|
@ -195,7 +195,7 @@ lighttpd_deploy() { |
|
|
_info "Updating OCSP stapling info" |
|
|
_info "Updating OCSP stapling info" |
|
|
_debug _ocsp "${_ocsp}" |
|
|
_debug _ocsp "${_ocsp}" |
|
|
_info "Extracting OCSP URL" |
|
|
_info "Extracting OCSP URL" |
|
|
_ocsp_url=$(openssl x509 -noout -ocsp_uri -in "${_pem}") |
|
|
|
|
|
|
|
|
_ocsp_url=$(${ACME_OPENSSL_BIN:-openssl} x509 -noout -ocsp_uri -in "${_pem}") |
|
|
_debug _ocsp_url "${_ocsp_url}" |
|
|
_debug _ocsp_url "${_ocsp_url}" |
|
|
|
|
|
|
|
|
# Only process OCSP if URL was present |
|
|
# Only process OCSP if URL was present |
|
@ -208,9 +208,9 @@ lighttpd_deploy() { |
|
|
# Only process the certificate if we have a .issuer file |
|
|
# Only process the certificate if we have a .issuer file |
|
|
if [ -r "${_issuer}" ]; then |
|
|
if [ -r "${_issuer}" ]; then |
|
|
# Check if issuer cert is also a root CA cert |
|
|
# Check if issuer cert is also a root CA cert |
|
|
_subjectdn=$(openssl x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|
|
|
|
|
|
|
|
_subjectdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -subject -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|
|
_debug _subjectdn "${_subjectdn}" |
|
|
_debug _subjectdn "${_subjectdn}" |
|
|
_issuerdn=$(openssl x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|
|
|
|
|
|
|
|
_issuerdn=$(${ACME_OPENSSL_BIN:-openssl} x509 -in "${_issuer}" -issuer -noout | cut -d'/' -f2,3,4,5,6,7,8,9,10) |
|
|
_debug _issuerdn "${_issuerdn}" |
|
|
_debug _issuerdn "${_issuerdn}" |
|
|
_info "Requesting OCSP response" |
|
|
_info "Requesting OCSP response" |
|
|
# If the issuer is a CA cert then our command line has "-CAfile" added |
|
|
# If the issuer is a CA cert then our command line has "-CAfile" added |
|
@ -221,7 +221,7 @@ lighttpd_deploy() { |
|
|
fi |
|
|
fi |
|
|
_debug _cafile_argument "${_cafile_argument}" |
|
|
_debug _cafile_argument "${_cafile_argument}" |
|
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
|
|
# if OpenSSL/LibreSSL is v1.1 or above, the format for the -header option has changed |
|
|
_openssl_version=$(openssl version | cut -d' ' -f2) |
|
|
|
|
|
|
|
|
_openssl_version=$(${ACME_OPENSSL_BIN:-openssl} version | cut -d' ' -f2) |
|
|
_debug _openssl_version "${_openssl_version}" |
|
|
_debug _openssl_version "${_openssl_version}" |
|
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
|
|
_openssl_major=$(echo "${_openssl_version}" | cut -d '.' -f1) |
|
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
|
|
_openssl_minor=$(echo "${_openssl_version}" | cut -d '.' -f2) |
|
@ -231,7 +231,7 @@ lighttpd_deploy() { |
|
|
_header_sep=" " |
|
|
_header_sep=" " |
|
|
fi |
|
|
fi |
|
|
# Request the OCSP response from the issuer and store it |
|
|
# Request the OCSP response from the issuer and store it |
|
|
_openssl_ocsp_cmd="openssl ocsp \ |
|
|
|
|
|
|
|
|
_openssl_ocsp_cmd="${ACME_OPENSSL_BIN:-openssl} ocsp \ |
|
|
-issuer \"${_issuer}\" \ |
|
|
-issuer \"${_issuer}\" \ |
|
|
-cert \"${_pem}\" \ |
|
|
-cert \"${_pem}\" \ |
|
|
-url \"${_ocsp_url}\" \ |
|
|
-url \"${_ocsp_url}\" \ |
|
|