From 663f26916346874e5808e3b08e2acc0894bfffb9 Mon Sep 17 00:00:00 2001 From: cynic Date: Sun, 18 Aug 2024 23:57:39 +0000 Subject: [PATCH] allow to configure tls certificate provider --- get-certs.sh | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/get-certs.sh b/get-certs.sh index f1ee7f8..479646f 100755 --- a/get-certs.sh +++ b/get-certs.sh @@ -25,6 +25,11 @@ alternative_dns_port="53536" # acme challenge dnsmasq instance port acme_challenge_port="53537" +# either letsencrypt or zerossl +tls_provider="letsencrypt" +# either letsencrypt.org or zerossl.com +tls_provider_domain="letsencrypt.org" + # temporary working directory twd="/tmp" @@ -116,17 +121,19 @@ if [ "$proxychains" = true ] ; then fi fi -# register zerossl account ## disabled, using letsencrypt at the moment -#$acme_cmd \ -# --register-account \ -# -m admin@$domain \ -# --server zerossl +# register zerossl account +if [ $tls_provider == "zerossl" ] ; then + $acme_cmd \ + --register-account \ + -m admin@$domain \ + --server zerossl +fi # get challenge timestamp=`date +"%Y%m%d%H%M%S"` long_flag="--yes-I-know-dns-manual-mode-enough-go-ahead-please" challenge_file=$twd/acme_challenge.$timestamp.txt -$acme_cmd --issue --server letsencrypt \ +$acme_cmd --issue --server $tls_provider \ -d "$domain" \ --dns $long_flag \ > $challenge_file @@ -172,7 +179,7 @@ touch $tmp_conf_file \ -p $alternative_dns_port \ --address="/$domain/$my_ygg_ip" \ --address="/$domain/$bridge46_ipv4" \ - --caa-record=$domain,0,issue,letsencrypt.org \ + --caa-record=$domain,0,issue,$tls_provider_domain \ --server="/_acme-challenge.$domain/127.0.0.1#$acme_challenge_port" \ 1>&- 2>&- & main_dnsmasq_pid=$! @@ -186,7 +193,7 @@ echo "Waiting for $wait_before_renew seconds." sleep $wait_before_renew # issue certificate -$acme_cmd --renew --server letsencrypt \ +$acme_cmd --renew --server $tls_provider \ -d "$domain" \ --dns $long_flag acme_renew_state=$?