Last active
March 29, 2016 17:15
-
-
Save thalweg/8e15eded9760279dbd32 to your computer and use it in GitHub Desktop.
Invoke https://github.com/kuba/simp_le for multiple domains
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| here="$(cd "$(dirname "$0")"; pwd -P)" | |
| cd "$here" | |
| source venv/bin/activate | |
| IFS=$'\n\t' | |
| # if you want a cert with multiple DNS names (SubjectAlternateName), use space-delimited | |
| # names in the string array below. e.g.: "example.org www.example.org" will result in | |
| # a single certificate file with two SAN fields | |
| domains=( | |
| "example.org www.example.org" | |
| "alfa.example.org" | |
| "bravo.example.org" | |
| "charlie.example.org" | |
| "delta.example.org" | |
| "echo.example.org" | |
| "foxtrot.example.org" | |
| "golf.example.org" | |
| "hotel.example.org" | |
| "india.example.org" | |
| ) | |
| function get_cert(){ | |
| # input: space-delimited domains (do not quote! must be multiple bash args) | |
| # concatenates function args with "-d" to request a SAN cert from ACME/LE | |
| # when necessary | |
| local domains= | |
| while (( "$#" )); do | |
| local domains="$domains -d $1" | |
| shift | |
| done | |
| simp_le \ | |
| --email [email protected] \ | |
| --account_key_size 2048 \ | |
| --cert_key_size 2048 \ | |
| --default_root /srv/http/letsencrypt/ \ | |
| -f account_key.json \ | |
| -f key.pem \ | |
| -f fullchain.pem\ | |
| $domains | |
| return $? | |
| } | |
| function ct_submit(){ | |
| local domain="$1" | |
| local indir="$here/output/$domain" | |
| local outfile="$here/sct/$domain.sct" | |
| local ct_servers=( | |
| "ct.googleapis.com/aviator" | |
| "ct.googleapis.com/rocketeer" | |
| "ct1.digicert-ct.com/log/ct/v1/" | |
| ) | |
| for ct_server in $ct_servers; do | |
| cat "$indir/fullchain.pem" | $here/ct-submit "$ct_server" > "$outfile" | |
| done | |
| return $? | |
| } | |
| mkdir -vp "$here/output" | |
| for domain in ${domains[*]}; do | |
| # use only the first space-delimited domain name for the dir name | |
| # e.g.: "example.org www.example.org gets dir 'output/example.org', not 'output/example.org www.example.org' | |
| outdir="$here/output/${domain%% *}" | |
| mkdir -vp "$outdir" | |
| cd "$outdir" | |
| # use the same Let's Encrypt accout key for each cert registration | |
| # each cert will still have its own private key; the account key | |
| # is just used for ACME protocol authorization | |
| ln -svf "$here/account_key.json" "$outdir/account_key.json" | |
| _IFS=$IFS # store original field separator | |
| IFS=' ' # use space separator for get_cert function call | |
| get_cert $domain # actual ACME protocol call via simp_le | |
| ct_submit $domain # submit certificate transparency info | |
| IFS=$_IFS # restore field separator just in case | |
| done | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment