Freifunk MWU Wiki

Änderungen

Howto/SSL Zertifikate mit Let's Encrypt (Quelltext anzeigen)

Version vom 11. Januar 2017, 17:03 Uhr

107 Bytes entfernt ,  17:03, 11. Jan. 2017
keine Bearbeitungszusammenfassung
Zeile 125: Zeile 125:  
# renewal (default: yes)
 
# renewal (default: yes)
 
#PRIVATE_KEY_RENEW="yes"
 
#PRIVATE_KEY_RENEW="yes"
  −
# Create an extra private key for rollover (default: no)
  −
#PRIVATE_KEY_ROLLOVER="no"
  −
  −
# Which public key algorithm should be used? Supported: rsa, prime256v1 and
  −
# secp384r1
  −
#KEY_ALGO=rsa
  −
  −
# E-mail to use during the registration (default: )
  −
CONTACT_EMAIL=admin@lists.freifunk-mwu.de
  −
  −
# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
  −
#LOCKFILE="${BASEDIR}/lock"
      
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default:
 
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default:
Zeile 200: Zeile 187:  
     #fi
 
     #fi
   −
     # Copy certs to apache, fix permissions
+
    echo "Renewed/Created: $DOMAIN at `date -d @$TIMESTAMP`" >&2
     mkdir -p /etc/apache2/ssl/$DOMAIN/
+
 
    cp $KEYFILE /etc/apache2/ssl/$DOMAIN/   
+
     # Copy local Certificates
    cp $CERTFILE /etc/apache2/ssl/$DOMAIN/
+
    if [[ "$DOMAIN" == "zuckerwatte.freifunk-mwu.de" ]]
    cp $CHAINFILE /etc/apache2/ssl/$DOMAIN/
+
     then
 +
        rm -r /etc/apache2/ssl/*
 +
        mkdir -p /etc/apache2/ssl/$DOMAIN/    
 +
        cp $KEYFILE /etc/apache2/ssl/$DOMAIN/   
 +
        cp $CERTFILE /etc/apache2/ssl/$DOMAIN/  
 +
        cp $CHAINFILE /etc/apache2/ssl/$DOMAIN/
 +
    fi
 +
 
    
     chown www-data.www-data -R /etc/apache2/ssl/
 
     chown www-data.www-data -R /etc/apache2/ssl/
 
     chmod -R 0700 /etc/apache2/ssl/
 
     chmod -R 0700 /etc/apache2/ssl/
 
     apachectl graceful
 
     apachectl graceful
   
+
 
 
     # Copy certs to cert home dir
 
     # Copy certs to cert home dir
     mkdir -p /home/cert/$DOMAIN/
+
     mkdir -p /home/cert/$DOMAIN/  
   
+
 
 
     cp $KEYFILE /home/cert/$DOMAIN/
 
     cp $KEYFILE /home/cert/$DOMAIN/
 
     cp $CERTFILE /home/cert/$DOMAIN/
 
     cp $CERTFILE /home/cert/$DOMAIN/
Zeile 220: Zeile 214:  
     chmod 400 $(find /home/cert -mindepth 1 -type f )
 
     chmod 400 $(find /home/cert -mindepth 1 -type f )
 
     chown cert.cert -R /home/cert/*
 
     chown cert.cert -R /home/cert/*
 +
   
 +
    # cleanup unused cert files
 +
    dehydrated -gc
 +
 
}
 
}
 
function unchanged_cert {
 
function unchanged_cert {
Zeile 238: Zeile 236:  
     # - CHAINFILE
 
     # - CHAINFILE
 
     #  The path of the file containing the intermediate certificate(s).
 
     #  The path of the file containing the intermediate certificate(s).
 +
 +
    # cleanup unused cert files
 +
    dehydrated -gc
 +
 
}
 
}
 
HANDLER=$1; shift; $HANDLER $@
 
HANDLER=$1; shift; $HANDLER $@
Abgerufen von „https://wiki.freifunk-mwu.de/w/Spezial:Mobiler_Unterschied/8953