - -( -cat "$pem" -if [ -n "$chain" ]; then -cat "$chain" -if [ -e extra/dh-4096.pem ]; then cat extra/dh-4096.pem; fi -fi -) > $cn-apache.crt diff --git a/letsencrypt-helpers/make-combined-crt b/letsencrypt-helpers/make-combined-crt new file mode 100755 index 0000000..b605765 --- /dev/null +++ b/letsencrypt-helpers/make-combined-crt @@ -0,0 +1,53 @@ +#!/bin/sh + +set -e +set -u + +cd ~/certs + +if [ "$#" != 1 ]; then + echo >&2 "Usage: $0 " + exit 1 +fi + +cn="$1" +shift + +if ! [ -e "$cn.key" ] ; then + echo >&2 "$cn.key does not exist." + exit 1 +fi + +if [ -e "$cn-letsencrypt.pem" ] ; then + pem="$cn-letsencrypt.pem" + chain="extra/letsencryptauthorityx1.pem" +elif [ -e "$cn.pem" ] ; then + pem="$cn.pem" + if [ -e "$cn-chain.pem" ]; then + chain="$cn-chain.pem" + else + chain="" + fi +elif [ -e "$cn-selfsigned.pem" ] ; then + pem="$cn-selfsigned.pem" + chain="" + echo >&2 "Warning: only selfsigned cert available for $cn." +else + echo >&2 "Error: no cert available for $cn." + exit 1 +fi + +( +cat "$pem" +if [ -n "$chain" ]; then +cat "$chain" +fi + +size=$(openssl rsa < "$cn".key -text -noout | awk -F: '$1 == "Private-Key" {print $2}' | sed -e 's/[^0-9]//g') +if [ -e extra/dh-"$size".pem ]; then + cat extra/dh-"$size".pem; +else + echo >&2 "Warning: No extra/dh-$size.pem file found." +fi + +) > $cn-combined.crt diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required index 0b404e4..768d23f 100755 --- a/letsencrypt-helpers/renew-as-required +++ b/letsencrypt-helpers/renew-as-required @@ -27,8 +27,8 @@ for i in *-letsencrypt.pem; do err=1 continue fi - if ! make-apache-crt "$cn"; then - echo >&2 "make-apache-crt for $cn failed." + if ! make-combined-crt "$cn"; then + echo >&2 "make-combined-crt for $cn failed." err=1 continue fi diff --git a/letsencrypt-helpers/vhost-step-1 b/letsencrypt-helpers/vhost-step-1 index 1549d3b..cbe850a 100755 --- a/letsencrypt-helpers/vhost-step-1 +++ b/letsencrypt-helpers/vhost-step-1 @@ -13,6 +13,6 @@ shift new-key "$cn" new-csr "$cn" -make-apache-crt "$cn" +make-combined-crt "$cn" echo "Enable vhost and " echo " service apache2 reload" diff --git a/letsencrypt-helpers/vhost-step-2 b/letsencrypt-helpers/vhost-step-2 index 7ddc2e6..03cc6f1 100755 --- a/letsencrypt-helpers/vhost-step-2 +++ b/letsencrypt-helpers/vhost-step-2 @@ -12,6 +12,6 @@ cn="$1" shift request-letsencrypt "$cn" -make-apache-crt "$cn" +make-combined-crt "$cn" echo "Now" echo " service apache2 reload" -- cgit v1.2.3