yacloud/acme.sh
1
0
Fork 0
mirror of https://github.com/acmesh-official/acme.sh.git synced 2025-05-01 14:12:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Localhost deploy hook mimicking certbot behavior.

Browse Source 
Deploys cert files to centralized cert directory mimicking certbot behavior, allowing multiple services to share certs.
This commit is contained in:
Github-Citizen 2022-07-21 21:14:36 -04:00 committed by GitHub
parent 1b59b0b739
commit 07694d095e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 103 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
deploy/localhost.sh Normal file
View File

@ -0,0 +1,103 @@
#!/usr/bin/bash
#
# Deploy cert to localhost similar to certbot behavior
#
# export DEPLOY_LOCALHOST_PATH="/path/to/certs"
#
# Deploys as:
# /path/to/certs/domain.tld/privkey.pem
# /path/to/certs/domain.tld/cert.pem
# /path/to/certs/domain.tld/ca.pem
# /path/to/certs/domain.tld/fullchain.pem
#
# $1=domain $2=keyfile $3=certfile $4=cafile $5=fullchain
#
localhost_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
_getdeployconf DEPLOY_LOCALHOST_PATH
_debug DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH"
if [ -z "$_cdomain" ]; then
_err "Domain not defined"
return 1
fi
if [ -z "$DEPLOY_LOCALHOST_PATH" ]; then
_err "DEPLOY_LOCALHOST_PATH not defined"
return 1
fi
_ssl_path="$DEPLOY_LOCALHOST_PATH"
if [ ! -d "$_ssl_path" ]; then
_err "Path not found: $_ssl_path"
return 1
fi
_savedeployconf DEPLOY_LOCALHOST_PATH "$DEPLOY_LOCALHOST_PATH"
_ssl_path="$_ssl_path/$_cdomain"
mkdir -p "$_ssl_path"
# ECC or RSA
length=$(_readdomainconf Le_Keylength)
if _isEccKey "$length"; then
_info "ECC key type detected"
_file_prefix="ecdsa-"
else
_info "RSA key type detected"
_file_prefix=""
fi
_info "Copying cert files..."
# {$2} _ckey
_filename="$_ssl_path/${_file_prefix}privkey.pem"
if ! cat "$_ckey" > "$_filename"; then
err "Error: Can't write $_filename"
return 1
fi
if ! chmod 600 "$_filename"; then
err "Error: Can't set protected 600 permission on privkey.pem"
rm -f "$_filename"
return 1
fi
# {$3} _ccert
_filename="$_ssl_path/${_file_prefix}cert.pem"
if ! cat "$_ccert" > "$_filename"; then
err "Error: Can't write $_filename"
return 1
fi
# {$4} _cca
_filename="$_ssl_path/${_file_prefix}ca.pem"
if ! cat "$_cca" > "$_filename"; then
err "Error: Can't write $_filename"
return 1
fi
# {$5} _cfullchain
_filename="$_ssl_path/${_file_prefix}fullchain.pem"
if ! cat "$_cfullchain" > "$_filename"; then
err "Error: Can't write $_filename"
return 1
fi
_info "Done: Cert files copied to $_ssl_path/"
return 0
}