allow to configure tls certificate provider

get-certs.sh

@@ -25,6 +25,11 @@ alternative_dns_port="53536"
 # acme challenge dnsmasq instance port
 acme_challenge_port="53537"
 
+# either letsencrypt or zerossl
+tls_provider="letsencrypt"
+# either letsencrypt.org or zerossl.com
+tls_provider_domain="letsencrypt.org"
+
 # temporary working directory
 twd="/tmp"
 
@@ -116,17 +121,19 @@ if [ "$proxychains" = true ] ; then
   fi
 fi
 
-# register zerossl account  ## disabled, using letsencrypt at the moment
+# register zerossl account
-#$acme_cmd \
+if [ $tls_provider == "zerossl" ] ; then
-#  --register-account \
+  $acme_cmd \
-#  -m admin@$domain \
+    --register-account \
-#  --server zerossl
+    -m admin@$domain \
+    --server zerossl
+fi
 
 # get challenge
 timestamp=`date +"%Y%m%d%H%M%S"`
 long_flag="--yes-I-know-dns-manual-mode-enough-go-ahead-please"
 challenge_file=$twd/acme_challenge.$timestamp.txt
-$acme_cmd --issue --server letsencrypt \
+$acme_cmd --issue --server $tls_provider \
   -d "$domain" \
   --dns $long_flag \
   > $challenge_file
@@ -172,7 +179,7 @@ touch $tmp_conf_file \
     -p $alternative_dns_port \
     --address="/$domain/$my_ygg_ip" \
     --address="/$domain/$bridge46_ipv4" \
-    --caa-record=$domain,0,issue,letsencrypt.org \
+    --caa-record=$domain,0,issue,$tls_provider_domain \
     --server="/_acme-challenge.$domain/127.0.0.1#$acme_challenge_port" \
     1>&- 2>&- &
 main_dnsmasq_pid=$!
@@ -186,7 +193,7 @@ echo "Waiting for $wait_before_renew seconds."
 sleep $wait_before_renew
 
 # issue certificate
-$acme_cmd --renew --server letsencrypt \
+$acme_cmd --renew --server $tls_provider \
   -d "$domain" \
   --dns $long_flag
 acme_renew_state=$?