From 70205f1a787b9191238b8059df69e1e14b5b0807 Mon Sep 17 00:00:00 2001
From: "Jean-Marc Pigeon (Delson)" <jmp@safe.ca>
Date: Thu, 24 Jul 2025 09:36:44 -0400
Subject: [PATCH] Improving do_dns_tlsa.sh

---
 support/do_dns_tlsa.sh | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/support/do_dns_tlsa.sh b/support/do_dns_tlsa.sh
index 6e84943..012ba55 100755
--- a/support/do_dns_tlsa.sh
+++ b/support/do_dns_tlsa.sh
@@ -5,16 +5,16 @@
 #-------------------------------------------------------------------
 #comment in if working in production
 DRY_RUN="--dry-run"
+APPNAME=mailleur
 #-------------------------------------------------------------------
-WRKDIR=/etc/certbot
-MRKR=`date +"%F"`
+WRKDIR=/etc/certbot/$APPNAME
 
 gen_cnf()
 
 {
-if [ ! -f ./data/cnffile ] ; then
+if [ ! -f ./cnffile ] ; then
   #generate a config file
-  cat > ./data/cnffile << EOT
+  cat > ./cnffile << EOT
 [req]
 distinguished_name=req_dn
 [req_dn]
@@ -29,9 +29,9 @@ gen_key()
 
 {
 #Generate an Elliptic Curve Digital Signature Algorithm
-if [ ! -f ./data/ec_key.pem ] ; then
+if [ ! -f ./ec_key.pem ] ; then
   openssl ecparam				\
-	-out ./data/ec_key.pem			\
+	-out ./ec_key.pem			\
 	-genkey					\
 	-name prime256v1
   fi
@@ -43,15 +43,15 @@ gen_req()
 {
 #Generate the CSR request
 openssl req					\
-  	-config ./data/cnffile			\
+  	-config ./cnffile			\
   	-outform PEM				\
   	-new					\
   	-nodes					\
   	-subj '/'				\
   	-reqexts SAN				\
-  	-out ./data/request.csr			\
-  	-keyout ./data/privkey.pem		\
-  	-key ./data/ec_key.pem
+  	-out ./request.csr			\
+  	-keyout ./privkey.pem			\
+  	-key ./ec_key.pem
 }
 
 
@@ -64,13 +64,12 @@ gen_cert()
 ls -ails ./data/request.csr
 certbot certonly					\
 	--apache					\
-	--csr ./data/request.csr			\
-	--fullchain-path ./data/$MRKR-fullchain.pem	\
-	--chain-path ./data/$MRKR-chain.pem		\
-	--cert-path ./data/$MRKR-cert.pem		\
-	--work-dir ./data				\
-	--logs-dir ./data				\
-	--config-dir ./data				\
+	--csr ./request.csr				\
+	--fullchain-path ./$APPNAME-fullchain.pem	\
+	--chain-path ./$APPNAME-chain.pem		\
+	--cert-path ./$APPNAME-cert.pem			\
+	--work-dir .					\
+	--logs-dir ./logs				\
 	$DRY_RUN
 }
 
@@ -82,12 +81,13 @@ SUM=`openssl ec -in ./data/ec_key.pem -pubout -outform DER | sha256sum`
 echo ";--------------------------------------------"
 echo ";TLSA record to be inserted in domain DNS"
 echo -e "_25._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
+echo -e "_465._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
+echo -e "_587._tcp.`hostname -s`\tTLSA\t3 1 1\t$SUM"
 echo ";--------------------------------------------"
 }
 
 #Set working directory
-cd $WRKDIR
-mkdir -p data
+mkdir -p $WRKDIR
 
 gen_cnf
 gen_key
-- 
2.47.3