forked from cpwc/le-serverpilot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrevoke.sh
143 lines (114 loc) · 5.05 KB
/
revoke.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/bin/bash
echo -e ""
echo -e " ###############################################################"
echo -e " ## THIS WILL ${RED}REVOKE${NC} A FREE 90 DAY SSL CERTIFICATE ##"
echo -e " ## FROM LETS ENCRYPT ##"
echo -e " ###############################################################"
echo -e ""
# Run
echo -e "${RED}Do you want to revoke a SSL certificate (y/n)?${NC}"
read DFRUN
if [ "${DFRUN}" == "y" ]; then
echo -e "What is the primary domain name"
echo " > eg; mydomain.com"
read DFRUN
echo ""
SEVHOST="${BASEDIR}/certs/${DFRUN}";
DFC=0; # <-- Sets amount of certs found
# Check if we have any certficates for that domain
if [[ ! -d "${SEVHOST}" ]]; then
echo -e "${RED}ERROR:${NC} No certificates found under that domain";
exit 1;
fi
#echo " Please choose from the following Certificates"
# Start finding all versions of ssl certificates
for Cert in $(find ${SEVHOST}/cert-*.pem -maxdepth 0 -type f );
do
FolderName=$(basename $Cert);
#echo " - Checking ${Cert}..."
if [ -f "${SEVHOST}/${FolderName}" ]; then
#echo " - Found ${FolderName}"
# Check if that certificate has expired, if not add it into the list
if openssl x509 -checkend 0 -noout -in "${SEVHOST}/${FolderName}"
then
DFTMPDATES=$(openssl x509 -startdate -noout -in "${SEVHOST}/${FolderName}")
echo -e " > ${GREEN}${FolderName}${NC} (Issued: ${DFTMPDATES})"
DFC=$((DFC + 1))
DFCO=${FolderName}
fi
fi
done
if [[ ${DFC} == 0 ]]; then
echo " - No Certificates found"
exit 1;
fi
echo ""
if [[ ${DFC} == 1 ]]; then
# Only one certificate which can be revoked
DFRUNCERT=$(tr -dc '0-9' <<< $DFCO)
else
# More then 1 make the user choose
echo -e "Which certificate do you wish to revoke?"
echo -n " > eg; cert-1445412480.pem (type 1445412480) "
read DFRUNCERT
echo ""
fi
# Check if it exists
if [ ! -f "${SEVHOST}/cert-${DFRUNCERT}.pem" ]; then
echo -e " ${RED}ERROR:${NC} Certificate not found"
echo " - Check the number and try again"
exit 1;
fi
# Check if the current Certificate is in use on the server
DFSL=$(readlink -f "${SEVHOST}/cert.pem"); DFSL=$(basename $DFSL);
if [[ ${DFSL} == "cert-${DFRUNCERT}.pem" ]]; then
echo -e "${RED}WARNING:${NC} This SSL Certificate is currently in use, continue? (y/n)"
echo " - You should issue a new one first"
read DFRUN
echo ""
if [ ! $DFRUN == "y" ]; then
echo "Nothing Revoked!"
exit 1;
fi
fi
# Check if the private key exists
if [ ! -f "${SEVHOST}/privkey-${DFRUNCERT}.pem" ]; then
echo -e "${RED}ERROR:${NC} Private Key for certificate not found"
echo " - Attempted Path (${SEVHOST}/privkey-${DFRUNCERT}.pem)"
echo " - Check the number and try again"
exit 1;
fi
#Display some info about the certificate
echo -e "${RED}Do you wish to revoke '${GREEN}cert-${DFRUNCERT}.pem${RED}' (y/n)?${NC}"
echo " > This cannot be undone!"
read DFRUN
echo ""
if [ "${DFRUN}" == "y" ]; then
echo " + Attempting to revoke SSL Certificate..."
# Revoke the cert
# Add Challange directory to tmp config
echo -e "PRIVATE_KEY='${SEVHOST}/privkey-${DFRUNCERT}.pem'" > ${CFDFT}
echo -e "CONTACT_EMAIL='${CONTACT_EMAIL}'" >> ${CFDFT}
if [[ "${TESTING}" == 1 ]]; then
echo -e 'CA="https://acme-staging.api.letsencrypt.org/directory"' >> ${CFDFT}
else
echo -e 'CA="https://acme-v01.api.letsencrypt.org/directory"' >> ${CFDFT}
fi
echo -e "DFR=1" >> ${CFDFT}
if [[ "${TESTING}" == 1 ]]; then
echo -e "CA='https://acme-staging.api.letsencrypt.org/directory'" >> ${CFDFT}
else
echo -e "CA='https://acme-v01.api.letsencrypt.org/directory'" >> ${CFDFT}
fi
cd ${BASEDIR}
bash acme.sh -r "${SEVHOST}/cert-${DFRUNCERT}.pem" --config ${CFDFT}
# Remove tmp config file
rm -- ${CFDFT};
else
echo "Nothing revoked!"
exit;
fi
else
echo "Nothing revoked!"
exit;
fi