forked from ganlvtech/bash-lets-encrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
renew_cert.sh
34 lines (15 loc) · 852 Bytes
/
renew_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#!/bin/bash
BASEDIR=$(dirname $0)
pushd $BASEDIR
# 如果缺少文件则先重新下载
./install.sh
# 创建CSR(Certificate Signing Request,证书签名请求)文件
SAN=$(cat config/domains.txt | sed '/^$/d' | sed '/^#/d' | sed 's/\(.*\)/DNS:\1/' | tr '\n' ',' | sed 's/,$//')
SAN=$(printf "[SAN]\nsubjectAltName=$SAN\n")
(cat openssl.cnf ; echo "$SAN") > runtime/domain_ssl.cnf
openssl req -new -sha256 -key secret/domain.key -subj "/" -reqexts SAN -config runtime/domain_ssl.cnf > runtime/domain.csr
# 运行ACME(Automatic Certificate Management Environment)脚本
python runtime/acme_tiny.py --account-key secret/account.key --csr runtime/domain.csr --acme-dir runtime/challenges/ > runtime/signed.crt || exit
# 合成证书链
cat runtime/signed.crt runtime/lets-encrypt-x3-cross-signed.pem > secret/chained.pem
popd