---- letsencrypt.sh-0.1.0/letsencrypt.sh 2016-05-14 15:51:55.000000000 +0300
-+++ letsencrypt.sh-0.1.0/letsencrypt.sh 2016-05-14 15:58:33.687279548 +0300
+diff -ur dehydrated-0.6.2.orig/dehydrated dehydrated-0.6.2/dehydrated
+--- dehydrated-0.6.2.orig/dehydrated 2018-04-25 21:22:40.000000000 +0000
++++ dehydrated-0.6.2/dehydrated 2018-12-19 22:44:07.875403000 +0000
@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
- # letsencrypt.sh by lukas2511
- # Source: https://github.com/lukas2511/letsencrypt.sh
-@@ -42,7 +42,7 @@
+ # dehydrated by lukas2511
+ # Source: https://dehydrated.io
+@@ -11,7 +11,7 @@
+ [[ -n "${ZSH_VERSION:-}" ]] && set -o SH_WORD_SPLIT && set +o FUNCTION_ARGZERO && set -o NULL_GLOB && set -o noglob
+ [[ -z "${ZSH_VERSION:-}" ]] && shopt -s nullglob && set -f
+
+-umask 077 # paranoid umask, we're creating private keys
++umask 027 # allow root and dehydrated group only to protect private keys
+
+ # Close weird external file descriptors
+ exec 3>&-
+@@ -112,7 +112,7 @@
load_config() {
# Check for config in various locations
if [[ -z "${CONFIG:-}" ]]; then
-- for check_config in "/etc/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
-+ for check_config in "/etc/letsencrypt.sh" "/etc/webapps/letsencrypt.sh" "/usr/local/etc/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
- if [[ -e "${check_config}/config.sh" ]]; then
+- for check_config in "/etc/dehydrated" "/usr/local/etc/dehydrated" "${PWD}" "${SCRIPTDIR}"; do
++ for check_config in "/etc/dehydrated" "/etc/webapps/dehydrated" "/usr/local/etc/dehydrated" "/etc/webapps/letsencrypt.sh" "${PWD}" "${SCRIPTDIR}"; do
+ if [[ -f "${check_config}/config" ]]; then
BASEDIR="${check_config}"
- CONFIG="${check_config}/config.sh"
-@@ -117,7 +117,7 @@ load_config() {
+ CONFIG="${check_config}/config"
+@@ -148,8 +148,8 @@
+ IP_VERSION=
+ CHAINCACHE=
+ AUTO_CLEANUP="no"
+- DEHYDRATED_USER=
+- DEHYDRATED_GROUP=
++ DEHYDRATED_USER="root"
++ DEHYDRATED_GROUP="dehydrated"
+ API="auto"
+
+ if [[ -z "${CONFIG:-}" ]]; then
+@@ -228,7 +228,7 @@
+
+ # Create new account directory or symlink to account directory from old CA
+ CAHASH="$(echo "${CA}" | urlbase64)"
+- [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="${BASEDIR}/accounts"
++ [[ -z "${ACCOUNTDIR}" ]] && ACCOUNTDIR="/var/lib/dehydrated//accounts"
+ if [[ ! -e "${ACCOUNTDIR}/${CAHASH}" ]]; then
+ OLDCAHASH="$(echo "${OLDCA}" | urlbase64)"
+ mkdir -p "${ACCOUNTDIR}"
+@@ -253,10 +253,10 @@
+ mv "${BASEDIR}/private_key.json" "${ACCOUNT_KEY_JSON}"
+ fi
- [[ -z "${ACCOUNT_KEY}" ]] && ACCOUNT_KEY="${BASEDIR}/private_key.pem"
- [[ -z "${ACCOUNT_KEY_JSON}" ]] && ACCOUNT_KEY_JSON="${BASEDIR}/private_key.json"
-- [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/.acme-challenges"
-+ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="${BASEDIR}/acme-challenges"
+- [[ -z "${CERTDIR}" ]] && CERTDIR="${BASEDIR}/certs"
++ [[ -z "${CERTDIR}" ]] && CERTDIR="/var/lib/dehydrated//certs"
+ [[ -z "${CHAINCACHE}" ]] && CHAINCACHE="${BASEDIR}/chains"
+ [[ -z "${DOMAINS_TXT}" ]] && DOMAINS_TXT="${BASEDIR}/domains.txt"
+- [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/www/dehydrated"
++ [[ -z "${WELLKNOWN}" ]] && WELLKNOWN="/var/lib/dehydrated/acme-challenge"
[[ -z "${LOCKFILE}" ]] && LOCKFILE="${BASEDIR}/lock"
+ [[ -z "${OPENSSL_CNF}" ]] && OPENSSL_CNF="$("${OPENSSL}" version -d | cut -d\" -f2)/openssl.cnf"
+ [[ -n "${PARAM_LOCKFILE_SUFFIX:-}" ]] && LOCKFILE="${LOCKFILE}-${PARAM_LOCKFILE_SUFFIX}"
+diff -ur dehydrated-0.6.2.orig/docs/examples/config dehydrated-0.6.2/docs/examples/config
+--- dehydrated-0.6.2.orig/docs/examples/config 2018-04-25 21:22:40.000000000 +0000
++++ dehydrated-0.6.2/docs/examples/config 2018-12-19 22:42:55.015403000 +0000
+@@ -47,13 +47,13 @@
+ #DOMAINS_TXT="${BASEDIR}/domains.txt"
+
+ # Output directory for generated certificates
+-#CERTDIR="${BASEDIR}/certs"
++#CERTDIR="/var/lib/dehydrated/certs"
+
+ # Directory for account keys and registration information
+ #ACCOUNTDIR="${BASEDIR}/accounts"
+
+ # Output directory for challenge-tokens to be served by webserver or deployed in HOOK (default: /var/www/dehydrated)
+-#WELLKNOWN="/var/www/dehydrated"
++#WELLKNOWN="/var/lib/dehydrated/acme-challenge"
+
+ # Default keysize for private keys (default: 4096)
+ #KEYSIZE="4096"
+@@ -77,7 +77,7 @@
+ #
+ # BASEDIR and WELLKNOWN variables are exported and can be used in an external program
+ # default: <unset>
+-#HOOK=
++HOOK=/etc/webapps/dehydrated/hook.sh
- [[ -n "${PARAM_HOOK:-}" ]] && HOOK="${PARAM_HOOK}"
+ # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
+ #HOOK_CHAIN="no"
projects / packages / dehydrated.git / blobdiff