Niklas Keller
@@ -28,7 +28,10 @@ certificates:
|
||||
# user: User running the web server. Challenge files are world readable,
|
||||
# but some servers might require to be owner of files they serve.
|
||||
#
|
||||
# rekey: Regenerate certificate key pairs even if a key pair already exists.
|
||||
#
|
||||
- bits: 4096
|
||||
rekey: true
|
||||
paths:
|
||||
/var/www/example:
|
||||
- example.org
|
||||
|
||||
@@ -24,7 +24,7 @@ You can separate multiple domains (`-d`) with `,`, `:` or `;`. You can separate
|
||||
|
||||
If you specify less paths than domains, the last one will be used for the remaining domains.
|
||||
|
||||
Please note that Let's Encrypt has rate limits. Currently it's five certificates per domain per seven days. If you combine multiple subdomains in a single certificate, they count as just one certificate. If you just want to test things out, you can use their staging server, which has way higher rate limits by appending `--s letsencrypt:staging`.
|
||||
Please note that Let's Encrypt has rate limits. Currently it's five certificates per domain per seven days. If you combine multiple subdomains in a single certificate, they count as just one certificate. If you just want to test things out, you can use their staging server, which has way higher rate limits by appending `--server letsencrypt:staging`.
|
||||
|
||||
## Revoke a Certificate
|
||||
|
||||
|
||||
@@ -53,7 +53,10 @@ certificates:
|
||||
# user: User running the web server. Challenge files are world readable,
|
||||
# but some servers might require to be owner of files they serve.
|
||||
#
|
||||
# rekey: Regenerate certificate key pairs even if a key pair already exists.
|
||||
#
|
||||
- bits: 4096
|
||||
rekey: true
|
||||
paths:
|
||||
/var/www/example:
|
||||
- example.org
|
||||
|
||||
@@ -86,6 +86,13 @@ class Auto implements Command {
|
||||
return self::EXIT_CONFIG_ERROR;
|
||||
}
|
||||
|
||||
foreach ($config['certificates'] as $certificateConfig) {
|
||||
if (isset($certificateConfig['rekey']) && !\is_bool($certificateConfig['rekey'])) {
|
||||
$this->climate->error("Config file ({$configPath}) defines an invalid 'rekey' value.");
|
||||
return self::EXIT_CONFIG_ERROR;
|
||||
}
|
||||
}
|
||||
|
||||
$concurrency = isset($config['challenge-concurrency']) ? (int) $config['challenge-concurrency'] : null;
|
||||
|
||||
$process = new Process([
|
||||
@@ -179,8 +186,7 @@ class Auto implements Command {
|
||||
$domainPathMap = $this->toDomainPathMap($certificate['paths']);
|
||||
$domains = \array_keys($domainPathMap);
|
||||
$commonName = \reset($domains);
|
||||
|
||||
$process = new Process([
|
||||
$processArgs = [
|
||||
PHP_BINARY,
|
||||
$GLOBALS['argv'][0],
|
||||
'check',
|
||||
@@ -192,7 +198,13 @@ class Auto implements Command {
|
||||
$commonName,
|
||||
'--names',
|
||||
\implode(',', $domains),
|
||||
]);
|
||||
];
|
||||
|
||||
if ($certificate['rekey'] ?? false) {
|
||||
$processArgs[] = '--rekey';
|
||||
}
|
||||
|
||||
$process = new Process($processArgs);
|
||||
|
||||
$process->start();
|
||||
$exit = yield $process->join();
|
||||
|
||||
@@ -97,14 +97,20 @@ class Issue implements Command {
|
||||
throw new AcmeException('Issuance failed, not all challenges could be solved.');
|
||||
}
|
||||
|
||||
$path = 'certs/' . $keyFile . '/' . \reset($domains) . '/key.pem';
|
||||
$keyPath = 'certs/' . $keyFile . '/' . \reset($domains) . '/key.pem';
|
||||
$bits = $args->get('bits');
|
||||
|
||||
$regenerateKey = $args->get('rekey');
|
||||
|
||||
try {
|
||||
$key = yield $keyStore->get($path);
|
||||
$key = yield $keyStore->get($keyPath);
|
||||
} catch (KeyStoreException $e) {
|
||||
$regenerateKey = true;
|
||||
}
|
||||
|
||||
if ($regenerateKey) {
|
||||
$this->climate->whisper(' Generating new key pair ...');
|
||||
$key = (new RsaKeyGenerator($bits))->generateKey();
|
||||
$key = yield $keyStore->put($path, $key);
|
||||
}
|
||||
|
||||
$this->climate->br();
|
||||
@@ -117,6 +123,8 @@ class Issue implements Command {
|
||||
|
||||
$path = AcmeClient\normalizePath($args->get('storage')) . '/certs/' . $keyFile;
|
||||
$certificateStore = new CertificateStore($path);
|
||||
|
||||
yield $keyStore->put($keyPath, $key);
|
||||
yield $certificateStore->put($certificates);
|
||||
|
||||
$this->climate->info(' Successfully issued certificate.');
|
||||
@@ -232,6 +240,11 @@ class Issue implements Command {
|
||||
'defaultValue' => 10,
|
||||
'castTo' => 'int',
|
||||
],
|
||||
'rekey' => [
|
||||
'longPrefix' => 'rekey',
|
||||
'description' => 'Regenerate the key pair even if a key pair already exists.',
|
||||
'noValue' => true,
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user