Don't pin certs
The guidelines on how to do this properly are just too confusing
This commit is contained in:
Bob Mottram
parent
94310d176f
commit
19a13521a7
|
|
@ -41,6 +41,9 @@ if [ -f /usr/bin/${PROJECT_NAME}-utils-git ]; then
|
|||
source /usr/bin/${PROJECT_NAME}-utils-git
|
||||
fi
|
||||
|
||||
# Don't pin certs by default
|
||||
PIN_CERTS=
|
||||
|
||||
HOSTNAME=
|
||||
LETSENCRYPT_HOSTNAME=
|
||||
COUNTRY_CODE="US"
|
||||
|
|
@ -286,11 +289,13 @@ function add_cert_letsencrypt {
|
|||
|
||||
systemctl start nginx
|
||||
|
||||
if [ $PIN_CERTS ]; then
|
||||
${PROJECT_NAME}-pin-cert $LETSENCRYPT_HOSTNAME
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
|
||||
exit 62878
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
function add_cert_selfsigned {
|
||||
|
|
@ -306,11 +311,13 @@ function add_cert_selfsigned {
|
|||
chmod 640 /etc/ssl/certs/${CERTFILE}.crt
|
||||
cp /etc/ssl/certs/${CERTFILE}.crt /etc/ssl/mycerts
|
||||
|
||||
if [ $PIN_CERTS ]; then
|
||||
${PROJECT_NAME}-pin-cert $CERTFILE
|
||||
if [ ! "$?" = "0" ]; then
|
||||
echo $"Certificate for $CERTFILE could not be pinned"
|
||||
exit 62879
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
function generate_dh_params {
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ function renew_letsencrypt {
|
|||
ln -s /etc/letsencrypt/live/${HOSTNAME}/privkey.pem /etc/ssl/private/${HOSTNAME}.key
|
||||
ln -s /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem /etc/ssl/certs/${HOSTNAME}.pem
|
||||
|
||||
${PROJECT_NAME}-pin-cert $HOSTNAME
|
||||
${PROJECT_NAME}-pin-cert $HOSTNAME remove
|
||||
}
|
||||
|
||||
function renew_startssl {
|
||||
|
|
@ -169,7 +169,7 @@ function renew_startssl {
|
|||
echo $"/etc/ssl/certs/$HOSTNAME.new.crt then run this command again."
|
||||
echo ''
|
||||
|
||||
${PROJECT_NAME}-pin-cert $HOSTNAME
|
||||
${PROJECT_NAME}-pin-cert $HOSTNAME remove
|
||||
}
|
||||
|
||||
while [[ $# > 1 ]]
|
||||
|
|
|
|||
|
|
@ -1291,7 +1291,7 @@ restore_voip
|
|||
restore_tox
|
||||
unmount_drive
|
||||
|
||||
${PROJECT_NAME}-pin-cert all
|
||||
#${PROJECT_NAME}-pin-cert all
|
||||
|
||||
echo $"Restore from USB drive is complete. You can now unplug it."
|
||||
|
||||
|
|
|
|||
|
|
@ -1130,7 +1130,7 @@ restore_tox
|
|||
restore_email
|
||||
restore_dlna
|
||||
|
||||
${PROJECT_NAME}-pin-cert all
|
||||
#${PROJECT_NAME}-pin-cert all
|
||||
|
||||
echo $"*** Remote restore was successful ***"
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue