Browse Source
Localhost deploy hook mimicking certbot behavior.
Localhost deploy hook mimicking certbot behavior.
Deploys cert files to centralized cert directory mimicking certbot behavior, allowing multiple services to share certs.pull/4224/head
Github-Citizen
2 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 103 additions and 0 deletions
@ -0,0 +1,103 @@ |
|||
#!/usr/bin/bash |
|||
# |
|||
# Deploy cert to localhost similar to certbot behavior |
|||
# |
|||
# export DEPLOY_LOCALHOST_PATH="/path/to/certs" |
|||
# |
|||
# Deploys as: |
|||
# /path/to/certs/domain.tld/privkey.pem |
|||
# /path/to/certs/domain.tld/cert.pem |
|||
# /path/to/certs/domain.tld/ca.pem |
|||
# /path/to/certs/domain.tld/fullchain.pem |
|||
# |
|||
# $1=domain $2=keyfile $3=certfile $4=cafile $5=fullchain |
|||
# |
|||
localhost_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
_getdeployconf DEPLOY_LOCALHOST_PATH |
|||
|
|||
_debug DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH" |
|||
|
|||
if [ -z "$_cdomain" ]; then |
|||
_err "Domain not defined" |
|||
return 1 |
|||
fi |
|||
|
|||
if [ -z "$DEPLOY_LOCALHOST_PATH" ]; then |
|||
_err "DEPLOY_LOCALHOST_PATH not defined" |
|||
return 1 |
|||
fi |
|||
|
|||
_ssl_path="$DEPLOY_LOCALHOST_PATH" |
|||
if [ ! -d "$_ssl_path" ]; then |
|||
_err "Path not found: $_ssl_path" |
|||
return 1 |
|||
fi |
|||
|
|||
_savedeployconf DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH" |
|||
|
|||
_ssl_path="$_ssl_path/$_cdomain" |
|||
mkdir -p "$_ssl_path" |
|||
|
|||
# ECC or RSA |
|||
length=$(_readdomainconf Le_Keylength) |
|||
if _isEccKey "$length"; then |
|||
_info "ECC key type detected" |
|||
_file_prefix="ecdsa-" |
|||
else |
|||
_info "RSA key type detected" |
|||
_file_prefix="" |
|||
fi |
|||
|
|||
_info "Copying cert files..." |
|||
|
|||
# {$2} _ckey |
|||
_filename="$_ssl_path/${_file_prefix}privkey.pem" |
|||
if ! cat "$_ckey" > "$_filename"; then |
|||
err "Error: Can't write $_filename" |
|||
return 1 |
|||
fi |
|||
|
|||
if ! chmod 600 "$_filename"; then |
|||
err "Error: Can't set protected 600 permission on privkey.pem" |
|||
rm -f "$_filename" |
|||
return 1 |
|||
fi |
|||
|
|||
# {$3} _ccert |
|||
_filename="$_ssl_path/${_file_prefix}cert.pem" |
|||
if ! cat "$_ccert" > "$_filename"; then |
|||
err "Error: Can't write $_filename" |
|||
return 1 |
|||
fi |
|||
|
|||
# {$4} _cca |
|||
_filename="$_ssl_path/${_file_prefix}ca.pem" |
|||
if ! cat "$_cca" > "$_filename"; then |
|||
err "Error: Can't write $_filename" |
|||
return 1 |
|||
fi |
|||
|
|||
# {$5} _cfullchain |
|||
_filename="$_ssl_path/${_file_prefix}fullchain.pem" |
|||
if ! cat "$_cfullchain" > "$_filename"; then |
|||
err "Error: Can't write $_filename" |
|||
return 1 |
|||
fi |
|||
|
|||
_info "Done: Cert files copied to $_ssl_path/" |
|||
|
|||
return 0 |
|||
|
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue