#-------------------------------------------------------------------
#comment in if working in production
DRY_RUN="--dry-run"
+APPNAME=mailleur
#-------------------------------------------------------------------
-WRKDIR=/etc/certbot
-MRKR=`date +"%F"`
+WRKDIR=/etc/certbot/$APPNAME
gen_cnf()
{
-if [ ! -f ./data/cnffile ] ; then
+if [ ! -f ./cnffile ] ; then
#generate a config file
- cat > ./data/cnffile << EOT
+ cat > ./cnffile << EOT
[req]
distinguished_name=req_dn
[req_dn]
{
#Generate an Elliptic Curve Digital Signature Algorithm
-if [ ! -f ./data/ec_key.pem ] ; then
+if [ ! -f ./ec_key.pem ] ; then
openssl ecparam \
- -out ./data/ec_key.pem \
+ -out ./ec_key.pem \
-genkey \
-name prime256v1
fi
{
#Generate the CSR request
openssl req \
- -config ./data/cnffile \
+ -config ./cnffile \
-outform PEM \
-new \
-nodes \
-subj '/' \
-reqexts SAN \
- -out ./data/request.csr \
- -keyout ./data/privkey.pem \
- -key ./data/ec_key.pem
+ -out ./request.csr \
+ -keyout ./privkey.pem \
+ -key ./ec_key.pem
}
ls -ails ./data/request.csr
certbot certonly \
--apache \
- --csr ./data/request.csr \
- --fullchain-path ./data/$MRKR-fullchain.pem \
- --chain-path ./data/$MRKR-chain.pem \
- --cert-path ./data/$MRKR-cert.pem \
- --work-dir ./data \
- --logs-dir ./data \
- --config-dir ./data \
+ --csr ./request.csr \
+ --fullchain-path ./$APPNAME-fullchain.pem \
+ --chain-path ./$APPNAME-chain.pem \
+ --cert-path ./$APPNAME-cert.pem \
+ --work-dir . \
+ --logs-dir ./logs \
$DRY_RUN
}
echo ";--------------------------------------------"
echo ";TLSA record to be inserted in domain DNS"
echo -e "_25._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
+echo -e "_465._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
+echo -e "_587._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
echo ";--------------------------------------------"
}
#Set working directory
-cd $WRKDIR
-mkdir -p data
+mkdir -p $WRKDIR
gen_cnf
gen_key
vps2: / jmp / mailleur / commitdiff