Skip to content

Instantly share code, notes, and snippets.

@Zash
Created August 28, 2022 20:19
Show Gist options
  • Save Zash/f8231d4ce90e95ec66bc67b459b2fc62 to your computer and use it in GitHub Desktop.
Save Zash/f8231d4ce90e95ec66bc67b459b2fc62 to your computer and use it in GitHub Desktop.
TLSA update thing
#!/bin/bash
set -euo pipefail
CERTS=/var/lib/dehydrated/certs/
pkeyhash() {
openssl pkey -in "$CERTS$1/privkey${2:-}.pem" -pubout -outform DER |
sha256sum | cut -d' ' -f1
}
while read -r -a names ; do
for name in "${names[@]}"; do
echo "update delete _443._tcp.$name TLSA"
done
if [ -r "$CERTS${names[0]}/privkey.pem" ]; then
for name in "${names[@]}"; do
echo "update add _443._tcp.$name TLSA 3 1 1 $(pkeyhash "${names[0]}")"
done
fi
if [ -r "$CERTS${names[0]}/privkey.roll.pem" ]; then
for name in "${names[@]}"; do
echo "update add _443._tcp.$name TLSA 3 1 1 $(pkeyhash "${names[0]}" ".roll")"
done
fi
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment