Last active
January 10, 2017 01:11
-
-
Save hdonnay/1b1930dd91c42935a44c18781c38455f to your computer and use it in GitHub Desktop.
acmetool tls-sni hook
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# Provided in the public domain. | |
# | |
# This works best as a suid hook. | |
# nginx may complain about the server_name being too long. Either fix it, or | |
# the commented out pattern should work. | |
NGINX_SITES=/etc/nginx/sites-enabled | |
cfg="$NGINX_SITES/challenge-$2" | |
pem="${TMPDIR:-/tmp}/challenge-$2.pem" | |
case "$1" in | |
challenge-tls-sni-start) | |
cat - >"$pem" | |
sed -n '/BEGIN EC PRIVATE KEY/,$p' < "$pem" > "${pem}.key" | |
sed -n '0,/END CERTIFICATE/p' < "$pem" > "${pem}.crt" | |
cat <<EOF > "$cfg" | |
server { | |
listen 443 ssl; | |
#server_name .acme.invalid; | |
server_name $4; | |
ssl_certificate ${pem}.crt; | |
ssl_certificate_key ${pem}.key; | |
location / { | |
default_type text/plain; | |
return 200 ""; | |
} | |
} | |
EOF | |
echo $1 $2 >&2 | |
exec service nginx reload | |
;; | |
challenge-tls-sni-stop) | |
rm "$cfg" "$pem"* | |
echo $1 $2 >&2 | |
exec service nginx reload | |
;; | |
*) | |
exit 42 | |
;; | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment