Convert between pem and crt if letsencrypt fails

This commit is contained in:
Bob Mottram 2016-10-20 22:46:51 +01:00
parent 1d5edecce3
commit 0b8fc22d70
1 changed files with 24 additions and 17 deletions

View File

@ -156,26 +156,33 @@ function check_certificates {
USE_LETSENCRYPT=$2 USE_LETSENCRYPT=$2
fi fi
if [[ $USE_LETSENCRYPT == 'no' ]]; then if [[ $USE_LETSENCRYPT == 'no' ]]; then
if [ ! -f /etc/ssl/private/$1.key ]; then if [ ! -f /etc/ssl/private/${1}.key ]; then
echo $"Private certificate for $CHECK_HOSTNAME was not created" echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
exit 63959 exit 63959
fi fi
if [ ! -f /etc/ssl/certs/$1.crt ]; then if [ ! -f /etc/ssl/certs/${1}.crt ]; then
echo $"Public certificate for $CHECK_HOSTNAME was not created" echo $"Public certificate for ${CHECK_HOSTNAME} was not created"
exit 7679 exit 7679
fi fi
if grep -q "${1}.pem" /etc/nginx/sites-available/${1}; then
sed -i "s|${1}.pem|${1}.crt|g" /etc/nginx/sites-available/${1}
fi
else else
if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then if [ ! -f /etc/letsencrypt/live/${1}/privkey.pem ]; then
echo $"Private certificate for $CHECK_HOSTNAME was not created" echo $"Private certificate for ${CHECK_HOSTNAME} was not created"
exit 6282 exit 6282
fi fi
if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then if [ ! -f /etc/letsencrypt/live/${1}/fullchain.pem ]; then
echo $"Public certificate for $CHECK_HOSTNAME was not created" echo $"Public certificate for ${CHECK_HOSTNAME} was not created"
exit 5328 exit 5328
fi fi
if grep -q "${1}.crt" /etc/nginx/sites-available/${1}; then
sed -i "s|${1}.crt|${1}.pem|g" /etc/nginx/sites-available/${1}
fi fi
if [ ! -f /etc/ssl/certs/$1.dhparam ]; then fi
echo $"DiffieHellman parameters for $CHECK_HOSTNAME were not created" if [ ! -f /etc/ssl/certs/${1}.dhparam ]; then
echo $"DiffieHellman parameters for ${CHECK_HOSTNAME} were not created"
exit 5989 exit 5989
fi fi
} }
@ -190,26 +197,26 @@ function create_site_certificate {
fi fi
if [[ $ONION_ONLY == "no" ]]; then if [[ $ONION_ONLY == "no" ]]; then
if [ ! -f /etc/ssl/certs/$SITE_DOMAIN_NAME.dhparam ]; then if [ ! -f /etc/ssl/certs/${SITE_DOMAIN_NAME}.dhparam ]; then
if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then if [[ $LETSENCRYPT_ENABLED != "yes" ]]; then
${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH ${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
function_check check_certificates function_check check_certificates
check_certificates $SITE_DOMAIN_NAME check_certificates ${SITE_DOMAIN_NAME}
else else
${PROJECT_NAME}-addcert -e $SITE_DOMAIN_NAME -s $LETSENCRYPT_SERVER --dhkey $DH_KEYLENGTH --email $MY_EMAIL_ADDRESS ${PROJECT_NAME}-addcert -e ${SITE_DOMAIN_NAME} -s ${LETSENCRYPT_SERVER} --dhkey ${DH_KEYLENGTH} --email ${MY_EMAIL_ADDRESS}
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
if [[ $NO_SELF_SIGNED == 'no' ]]; then if [[ ${NO_SELF_SIGNED} == 'no' ]]; then
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME, so try making a self-signed cert" echo $"Lets Encrypt failed for ${SITE_DOMAIN_NAME}, so try making a self-signed cert"
${PROJECT_NAME}-addcert -h $SITE_DOMAIN_NAME --dhkey $DH_KEYLENGTH ${PROJECT_NAME}-addcert -h ${SITE_DOMAIN_NAME} --dhkey ${DH_KEYLENGTH}
function_check check_certificates function_check check_certificates
check_certificates $SITE_DOMAIN_NAME check_certificates ${SITE_DOMAIN_NAME}
else else
echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME" echo $"Lets Encrypt failed for $SITE_DOMAIN_NAME"
exit 682529 exit 682529
fi fi
else else
function_check check_certificates function_check check_certificates
check_certificates $SITE_DOMAIN_NAME 'yes' check_certificates ${SITE_DOMAIN_NAME} 'yes'
fi fi
fi fi
fi fi