Add logging for failed openssl
parent
51922e737e
commit
4a391bf4a3
|
@ -37,7 +37,7 @@ ipstring="${3}"
|
|||
printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||
|
||||
# Generate key
|
||||
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >>"${LOGFILE}" 2>&1; then
|
||||
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1; then
|
||||
printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
|
@ -53,11 +53,12 @@ fi
|
|||
# Generate config
|
||||
san="\n[SAN]\nsubjectAltNames=DNS:${hostname:?}.${username:?}.${TLD:?},DNS:*.${hostname:?}.${username:?}.${TLD:?}"
|
||||
[ "${ipstring}" != "" ] && san="${san},${ipstring}"
|
||||
if ! cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
|
||||
if ! printf '%s' "${san}" | sudo cat '/etc/ssl/openssl.cnf' /dev/stdin \
|
||||
> "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf"; then
|
||||
printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||
exit 7
|
||||
fi
|
||||
sudo tail "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf" >>"${LOGFILE}"
|
||||
|
||||
# Generate CSR
|
||||
if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
|
||||
|
|
Loading…
Reference in New Issue