forked from brielle/lets-encrypt-scripts
Add legacy option
parent
659009c97a
commit
1d7573736e
|
@ -1,3 +1,8 @@
|
||||||
|
03/24/2024
|
||||||
|
- Add legacy option for OpenSSL 3.x
|
||||||
|
Fixes issue here:
|
||||||
|
https://community.ui.com/questions/New-Openssl-v3-may-break-your-controller-network-application-keystore/2e4133d9-d6dd-4a22-acfe-e5d671ffaee4
|
||||||
|
|
||||||
04/04/2016
|
04/04/2016
|
||||||
- Minor updates to URLs in files
|
- Minor updates to URLs in files
|
||||||
- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
|
- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
|
||||||
|
|
|
@ -2,8 +2,8 @@
|
||||||
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
||||||
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
||||||
# Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
|
# Download URL: https://source.sosdg.org/brielle/lets-encrypt-scripts
|
||||||
# Version: 1.99.1
|
# Version: 1.99.10
|
||||||
# Last Changed: 10/10/2021
|
# Last Changed: 03/24/2024
|
||||||
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
|
# 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
|
||||||
# 02/27/2016: More verbose progress report
|
# 02/27/2016: More verbose progress report
|
||||||
# 03/08/2016: Add renew option, reformat code, command line options
|
# 03/08/2016: Add renew option, reformat code, command line options
|
||||||
|
@ -15,6 +15,7 @@
|
||||||
# 09/22/2021: Update root certs
|
# 09/22/2021: Update root certs
|
||||||
# 10/10/2021: Split out import process for root certs, and fix quirkiness with cert chains
|
# 10/10/2021: Split out import process for root certs, and fix quirkiness with cert chains
|
||||||
# 10/11/2021: Minor fixes, add keystore cli opt, variable references
|
# 10/11/2021: Minor fixes, add keystore cli opt, variable references
|
||||||
|
# 03/24/2024: Adds legacy option for OpenSSL 3.x to fix issue with keystore format
|
||||||
|
|
||||||
# Location of LetsEncrypt binary we use. Leave unset if you want to let it find automatically
|
# Location of LetsEncrypt binary we use. Leave unset if you want to let it find automatically
|
||||||
#LEBINARY="/usr/src/letsencrypt/certbot-auto"
|
#LEBINARY="/usr/src/letsencrypt/certbot-auto"
|
||||||
|
@ -25,13 +26,14 @@ KEYSTORE="/usr/lib/unifi/data/keystore"
|
||||||
|
|
||||||
|
|
||||||
function usage() {
|
function usage() {
|
||||||
echo "Usage: $0 -d <domain> [-e <email>] [-r] [-i] [-k <keystore>]"
|
echo "Usage: $0 -d <domain> [-e <email>] [-r] [-i] [-k <keystore>] [-l]"
|
||||||
echo " -d <domain>: The domain name to use."
|
echo " -d <domain>: The domain name to use."
|
||||||
echo " -e <email>: Email address to use for certificate."
|
echo " -e <email>: Email address to use for certificate."
|
||||||
echo " -r: Renew domain."
|
echo " -r: Renew domain."
|
||||||
echo " -i: Insert only, use to force insertion of certificate."
|
echo " -i: Insert only, use to force insertion of certificate."
|
||||||
echo " -k: Specify keystore to use."
|
echo " -k: Specify keystore to use."
|
||||||
echo " -h: This usage description."
|
echo " -h: This usage description."
|
||||||
|
echo " -l: Use OpenSSL 3.x legacy option."
|
||||||
}
|
}
|
||||||
|
|
||||||
while getopts "hird:e:k:" opt; do
|
while getopts "hird:e:k:" opt; do
|
||||||
|
@ -41,6 +43,7 @@ while getopts "hird:e:k:" opt; do
|
||||||
d) domains+=("$OPTARG");;
|
d) domains+=("$OPTARG");;
|
||||||
e) email="$OPTARG";;
|
e) email="$OPTARG";;
|
||||||
k) userkeystore="$OPTARG";;
|
k) userkeystore="$OPTARG";;
|
||||||
|
l) uselegacy="yes";;
|
||||||
h) usage
|
h) usage
|
||||||
exit;;
|
exit;;
|
||||||
esac
|
esac
|
||||||
|
@ -87,6 +90,12 @@ if [[ ! -x $( which openssl ) ]]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ ! -z ${uselegacy} ]]; then
|
||||||
|
osslopt=" -legacy"
|
||||||
|
else
|
||||||
|
osslopt=""
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ! -z ${email} ]]; then
|
if [[ ! -z ${email} ]]; then
|
||||||
email="--email ${email}"
|
email="--email ${email}"
|
||||||
else
|
else
|
||||||
|
@ -202,7 +211,7 @@ _EOF
|
||||||
md5sum "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem" > "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5"
|
md5sum "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem" > "/etc/letsencrypt/live/${MAINDOMAIN}/cert.pem.md5"
|
||||||
#echo "Using openssl to prepare certificate..."
|
#echo "Using openssl to prepare certificate..."
|
||||||
#cat "/etc/letsencrypt/live/${MAINDOMAIN}/chain.pem" >> "${CATEMPFILE}"
|
#cat "/etc/letsencrypt/live/${MAINDOMAIN}/chain.pem" >> "${CATEMPFILE}"
|
||||||
openssl pkcs12 -export -passout pass:aircontrolenterprise \
|
openssl pkcs12 -export ${osslopt} -passout pass:aircontrolenterprise \
|
||||||
-in "/etc/letsencrypt/live/${MAINDOMAIN}/fullchain.pem" \
|
-in "/etc/letsencrypt/live/${MAINDOMAIN}/fullchain.pem" \
|
||||||
-inkey "/etc/letsencrypt/live/${MAINDOMAIN}/privkey.pem" \
|
-inkey "/etc/letsencrypt/live/${MAINDOMAIN}/privkey.pem" \
|
||||||
-out "${TEMPFILE}" -name unifi
|
-out "${TEMPFILE}" -name unifi
|
||||||
|
|
Loading…
Reference in New Issue