allow to configure tls certificate provider

2024-08-18 23:57:39 +00:00 · 2024-08-18 23:57:39 +00:00 · 663f269163
commit 663f269163
parent f37642c4a3
1 changed files with 15 additions and 8 deletions
--- a/get-certs.sh
+++ b/get-certs.sh
@ -25,6 +25,11 @@ alternative_dns_port="53536"
 # acme challenge dnsmasq instance port
 acme_challenge_port="53537"

+# either letsencrypt or zerossl
+tls_provider="letsencrypt"
+# either letsencrypt.org or zerossl.com
+tls_provider_domain="letsencrypt.org"
+
 # temporary working directory
 twd="/tmp"

@ -116,17 +121,19 @@ if [ "$proxychains" = true ] ; then
  fi
 fi

-# register zerossl account  ## disabled, using letsencrypt at the moment
-#$acme_cmd \
-#  --register-account \
-#  -m admin@$domain \
-#  --server zerossl
+# register zerossl account
+if [ $tls_provider == "zerossl" ] ; then
+  $acme_cmd \
+    --register-account \
+    -m admin@$domain \
+    --server zerossl
+fi

 # get challenge
 timestamp=`date +"%Y%m%d%H%M%S"`
 long_flag="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
 challenge_file=$twd/acme_challenge.$timestamp.txt
-$acme_cmd --issue --server letsencrypt \
+$acme_cmd --issue --server $tls_provider \
  -d "$domain" \
  --dns $long_flag \
  > $challenge_file
@ -172,7 +179,7 @@ touch $tmp_conf_file \
    -p $alternative_dns_port \
    --address="/$domain/$my_ygg_ip" \
    --address="/$domain/$bridge46_ipv4" \
-    --caa-record=$domain,0,issue,letsencrypt.org \
+    --caa-record=$domain,0,issue,$tls_provider_domain \
    --server="/_acme-challenge.$domain/127.0.0.1#$acme_challenge_port" \
    1>&- 2>&- &
 main_dnsmasq_pid=$!
@ -186,7 +193,7 @@ echo "Waiting for $wait_before_renew seconds."
 sleep $wait_before_renew

 # issue certificate
-$acme_cmd --renew --server letsencrypt \
+$acme_cmd --renew --server $tls_provider \
  -d "$domain" \
  --dns $long_flag
 acme_renew_state=$?