181
Bearbeitungen
Änderungen
Zur Navigation springen
Zur Suche springen
Howto/SSL Zertifikate mit Let's Encrypt (Quelltext anzeigen)
Version vom 12. Januar 2017, 00:03 Uhr
, 00:03, 12. Jan. 2017keine Bearbeitungszusammenfassung
Zeile 125:
Zeile 125:
# Create an extra private key for rollover (default: no)
−#PRIVATE_KEY_ROLLOVER="no"
−# Which public key algorithm should be used? Supported: rsa, prime256v1 and
−# secp384r1
−#KEY_ALGO=rsa
−# E-mail to use during the registration (default: )
−CONTACT_EMAIL=admin@lists.freifunk-mwu.de
−# Lockfile location, to prevent concurrent access (default: $BASEDIR/lock)
−#LOCKFILE="${BASEDIR}/lock"
− cp $KEYFILE /etc/apache2/ssl/$DOMAIN/ + cp $CERTFILE /etc/apache2/ssl/$DOMAIN/+ cp $CHAINFILE /etc/apache2/ssl/$DOMAIN/+
+
+
+
# renewal (default: yes)
# renewal (default: yes)
#PRIVATE_KEY_RENEW="yes"
#PRIVATE_KEY_RENEW="yes"
−# Option to add CSR-flag indicating OCSP stapling to be mandatory (default:
# Option to add CSR-flag indicating OCSP stapling to be mandatory (default:
Zeile 200:
Zeile 187:
#fi
#fi
− # Copy certs to apache, fix permissions
+ echo "Renewed/Created: $DOMAIN at `date -d @$TIMESTAMP`" >&2
− mkdir -p /etc/apache2/ssl/$DOMAIN/
+ # Copy local Certificates
− if [[ "$DOMAIN" == "zuckerwatte.freifunk-mwu.de" ]]
− then
+ rm -r /etc/apache2/ssl/*
+ mkdir -p /etc/apache2/ssl/$DOMAIN/
+ cp $KEYFILE /etc/apache2/ssl/$DOMAIN/
+ cp $CERTFILE /etc/apache2/ssl/$DOMAIN/
+ cp $CHAINFILE /etc/apache2/ssl/$DOMAIN/
+ fi
+ chown www-data.www-data -R /etc/apache2/ssl/
chown www-data.www-data -R /etc/apache2/ssl/
chmod -R 0700 /etc/apache2/ssl/
chmod -R 0700 /etc/apache2/ssl/
apachectl graceful
apachectl graceful
− # Copy certs to cert home dir
# Copy certs to cert home dir
− mkdir -p /home/cert/$DOMAIN/
+ mkdir -p /home/cert/$DOMAIN/
− cp $KEYFILE /home/cert/$DOMAIN/
cp $KEYFILE /home/cert/$DOMAIN/
cp $CERTFILE /home/cert/$DOMAIN/
cp $CERTFILE /home/cert/$DOMAIN/
Zeile 220:
Zeile 214:
chmod 400 $(find /home/cert -mindepth 1 -type f )
chmod 400 $(find /home/cert -mindepth 1 -type f )
chown cert.cert -R /home/cert/*
chown cert.cert -R /home/cert/*
+ # cleanup unused cert files
+ dehydrated -gc
+
}
}
function unchanged_cert {
function unchanged_cert {
Zeile 238:
Zeile 236:
# - CHAINFILE
# - CHAINFILE
# The path of the file containing the intermediate certificate(s).
# The path of the file containing the intermediate certificate(s).
+
+ # cleanup unused cert files
+ dehydrated -gc
+
}
}
HANDLER=$1; shift; $HANDLER $@
HANDLER=$1; shift; $HANDLER $@