aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--domains.conf.517
-rw-r--r--lfacme-renew.sh16
2 files changed, 30 insertions, 3 deletions
diff --git a/domains.conf.5 b/domains.conf.5
index c737d49..0f937a6 100644
--- a/domains.conf.5
+++ b/domains.conf.5
@@ -23,6 +23,14 @@ names or options for the certificate.
If no subject alt names are provided, then the certificate name is used as
the common name and subject alt name.
.Pp
+If the certificate name is
+.Dq * ,
+then this line will not cause a certificate to be issued;
+instead, any options set on this line will apply to all following lines,
+or until another line with the certificate name
+.Dq * ,
+which will replace the previously set options.
+.Pp
The following options may be set:
.Bl -tag -width indent
.It Sy type Ns Li = Ns Ar keytype
@@ -67,11 +75,18 @@ This is not necessarily the certificate's common name.
.It Sy LFACME_CERTFILE
The path of a file which contains the public certificate and any issuer
certificates, in PEM format.
-.It Sy lFACME_KEYFILE
+.It Sy LFACME_KEYFILE
The path of a file which contains the private key file in PEM format.
.El
.El
.Sh EXAMPLES
+Set the key type to
+.Dq rsa
+for all certificates.
+.Bd -literal -offset indent
+* type=rsa
+.Ed
+.Pp
Issue a certificate for
.Dq example.org
using the default options.
diff --git a/lfacme-renew.sh b/lfacme-renew.sh
index ce7c7f2..0a487d8 100644
--- a/lfacme-renew.sh
+++ b/lfacme-renew.sh
@@ -109,7 +109,7 @@ _docert() {
local certfile="${dir}/${identifier}-cert.pem"
# these can be overridden by args
- local keytype="ec"
+ local keytype=""
local altnames=""
local hooks=""
local domain=""
@@ -144,6 +144,11 @@ _docert() {
domain="$identifier"
fi
+ # Default key type is ec.
+ if [ -z "$keytype" ]; then
+ keytype="ec"
+ fi
+
# make sure all the hook scripts are valid. if the hook name
# begins with a '/' it's a full path, otherwise it's related to
# ACME_HOOKDIR.
@@ -222,11 +227,18 @@ _docert() {
}
_exit=0
+_default_args=""
cat "$_DOMAINS" \
| egrep -v '^(#|[[:space:]]*$)' \
| while read identifier args; do
- if ! _docert "$identifier" $args; then
+
+ if [ "$identifier" = "*" ]; then
+ _default_args="$args"
+ continue
+ fi
+
+ if ! _docert "$identifier" $_default_args $args; then
_exit=1
fi
done