diff options
| -rw-r--r-- | http.sh | 2 | ||||
| -rw-r--r-- | init.sh | 21 | ||||
| -rw-r--r-- | kerberos.sh | 7 | ||||
| -rw-r--r-- | lfacme-renew.sh | 67 | ||||
| -rw-r--r-- | lfacme-setup.sh | 5 |
5 files changed, 71 insertions, 31 deletions
@@ -34,11 +34,13 @@ _file="${ACME_HTTP_CHALLENGE_DIR}/${TOKEN}" case "$ACTION" in begin) + _verbose "creating validation token %s" "$_file" echo "$AUTH" >"$_file" exit $? ;; done|failed) + _verbose "deleting validation token %s" "$_file" rm -f "$_file" exit $? ;; @@ -21,6 +21,16 @@ _warn() { printf >&2 '%s: WARNING: %s\n' "$_PROGNAME" "$_msg" } +_verbose() { + if [ -z "$LFACME_VERBOSE" ]; then + return + fi + + local _fmt=$1; shift + local _msg="$(printf "$_fmt" "$@")" + printf '%s: %s\n' "$_PROGNAME" "$_msg" +} + # The prefix we're installed in. _BASEDIR="/usr/local" # Where the internal scripts are. @@ -75,9 +85,16 @@ _UACME_DIR="${ACME_DATADIR}/certs" # The uacme executable. _UACME=/usr/local/bin/uacme +_LFACME_UACME_FLAGS="" +if ! [ -z "$LFACME_VERBOSE" ]; then + _LFACME_UACME_FLAGS="$_LFACME_UACME_FLAGS -v" +fi + _uacme() { - env "LFACME_CONFDIR=${_CONFDIR}" \ - "$_UACME" -a "$ACME_URL" -c "$_UACME_DIR" "$@" + env "LFACME_CONFDIR=${_CONFDIR}" \ + "LFACME_VERBOSE=${LFACME_VERBOSE}" \ + "$_UACME" $_LFACME_UACME_FLAGS \ + -a "$ACME_URL" -c "$_UACME_DIR" "$@" } # Find a challenge script and make sure it's valid. If the challenge name diff --git a/kerberos.sh b/kerberos.sh index df88e2c..2bbfd0f 100644 --- a/kerberos.sh +++ b/kerberos.sh @@ -90,15 +90,15 @@ _wait_for_nameserver() { local auth="$2" local nameserver="$3" - echo "waiting for $domain on nameserver $ns..." + _verbose "waiting for nameserver %s" "$nameserver" local waited=0 local waitlimit=60 while sleep 1; do waited=$((waited + 1)) if [ "$waited" -ge "$waitlimit" ]; then - _error "timed out waiting for nameserver update for %s" \ - "$domain" + _error "timed out waiting for '%s' on '%s'" \ + "$domain" "$nameserver" return 1 fi @@ -121,6 +121,7 @@ _wait_for_record() { local auth="$2" local nameservers="$(_getnameservers "$domain")" + _verbose "waiting for the DNS record '%s' to be published" "$domain" for ns in $nameservers; do _wait_for_nameserver "$domain" "$auth" "$ns" || return 1 done diff --git a/lfacme-renew.sh b/lfacme-renew.sh index f7878e6..5dc0619 100644 --- a/lfacme-renew.sh +++ b/lfacme-renew.sh @@ -17,7 +17,7 @@ while :; do _CONFDIR="$2" shift; shift;; -v) - _uacme_flags="$_uacme_flags $1" + LFACME_VERBOSE=1 shift;; --) shift; break;; @@ -101,6 +101,8 @@ EOF _docert() { local identifier="$1"; shift + _verbose "checking certificate '%s'" "$identifier" + # uacme creates the cert name by stripping the extension from the # CSR filename, so the basename has to match the identifier. local dir="${_UACME_DIR}/${identifier}" @@ -118,25 +120,38 @@ _docert() { # parse arguments for this cert while ! [ -z "$1" ]; do case "$1" in - type=rsa) keytype=rsa;; - type=ec) keytype=ec;; - type=*) _error "%s: unknown key type: %s" \ - "$identifier" "${1#type=*}" - return 1;; - hook=*) hooks="$hooks ${1#hook=*}";; - challenge=*) challenge="${1#challenge=*}";; - *=*) _error "%s: unknown option: %s" \ - "$identifier" "$1" - return 1;; - *.*) altnames="$altnames $1" - # Take the domain from the first altname. - if [ -z "$domain" ]; then - domain="$1" - fi - ;; - *) _error "%s: unknown option: %s" \ - "$identifier" "$1" - return 1;; + type=rsa) + keytype=rsa + ;; + type=ec) + keytype=ec + ;; + type=*) + _error "%s: unknown key type: %s" \ + "$identifier" "${1#type=*}" + return 1 + ;; + hook=*) + hooks="$hooks ${1#hook=*}" + ;; + challenge=*) + challenge="${1#challenge=*}" + ;; + *=*) + _error "%s: unknown option: %s" "$identifier" "$1" + return 1 + ;; + *.*) + altnames="$altnames $1" + # Take the domain from the first altname. + if [ -z "$domain" ]; then + domain="$1" + fi + ;; + *) + _error "%s: unknown option: %s" "$identifier" "$1" + return 1 + ;; esac shift done @@ -214,11 +229,13 @@ _docert() { # otherwise, exit code is 0 which means we (re)issued the cert, # so run the hooks. for hook in $_rhooks; do - env "LFACME_CONFDIR=${_CONFDIR}" \ - "LFACME_CERT=${identifier}" \ - "LFACME_KEYFILE=${keyfile}" \ - "LFACME_CERTFILE=${certfile}" \ - $hook newcert + _verbose "running hook: %s" "$hook" + env "LFACME_CONFDIR=${_CONFDIR}" \ + "LFACME_VERBOSE=${LFACME_VERBOSE}" \ + "LFACME_CERT=${identifier}" \ + "LFACME_KEYFILE=${keyfile}" \ + "LFACME_CERTFILE=${certfile}" \ + "$hook" newcert if [ "$?" -ne 0 ]; then _warn "%s: hook script '%s' failed" \ "$identifier" "$hook" diff --git a/lfacme-setup.sh b/lfacme-setup.sh index 90c1160..f690cba 100644 --- a/lfacme-setup.sh +++ b/lfacme-setup.sh @@ -15,7 +15,10 @@ while :; do -c) _CONFDIR="$2" shift; shift;; - -v|-y) + -v) + LFACME_VERBOSE=1 + shift;; + -y) _uacme_flags="$_uacme_flags $1" shift;; --) |