add ca cert

2025-10-31 02:17:18 +00:00 · 2015-12-27 14:36:09 +08:00 · 2015-12-27 14:36:09 +08:00 · d4df6ad178
commit d4df6ad178
parent cd3cdb5453
1 changed files with 15 additions and 21 deletions
--- a/le.sh
+++ b/le.sh
@ -3,22 +3,11 @@

 WORKING_DIR=~/.le

-ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
-
-CERT_KEY_PATH=$WORKING_DIR/domain.key
-
-CSR_PATH=$WORKING_DIR/domain.csr
-
-CERT_PATH=$WORKING_DIR/domain.cer
-
-DOMAIN_CONF=$WORKING_DIR/domain.conf
-
 CURL_HEADER=""
-
 HEADER=""
 HEADERPLACE=""
-
 ACCOUNT_EMAIL=""
+
 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"

 API=$DEFAULT_CA
@ -58,7 +47,7 @@ createAccountKey() {
    echo Use default length 2048
    length=2048
  fi
-  
+  _initpath
  mkdir -p $WORKING_DIR
  ACCOUNT_KEY_PATH=$WORKING_DIR/account.acc
  
@ -85,7 +74,7 @@ createDomainKey() {
    echo Use default length 2048
    length=2048
  fi
-
+  _initpath $domain
  mkdir -p $WORKING_DIR/$domain
  CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key
  
@ -185,10 +174,10 @@ _send_signed_request() {
 _get() {
  url="$1"
  _debug url $url
-  response=$(curl --silent $url)
+  response="$(curl --silent $url)"
  ret=$?
  _debug response  "$response"
-  code=$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)
+  code="$(echo $response | grep -o '"status":[0-9]\+' | cut -d : -f 2)"
  _debug code $code
  return $ret
 }
@ -229,13 +218,13 @@ _initpath() {
  
  mkdir -p $WORKING_DIR/$domain
  
-
  CSR_PATH=$WORKING_DIR/$domain/$domain.csr

  CERT_KEY_PATH=$WORKING_DIR/$domain/$domain.key

  CERT_PATH=$WORKING_DIR/$domain/$domain.cer
  
+  CA_CERT_PATH=$WORKING_DIR/$domain/ca.cer
 }

 #issue webroot a.com [www.a.com,b.com,c.com]  [key-length] [cert-file-path] [key-file-path] [reloadCmd]
@ -423,6 +412,13 @@ issue() {
  Le_LinkIssuer=$(grep -i '^Link' $CURL_HEADER | cut -d " " -f 2| cut -d ';' -f 1 | sed 's/<//g' | sed 's/>//g')
  _setopt $DOMAIN_CONF  "Le_LinkIssuer"         "="  "$Le_LinkIssuer"
  
+  if [ "$Le_LinkIssuer" ] ; then
+    _get "$Le_LinkIssuer"
+    echo -----BEGIN CERTIFICATE----- > $CA_CERT_PATH
+    echo $response | base64 | sed "s/ /\n/g" >> $CA_CERT_PATH
+    echo -----END CERTIFICATE-----  >> $CA_CERT_PATH
+    _info "The intermediate CA cert is in $CA_CERT_PATH"
+  fi
  
  Le_CertCreateTime=$(date -u "+%s")
  _setopt $DOMAIN_CONF  "Le_CertCreateTime"     "="  "$Le_CertCreateTime"
@ -468,8 +464,6 @@ issue() {
  
 }

-
-
 renew() {
  Le_Domain="$1"
  if [ -z "$Le_Domain" ] ; then