mirrors2/eiblog
1
0
Fork 0
mirror of https://github.com/eiblog/eiblog.git synced 2026-02-04 13:52:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

let's encrypt v2 embedded ct,rm about cert's ct

Browse Source
This commit is contained in:
henry.chen
2018-05-07 16:51:54 +08:00
parent 911aa963c7
commit 375d43761b
6 changed files with 16 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
Makefile
View File

@@ -26,7 +26,7 @@ dist:
gencert:makedir
@if [ ! -n "$(sans)" ]; then \
printf "Need one argument [sans=params]\n"; \
printf "example: sans=\"-d domain -d domain\"\n"; \
printf "example: sans=\"-d domain -d *.domain\"\n"; \
exit 1; \
fi; \
if [ ! -n "$(cn)" ]; then \
@@ -39,22 +39,18 @@ gencert:makedir
fi
@echo "generate rsa cert..."
@$(acme.sh) --force --issue --dns dns_ali $(sans) --log \
--renew-hook "ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/venafi.sct \
&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.rsa.pem > $(config)/scts/rsa/wosign.sct"
@$(acme.sh) --install-cert -d $(cn) \
--key-file $(config)/ssl/domain.rsa.key \
--fullchain-file $(config)/ssl/domain.rsa.pem \
--reloadcmd "service nginx force-reload"
@$(acme.sh) --force --issue --dns dns_ali $(sans) \
--renew-hook "$(acme.sh) --install-cert -d $(cn) \
--key-file $(config)/ssl/domain.rsa.key \
--fullchain-file $(config)/ssl/domain.rsa.pem \
--reloadcmd \"service nginx force-reload\""
@echo "generate ecc cert..."
@$(acme.sh) --force --issue --dns dns_ali $(sans) -k ec-256 --log \
--renew-hook "ct-submit ctlog-gen2.api.venafi.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/venafi.sct \
&& ct-submit ctlog.wosign.com < $(config)/ssl/domain.ecc.pem > $(config)/scts/ecc/wosign.sct"
@$(acme.sh) --install-cert -d $(cn) --ecc \
--key-file $(config)/ssl/domain.ecc.key \
--fullchain-file $(config)/ssl/domain.ecc.pem \
--reloadcmd "service nginx force-reload"
@$(acme.sh) --force --issue --dns dns_ali $(sans) -k ec-256 \
--renew-hook "$(acme.sh) --install-cert -d $(cn) --ecc \
--key-file $(config)/ssl/domain.ecc.key \
--fullchain-file $(config)/ssl/domain.ecc.pem \
--reloadcmd \"service nginx force-reload\""
dhparams:
@openssl dhparam -out $(config)/ssl/dhparams.pem 2048
@@ -63,7 +59,7 @@ ssticket:
@openssl rand 48 > $(config)/ssl/session_ticket.key
makedir:
@mkdir -p $(config)/ssl $(config)/scts/rsa $(config)/scts/ecc
@mkdir -p $(config)/ssl
clean: