diff options
| author | Lexi Winter <lexi@le-fay.org> | 2025-06-04 20:03:28 +0100 |
|---|---|---|
| committer | Lexi Winter <lexi@le-fay.org> | 2025-06-04 20:03:28 +0100 |
| commit | 17ecb79c0868f6405f259f01f5dd7578e068a683 (patch) | |
| tree | edae6c25e16c91fb15a4c8738d8c1d067eefd9da | |
| parent | bb551c7159a4e06982d94973c96ca64057e70884 (diff) | |
| download | lfacme-17ecb79c0868f6405f259f01f5dd7578e068a683.tar.gz lfacme-17ecb79c0868f6405f259f01f5dd7578e068a683.tar.bz2 | |
add a 'cert' command to manage certificates
| -rw-r--r-- | Makefile | 4 | ||||
| -rw-r--r-- | cert.sh.in | 83 | ||||
| -rw-r--r-- | lfacme-cert.8.in | 41 |
3 files changed, 127 insertions, 1 deletions
@@ -30,7 +30,8 @@ CHALLENGE= dns.sh \ BINMODE?= 0755 BIN= lfacme.sh -CMD= renew.sh \ +CMD= cert.sh \ + renew.sh \ setup.sh CONFMODE?= 0644 @@ -48,6 +49,7 @@ MAN7= lfacme-dns.7 \ lfacme-kerberos.7 \ lfacme-ualpn.7 MAN8= lfacme.8 \ + lfacme-cert.8 \ lfacme-renew.8 \ lfacme-setup.8 diff --git a/cert.sh.in b/cert.sh.in new file mode 100644 index 0000000..0ac8224 --- /dev/null +++ b/cert.sh.in @@ -0,0 +1,83 @@ +#! /bin/sh +# This source code is released into the public domain. + +_c_list() { + if ! [ -d "$_UACME_DIR" ]; then + return 0 + fi + + local _certs="$(cd $_UACME_DIR && ls)" + local cert + for cert in $_certs; do + if [ "$cert" = "private" ]; then + continue + fi + + printf '%s\n' "$cert" + done + + return 0 +} + +_c_remove() { + if [ -z "$1" ]; then + _fatal "missing certificate name" + fi + + local cert + for cert in "$@"; do + local _path="${_UACME_DIR}/${cert}" + + if ! [ -d "$_path" ]; then + _warn "certificate not found: %s" "$cert" + continue + fi + + # Just in case... + if [ "${_path##*/}" = "" ]; then + _fatal "internal error" + fi + + rm -rf "$_path" + done +} + +# Parse command-line arguments. +args=$(getopt "" $*) +if [ $? -ne 0 ]; then + exit 1 +fi +set -- $args + +_uacme_flags="" + +while :; do + case "$1" in + -y) + _uacme_flags="$_uacme_flags $1" + shift;; + --) + shift; break;; + esac +done + +_command="$1"; shift +if [ -z "$_command" ]; then + _fatal "missing command" +fi + +case "$_command" in +list) + _c_list "$@" + exit $? + ;; + +remove) + _c_remove "$@" + exit $? + ;; + +*) + _fatal "unknown command: %s" "$_command" + ;; +esac diff --git a/lfacme-cert.8.in b/lfacme-cert.8.in new file mode 100644 index 0000000..d6014cc --- /dev/null +++ b/lfacme-cert.8.in @@ -0,0 +1,41 @@ +.\" This source code is released into the public domain. +.Dd June 4, 2025 +.Dt LFACME 7 +.Os +.Sh NAME +.Nm lfacme cert +.Nd manage ACME certificates +.Sh SYNOPSIS +.Nm lfacme +.Op opts +.Cm cert list +.Nm lfacme +.Op opts +.Cm cert remove +.Ar certificate +.Op Ar certificate ... +.Sh DESCRIPTION +The +.Nm +command is used to manage certificates issued by +.Xr lfacme 8 . +.Pp +The following commands are supported: +.Bl -tag -width Cm remove +.It Cm list +List issued certificates. +.It Cm remove +Remove the given certificates. +The certificates will be deleted from the disk, but will be reissued the next +time +.Xr lfacme-renew 8 +is run unless they are also removed from +.Xr domains.conf 5 . +.Sh ENVIRONMENT +Refer to +.Xr lfacme 8 +for a list of environment variables which affect the operation of +.Nm . +.Sh SEE ALSO +.Xr domains.conf 5 , +.Xr lfacme 8 |