diff --git a/contrib/scripts/dumpcerts.sh b/contrib/scripts/dumpcerts.sh index 51af73c2c..2db75a042 100755 --- a/contrib/scripts/dumpcerts.sh +++ b/contrib/scripts/dumpcerts.sh @@ -130,9 +130,11 @@ trap 'umask ${oldumask}' EXIT # # and sed: # echo "-----BEGIN RSA PRIVATE KEY-----" > "${pdir}/letsencrypt.key" -# echo ${priv} | sed 's/(.{64})/\1\n/g' >> "${pdir}/letsencrypt.key" -# echo "-----END RSA PRIVATE KEY-----" > "${pdir}/letsencrypt.key" -# +# echo ${priv} | sed -E 's/(.{64})/\1\n/g' >> "${pdir}/letsencrypt.key" +# sed -i '$ d' "${pdir}/letsencrypt.key" +# echo "-----END RSA PRIVATE KEY-----" >> "${pdir}/letsencrypt.key" +# openssl rsa -noout -in "${pdir}/letsencrypt.key" -check # To check if the key is valid + # In the end, openssl was chosen because most users will need this script # *because* of openssl combined with the fact that it will refuse to write the # key if it does not parse out correctly. The other mechanisms were left as @@ -141,11 +143,16 @@ echo -e "-----BEGIN RSA PRIVATE KEY-----\n${priv}\n-----END RSA PRIVATE KEY----- | openssl rsa -inform pem -out "${pdir}/letsencrypt.key" # Process the certificates for each of the domains in acme.json -for domain in $(jq -r '.DomainsCertificate.Certs[].Certificate.Domain' acme.json); do +for domain in $(jq -r '.DomainsCertificate.Certs[].Certificate.Domain' ${acmefile}); do # Traefik stores a cert bundle for each domain. Within this cert # bundle there is both proper the certificate and the Let's Encrypt CA echo "Extracting cert bundle for ${domain}" cert=$(jq -e -r --arg domain "$domain" '.DomainsCertificate.Certs[].Certificate | select (.Domain == $domain )| .Certificate' ${acmefile}) || bad_acme - echo "${cert}" | base64 --decode > "${cdir}/${domain}.pem" + echo "${cert}" | base64 --decode > "${cdir}/${domain}.crt" + + echo "Extracting private key for ${domain}" + key=$(jq -e -r --arg domain "$domain" '.DomainsCertificate.Certs[].Certificate | + select (.Domain == $domain )| .PrivateKey' ${acmefile}) || bad_acme + echo "${key}" | base64 --decode > "${pdir}/${domain}.key" done