Merge pull request #1703 from BrandonSchmitt/acme-fixes

Small fixes for extracting certs from the acme.json file
This commit is contained in:
Georg Lauterbach 2020-12-11 12:53:04 +01:00 committed by GitHub
commit d9e4b89415
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 26 additions and 11 deletions

View file

@ -56,11 +56,12 @@ import sys,json
acme = json.load(sys.stdin)
for key, value in acme.items():
certs = value['Certificates']
for cert in certs:
if 'domain' in cert and 'key' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['key']
break
if certs is not None:
for cert in certs:
if 'domain' in cert and 'key' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['key']
break
")
local CERT
@ -70,11 +71,12 @@ import sys,json
acme = json.load(sys.stdin)
for key, value in acme.items():
certs = value['Certificates']
for cert in certs:
if 'domain' in cert and 'certificate' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['certificate']
break
if certs is not None:
for cert in certs:
if 'domain' in cert and 'certificate' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['certificate']
break
")
if [[ -n "${KEY}${CERT}" ]]

View file

@ -1129,7 +1129,16 @@ function _setup_ssl
local LETSENCRYPT_DOMAIN=""
local LETSENCRYPT_KEY=""
[[ -f /etc/letsencrypt/acme.json ]] && (_extract_certs_from_acme "${HOSTNAME}" || _extract_certs_from_acme "${DOMAINNAME}")
if [[ -f /etc/letsencrypt/acme.json ]]
then
if ! _extract_certs_from_acme "${SSL_DOMAIN}"
then
if ! _extract_certs_from_acme "${HOSTNAME}"
then
_extract_certs_from_acme "${DOMAINNAME}"
fi
fi
fi
# first determine the letsencrypt domain by checking both the full hostname or just the domainname if a SAN is used in the cert
if [[ -e /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem ]]

View file

@ -1,4 +1,8 @@
{
"empty": {
"Account": null,
"Certificates": null
},
"le": {
"Account": {
"Email": "acme@admin.com",