Attempt to fix the default root CA.
This commit is contained in:
parent
cc23336ea9
commit
1d248394cc
|
@ -56,7 +56,7 @@ letsencrypt_acme_sh_ecc_key_lenght: ec-384
|
||||||
letsencrypt_acme_sh_rsa_key_lenght: 4096
|
letsencrypt_acme_sh_rsa_key_lenght: 4096
|
||||||
letsencrypt_acme_sh_ocsp_must_staple: False
|
letsencrypt_acme_sh_ocsp_must_staple: False
|
||||||
# Default: ISRG Root X1
|
# Default: ISRG Root X1
|
||||||
letsencrypt_acme_sh_specific_root_ca: "--preferred-chain 'isrg'"
|
letsencrypt_acme_sh_specific_root_ca: "--preferred-chain 'ISRG Root X1'"
|
||||||
letsencrypt_acme_email: sysadmin@example.com
|
letsencrypt_acme_email: sysadmin@example.com
|
||||||
letsencrypt_acme_sh_email: '{{ letsencrypt_acme_email }}'
|
letsencrypt_acme_sh_email: '{{ letsencrypt_acme_email }}'
|
||||||
letsencrypt_acme_standalone_port: 4402
|
letsencrypt_acme_standalone_port: 4402
|
||||||
|
|
|
@ -14,7 +14,6 @@ else
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
$ACME_SH_BIN --upgrade -b chain
|
|
||||||
$ACME_SH_BIN --cron --home "$ACME_SH_BINDIR" --config-home "$ACME_SH_CONFIG_HOME" > "$ACME_SH_CRON_LOG_FILE" 2>&1
|
$ACME_SH_BIN --cron --home "$ACME_SH_BINDIR" --config-home "$ACME_SH_CONFIG_HOME" > "$ACME_SH_CRON_LOG_FILE" 2>&1
|
||||||
|
|
||||||
exit $?
|
exit $?
|
||||||
|
|
|
@ -42,7 +42,6 @@ if [ ! -f "$ACME_SH_CONFIG_HOME/ok_certificate_issued" ] && [ "$ACME_SH_USE_DNS_
|
||||||
service httpd start >/dev/null 2>&1
|
service httpd start >/dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
$ACME_SH_BIN --upgrade -b chain
|
|
||||||
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
$ACME_SH_BIN $ACME_SH_ISSUE_CERT_REQUEST > "$ACME_SH_ISSUE_LOG_FILE" 2>&1
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -14,22 +14,23 @@ ACME_SH_GIT_DIST_DIR={{ letsencrypt_acme_git_dest_dir }}
|
||||||
ACME_LETSENCRYPT_HOOKS_DIR={{ letsencrypt_acme_services_scripts_dir }}
|
ACME_LETSENCRYPT_HOOKS_DIR={{ letsencrypt_acme_services_scripts_dir }}
|
||||||
ACME_SH_HTTP_BIND_PORT={{ letsencrypt_acme_standalone_port }}
|
ACME_SH_HTTP_BIND_PORT={{ letsencrypt_acme_standalone_port }}
|
||||||
ACME_SH_USE_DNS_PROVIDER="{{ letsencrypt_acme_sh_use_dns_provider }}"
|
ACME_SH_USE_DNS_PROVIDER="{{ letsencrypt_acme_sh_use_dns_provider }}"
|
||||||
|
|
||||||
ACME_SH_INSTALL_CERTS={{ letsencrypt_acme_sh_explicitly_install_certs }}
|
ACME_SH_INSTALL_CERTS={{ letsencrypt_acme_sh_explicitly_install_certs }}
|
||||||
|
|
||||||
#
|
#
|
||||||
# Install options
|
# Install options
|
||||||
#
|
#
|
||||||
|
|
||||||
ACME_SH_INSTALL_OPTS="{{ letsencrypt_acme_sh_install_options }}"
|
ACME_SH_INSTALL_OPTS="{{ letsencrypt_acme_sh_install_options }}"
|
||||||
{% if not letsencrypt_acme_sh_install_cron %}
|
{% if not letsencrypt_acme_sh_install_cron %}
|
||||||
ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --nocron"
|
ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --nocron"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
ACME_SH_ROOT_CA='{{ letsencrypt_acme_sh_specific_root_ca }}'
|
||||||
ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_home }}/bin --config-home {{ letsencrypt_acme_sh_base_data_dir }}/data --certhome {{ letsencrypt_acme_sh_base_data_dir }}/certs --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
ACME_SH_INSTALL_OPTS="$ACME_SH_INSTALL_OPTS --home {{ letsencrypt_acme_sh_user_home }}/bin --config-home {{ letsencrypt_acme_sh_base_data_dir }}/data --certhome {{ letsencrypt_acme_sh_base_data_dir }}/certs --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
||||||
|
|
||||||
#
|
#
|
||||||
# Certificate issue options
|
# Certificate issue options
|
||||||
#
|
#
|
||||||
ACME_SH_ISSUE_CERT_REQUEST_OPTIONS="--issue --server {{ letsencrypt_acme_sh_default_ca }} {{ letsencrypt_acme_sh_specific_root_ca }} -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log"
|
ACME_SH_ISSUE_CERT_REQUEST_OPTIONS='--issue --server {{ letsencrypt_acme_sh_default_ca }} $ACME_SH_ROOT_CA -k {% if letsencrypt_acme_sh_use_ecc %}{{ letsencrypt_acme_sh_ecc_key_lenght }}{% else %}{{ letsencrypt_acme_sh_rsa_key_lenght }}{% endif %} --log {{ letsencrypt_acme_sh_base_data_dir }}/logs/acme.sh.log'
|
||||||
{% if letsencrypt_acme_sh_ocsp_must_staple %}
|
{% if letsencrypt_acme_sh_ocsp_must_staple %}
|
||||||
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
|
ACME_SH_ISSUE_CERT_REQUEST="$ACME_SH_ISSUE_CERT_REQUEST_OPTIONS --ocsp"
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue