Browse Source
Localhost deploy hook mimicking certbot behavior.
Localhost deploy hook mimicking certbot behavior.
Deploys cert files to centralized cert directory mimicking certbot behavior, allowing multiple services to share certs.pull/4224/head
Github-Citizen
2 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 103 additions and 0 deletions
@ -0,0 +1,103 @@ |
|||||
|
#!/usr/bin/bash |
||||
|
# |
||||
|
# Deploy cert to localhost similar to certbot behavior |
||||
|
# |
||||
|
# export DEPLOY_LOCALHOST_PATH="/path/to/certs" |
||||
|
# |
||||
|
# Deploys as: |
||||
|
# /path/to/certs/domain.tld/privkey.pem |
||||
|
# /path/to/certs/domain.tld/cert.pem |
||||
|
# /path/to/certs/domain.tld/ca.pem |
||||
|
# /path/to/certs/domain.tld/fullchain.pem |
||||
|
# |
||||
|
# $1=domain $2=keyfile $3=certfile $4=cafile $5=fullchain |
||||
|
# |
||||
|
localhost_deploy() { |
||||
|
_cdomain="$1" |
||||
|
_ckey="$2" |
||||
|
_ccert="$3" |
||||
|
_cca="$4" |
||||
|
_cfullchain="$5" |
||||
|
|
||||
|
_debug _cdomain "$_cdomain" |
||||
|
_debug _ckey "$_ckey" |
||||
|
_debug _ccert "$_ccert" |
||||
|
_debug _cca "$_cca" |
||||
|
_debug _cfullchain "$_cfullchain" |
||||
|
|
||||
|
_getdeployconf DEPLOY_LOCALHOST_PATH |
||||
|
|
||||
|
_debug DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH" |
||||
|
|
||||
|
if [ -z "$_cdomain" ]; then |
||||
|
_err "Domain not defined" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if [ -z "$DEPLOY_LOCALHOST_PATH" ]; then |
||||
|
_err "DEPLOY_LOCALHOST_PATH not defined" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_ssl_path="$DEPLOY_LOCALHOST_PATH" |
||||
|
if [ ! -d "$_ssl_path" ]; then |
||||
|
_err "Path not found: $_ssl_path" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_savedeployconf DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH" |
||||
|
|
||||
|
_ssl_path="$_ssl_path/$_cdomain" |
||||
|
mkdir -p "$_ssl_path" |
||||
|
|
||||
|
# ECC or RSA |
||||
|
length=$(_readdomainconf Le_Keylength) |
||||
|
if _isEccKey "$length"; then |
||||
|
_info "ECC key type detected" |
||||
|
_file_prefix="ecdsa-" |
||||
|
else |
||||
|
_info "RSA key type detected" |
||||
|
_file_prefix="" |
||||
|
fi |
||||
|
|
||||
|
_info "Copying cert files..." |
||||
|
|
||||
|
# {$2} _ckey |
||||
|
_filename="$_ssl_path/${_file_prefix}privkey.pem" |
||||
|
if ! cat "$_ckey" > "$_filename"; then |
||||
|
err "Error: Can't write $_filename" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
if ! chmod 600 "$_filename"; then |
||||
|
err "Error: Can't set protected 600 permission on privkey.pem" |
||||
|
rm -f "$_filename" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# {$3} _ccert |
||||
|
_filename="$_ssl_path/${_file_prefix}cert.pem" |
||||
|
if ! cat "$_ccert" > "$_filename"; then |
||||
|
err "Error: Can't write $_filename" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# {$4} _cca |
||||
|
_filename="$_ssl_path/${_file_prefix}ca.pem" |
||||
|
if ! cat "$_cca" > "$_filename"; then |
||||
|
err "Error: Can't write $_filename" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
# {$5} _cfullchain |
||||
|
_filename="$_ssl_path/${_file_prefix}fullchain.pem" |
||||
|
if ! cat "$_cfullchain" > "$_filename"; then |
||||
|
err "Error: Can't write $_filename" |
||||
|
return 1 |
||||
|
fi |
||||
|
|
||||
|
_info "Done: Cert files copied to $_ssl_path/" |
||||
|
|
||||
|
return 0 |
||||
|
|
||||
|
} |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue