|
|
|
@ -1243,7 +1243,14 @@ _createcsr() { |
|
|
|
_debug2 csr "$csr" |
|
|
|
_debug2 csrconf "$csrconf" |
|
|
|
|
|
|
|
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf" |
|
|
|
printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf" |
|
|
|
|
|
|
|
if [ "$Le_ExtKeyUse" ]; then |
|
|
|
_savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse" |
|
|
|
printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf" |
|
|
|
else |
|
|
|
printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf" |
|
|
|
fi |
|
|
|
|
|
|
|
if [ "$acmeValidationv1" ]; then |
|
|
|
domainlist="$(_idn "$domainlist")" |
|
|
|
@ -7007,6 +7014,7 @@ Parameters: |
|
|
|
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed. |
|
|
|
--renew-hook <command> Command to be run after each successfully renewed certificate. |
|
|
|
--deploy-hook <hookname> The hook file to deploy cert |
|
|
|
--extended-key-usage <string> Manually define the CSR extended key usage value. The default is serverAuth,clientAuth. |
|
|
|
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension. |
|
|
|
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default. |
|
|
|
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted. |
|
|
|
@ -7698,6 +7706,10 @@ _process() { |
|
|
|
_deploy_hook="$_deploy_hook$2," |
|
|
|
shift |
|
|
|
;; |
|
|
|
--extended-key-usage) |
|
|
|
Le_ExtKeyUse="$2" |
|
|
|
shift |
|
|
|
;; |
|
|
|
--ocsp-must-staple | --ocsp) |
|
|
|
Le_OCSP_Staple="1" |
|
|
|
;; |
|
|
|
|
neil
3 months ago
GitHub