forked from evolix/ansible-roles
evoacme: add tests to fail with proper messages
This commit is contained in:
parent
e11958d101
commit
0022071462
|
@ -54,13 +54,19 @@ sed_cert_path_for_nginx() {
|
||||||
}
|
}
|
||||||
|
|
||||||
x509_verify() {
|
x509_verify() {
|
||||||
${OPENSSL_BIN} x509 -noout -modulus -in "$1" >/dev/null
|
file="$1"
|
||||||
|
[ -f "$file" ] || error "File ${file} not found"
|
||||||
|
${OPENSSL_BIN} x509 -noout -modulus -in "$file" >/dev/null
|
||||||
}
|
}
|
||||||
csr_verify() {
|
csr_verify() {
|
||||||
${OPENSSL_BIN} req -noout -modulus -in "$1" >/dev/null
|
file="$1"
|
||||||
|
[ -f "$file" ] || error "File ${file} not found"
|
||||||
|
${OPENSSL_BIN} req -noout -modulus -in "$file" >/dev/null
|
||||||
}
|
}
|
||||||
x509_enddate() {
|
x509_enddate() {
|
||||||
${OPENSSL_BIN} x509 -noout -enddate -in "$1"
|
file="$1"
|
||||||
|
[ -f "$file" ] || error "File ${file} not found"
|
||||||
|
${OPENSSL_BIN} x509 -noout -enddate -in "$file"
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
@ -144,8 +150,9 @@ main() {
|
||||||
NEW_DIR="${CRT_DIR}/${VHOST}/${ITERATION}"
|
NEW_DIR="${CRT_DIR}/${VHOST}/${ITERATION}"
|
||||||
|
|
||||||
[ -d "${NEW_DIR}" ] && error "${NEW_DIR} directory already exists, remove it manually."
|
[ -d "${NEW_DIR}" ] && error "${NEW_DIR} directory already exists, remove it manually."
|
||||||
mkdir -pm 755 "${NEW_DIR}"
|
mkdir -p "${NEW_DIR}"
|
||||||
chown -R acme: "${NEW_DIR}"
|
chmod -R 0700 "${CRT_DIR}"
|
||||||
|
chown -R acme: "${CRT_DIR}"
|
||||||
debug "New cert will be created in ${NEW_DIR}"
|
debug "New cert will be created in ${NEW_DIR}"
|
||||||
|
|
||||||
NEW_CERT="${NEW_DIR}/cert.crt"
|
NEW_CERT="${NEW_DIR}/cert.crt"
|
||||||
|
@ -166,6 +173,10 @@ main() {
|
||||||
CERTBOT_REGISTRATION="${CERTBOT_REGISTRATION} --register-unsafely-without-email"
|
CERTBOT_REGISTRATION="${CERTBOT_REGISTRATION} --register-unsafely-without-email"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Permissions checks for acme user
|
||||||
|
sudo -u acme test -r "${CSR_FILE}" || error "File ${CSR_FILE} is not readable by user 'acme'"
|
||||||
|
sudo -u acme test -w "${NEW_DIR}" || error "File ${NEW_DIR} is not writable by user 'acme'"
|
||||||
|
|
||||||
# create a certificate with certbot
|
# create a certificate with certbot
|
||||||
sudo -u acme \
|
sudo -u acme \
|
||||||
${CERTBOT_BIN} \
|
${CERTBOT_BIN} \
|
||||||
|
|
Loading…
Reference in a new issue