#
# Copyright (C) 2016 - 2017 Raphaël Gertz <acmepl@rapsys.eu>
-# acme package
-package acme;
+# Acme package
+package Acme;
# Best practice
use strict;
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-# Copyright (C) 2016 - 2017 Raphaël Gertz <acmepl@rapsys.eu>
+# Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
# Best practice
use strict;
}
# Create new object
-my $acme = acme->new(shift @ARGV, $debug, $prod, @ARGV);
+my $acme = Acme->new(shift @ARGV, $debug, $prod, @ARGV);
# Prepare environement
$acme->prepare();
--- /dev/null
+.\" Manpage for acmecert.
+.\" Contact acme@rapsys.eu to correct errors or typos.
+.TH man 1 "05 Apr 2017" "0.7" "acmecert man page"
+.SH NAME
+acmecert \- generate a single certificate
+.SH SYNOPSIS
+acmecert [-(r|-redhat|d|-debian)] [example.com[,www.example.com,...]] [...]
+.SH DESCRIPTION
+acmecert is a basic script generating a single certificate based on parameters.
+.SH OPTIONS
+The acmecert takes options.
+
+Use -d for debug directive.
+
+Use -p for production mode.
+
+These directives require to be followed by an email address and the domain and alternative domain list.
+.SH EXAMPLE 1
+.TP
+.B acmecert -d webmaster@example.com example.com www.example.com ssl.example.com
+will generate a certificate for example.com with www.example.com and ssl.example.com alternatives domains with debug mode active.
+.SH EXAMPLE 2
+.TP
+.B acmecert -p webmaster@example.com example.com www.example.com ssl.example.com
+will generate a certificate for example.com with www.example.com and ssl.example.com alternatives domains with production mode active.
+.SH SEE ALSO
+acmecron(1),acmecert(1)
+.SH BUGS
+No known bugs.
+.SH AUTHOR
+Raphaël Gertz (rapsys) <acme@rapsys.eu>
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-# Copyright (C) 2016 - 2017 Raphaël Gertz <acmepl@rapsys.eu>
+# Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
# Best practice
use strict;
# Load POSIX
use POSIX qw(EXIT_SUCCESS EXIT_FAILURE);
-# XXX: Debug
-use Data::Dumper;
-
# Init redhat
my @redhat = ();
# Private key
#XXX: required
key => '/etc/pki/tls/private/'.$domain.'.pem',
+ # Private account key
+ #XXX: required
+ account => '/etc/acme/account.pem',
# Mail address
#XXX: required
mail => 'webmaster@'.$domain,
# Private key
#XXX: required
key => '/etc/ssl/private/'.$domain.'.key',
+ # Private account key
+ #XXX: required
+ account => '/etc/acme/account.pem',
# Mail address
#XXX: required
mail => 'webmaster@'.$domain,
--- /dev/null
+.\" Manpage for acmeconf.
+.\" Contact acme@rapsys.eu to correct errors or typos.
+.TH man 1 "05 Apr 2017" "0.7" "acmeconf man page"
+.SH NAME
+acmeconf \- create a new configuration template
+.SH SYNOPSIS
+acmeconf [-(r|-redhat|d|-debian)] [example.com[,www.example.com,...]] [...]
+.SH DESCRIPTION
+acmeconf is a basic script generating a template configuration for generating letsencrypt certificate.
+.SH OPTIONS
+The acmeconf takes options.
+
+Use -r or --redhat directive for a distribution using redhat certificate path (/etc/pki/tls).
+
+Use -d or --debian for a distribution using debian like certificate base path (/etc/ssl).
+
+These directives can be followed by domain and alternative(s) domain(s) list each separated by a coma, the first one of the list will be used as principal domain name.
+.SH EXAMPLE 1
+.TP
+.B acmeconf -r example.com,www.example.com,ssl.example.com > /etc/acme/config
+will generate redhat like template configuration file for example.com as principal domain and www.example.com with ssl.example.com as alternatives domains.
+.SH EXAMPLE 2
+.TP
+.B acmeconf -r example.com,www.example.com -r webmail.example.com,imap.example.com,smtp.example.com | sudo tee /etc/acme/config
+will generate redhat like template configuration file for example.com as principal domain and www.example.com with ssl.example.com as alternatives domains and an other one for the mail.example.com domain with example.com and smtp.example.com as alternatives domain.
+.SH SEE ALSO
+acmecron(1),acmecert(1)
+.SH BUGS
+No known bugs.
+.SH AUTHOR
+Raphaël Gertz (rapsys) <acme@rapsys.eu>
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-# Copyright (C) 2016 - 2017 Raphaël Gertz <acmepl@rapsys.eu>
+# Copyright (C) 2016 - 2017 Raphaël Gertz <acme@rapsys.eu>
# Best practice
use strict;
use File::Slurp qw(read_file write_file);
use JSON qw(decode_json);
use IPC::System::Simple qw(capturex $EXITVAL);
-use Acme qw(CERT_DIR CONFIG DS KEY_DIR SERVER_CRT SERVER_KEY);
+use Acme qw(CERT_DIR CONFIG DS KEY_DIR SERVER_CRT SERVER_KEY ACCOUNT_KEY);
# Load POSIX
use POSIX qw(strftime EXIT_SUCCESS EXIT_FAILURE);
next;
}
+ # Unlink if is a symlink
+ if (-l KEY_DIR.DS.ACCOUNT_KEY) {
+ unless(unlink(KEY_DIR.DS.ACCOUNT_KEY)) {
+ carp('unlink '.KEY_DIR.DS.ACCOUNT_KEY.' failed: '.$!);
+ next;
+ }
+ }
+
+ # Symlink to key
+ unless(symlink($_->{account}, KEY_DIR.DS.ACCOUNT_KEY)) {
+ carp('symlink '.$_->{account}.' to '.KEY_DIR.DS.ACCOUNT_KEY.' failed: '.$!);
+ next;
+ }
+
# Init args
my @args = @{$_->{domains}};
unshift(@args, '-d');
}
- # Run letscert with args
- my @out = capturex([0..1], 'letscert', @args);
+ # Run acmecert with args
+ my @out = capturex([0..1], 'acmecert', @args);
# Deal with error
if ($EXITVAL != 0) {
print join("\n", @out) if ($debug);
- carp('letscert '.join(', ', @args).' failed: '.$!);
+ carp('acmecert '.join(', ', @args).' failed: '.$!);
next;
}
--- /dev/null
+.\" Manpage for acmecron.
+.\" Contact acme@rapsys.eu to correct errors or typos.
+.TH man 1 "05 Apr 2017" "0.7" "acmecron man page"
+.SH NAME
+acmecron \- generate all certificate listed in configuration file if required
+.SH SYNOPSIS
+acmecron [-d]
+.SH DESCRIPTION
+acmecron is a basic script generating all certificate listed in configuration if not present or older than 60 days. It will run acmecert with right options for every listed certificate if required.
+.SH OPTIONS
+The acmeconf takes one option for enabling debug mode.
+.SH SEE ALSO
+acmeconf(1),acmecert(1)
+.SH BUGS
+No known bugs.
+.SH AUTHOR
+Raphaël Gertz (rapsys) <acme@rapsys.eu>
Rapsys Git / acme / commitdiff