Switch to running dehydrated.

It's packaged by Debian and seems much less disastrous.  Simplify much
of the machinery.

diff --git a/.gitignore b/.gitignore
index 2978b421123379e448ece6e38248b1ae6283ffbf..bdc19ef66b96b76ff6bc67ab5655e9662d78ba30 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,11 +1,6 @@
-.cache
-.ccache
-.config
 .lesshst
-.local
 cert/
 etc/
 log/
-req/
 tmp/
 webroot/

diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644 (file)
index e087ce7..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,3 +0,0 @@
-[submodule "letsencrypt"]
-       path = letsencrypt
-       url = https://github.com/letsencrypt/letsencrypt/

diff --git a/bin/le b/bin/le
deleted file mode 100755 (executable)
index 0ec46b2..0000000
--- a/bin/le
+++ /dev/null
@@ -1,11 +0,0 @@
-#! /bin/sh
-set -e
-prog=$(readlink -e "$0")
-. "${prog%/*}/../config.sh"
-. "$home/lib/lib.sh"
-
-run_as_user "$@"
-prepare_tmp le-user
-make_le_conf
-
-exec $home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" "$@"

diff --git a/bin/make-cert b/bin/make-cert
index 19808c6ca2bfc221bdd5e73af1f78186a46a5692..fd0cdf5f1045ce1422d742fcc485aa595a8d2b8c 100755 (executable)
--- a/bin/make-cert
+++ b/bin/make-cert
@@ -14,26 +14,8 @@ case $# in 0) ;; *) fail_usage ;; esac
 
 prepare_tmp $tag
 
-## Get started.
+## Let's go.
 cert=$home/cert/$tag
 cd $cert
-openssl req -in req -out $tmp/req.der -outform der
-sans=$(openssl req -in req -text -noout |
-       sed -n '
-         x
-         /^ *X509v3 Subject Alternative Name: $/ {
-           x
-           s/ *DNS://g
-           s/,/ /g
-           p
-           x
-         }')
-make_le_conf $sans
-
-cd $tmp
-$home/letsencrypt/letsencrypt-auto -c "$tmp/le.conf" --text \
-       -a webroot --csr $tmp/req.der certonly
-
-cd $cert
-cat $tmp/0001_chain.pem $home/le-root.cert >full-chain.new
+dehydrated -f $HOME/dehydrated-config.sh -fc -s req >full-chain.new
 mv full-chain.new full-chain

diff --git a/bin/setup b/bin/setup
index dc243a0bec41708506123716722ec1905543201e..4b4ad14cb9d55f2644a70aa88fab10c7311d8da5 100755 (executable)
--- a/bin/setup
+++ b/bin/setup
@@ -13,12 +13,8 @@ while read d m u g; do
   chown $u:$g $d
 done <<EOF
 .                                       755    root    root
-.cache                                 2775    root    $user
-.config                                        2775    root    $user
-.local                                 2775    root    $user
 cert                                   2755    root    $user
 etc                                    2770    root    $user
-log                                    2775    root    $user
 tmp                                    2770    root    $user
 webroot                                         755    root    root
 webroot/.well-known                     755    root    root

diff --git a/bin/sudo b/bin/sudo
deleted file mode 100755 (executable)
index ee70818..0000000
--- a/bin/sudo
+++ /dev/null
@@ -1,2 +0,0 @@
-#! /bin/sh
-exec "$@"

diff --git a/dehydrated-config.sh b/dehydrated-config.sh
new file mode 100644 (file)
index 0000000..3dbf84b
--- /dev/null
+++ b/dehydrated-config.sh
@@ -0,0 +1,10 @@
+### -*-sh-*-
+
+BASEDIR=$HOME
+CHALLENGETYPE=http-01
+WELLKNOWN=$BASEDIR/webroot/.well-known/acme-challenge
+PRIVATE_KEY_RENEW=no
+ACCOUNTDIR=$BASEDIR/etc/account
+LOCKFILE=$BASEDIR/etc/lock
+
+##CA="https://acme-staging.api.letsencrypt.org/directory"

diff --git a/le-root.cert b/le-root.cert
deleted file mode 100644 (file)
index b2e43c9..0000000
--- a/le-root.cert
+++ /dev/null
@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
-MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
-DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
-PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
-Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
-rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
-OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
-xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
-7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
-aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
-SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
-ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
-AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
-R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
-JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
-Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
------END CERTIFICATE-----

diff --git a/le.conf.skel b/le.conf.skel
deleted file mode 100644 (file)
index 9bf3272..0000000
--- a/le.conf.skel
+++ /dev/null
@@ -1,3 +0,0 @@
-### -*-conf-*-
-
-email = mdw@distorted.org.uk

diff --git a/letsencrypt b/letsencrypt
deleted file mode 160000 (submodule)
index ce14851..0000000
--- a/letsencrypt
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit ce14851232c39aa1151ecd9c7b77ef910059d46c

diff --git a/lib/lib.sh b/lib/lib.sh
index dd85bbf7ce69fe20ed61b59388cd1946ebf6ecf9..de5ac4477bff8108e78d5cb7f5a3183ba0284f13 100644 (file)
--- a/lib/lib.sh
+++ b/lib/lib.sh
@@ -25,23 +25,3 @@ prepare_tmp () {
   mkdir $tmp
   trap 'cd $home; rm -rf $tmp' EXIT INT TERM
 }
-
-make_le_conf () {
-  { cat $home/le.conf.skel
-    echo "config-dir = $home/etc"
-    echo "logs-dir = $home/log"
-    echo "work-dir = $tmp"
-    echo
-    case $# in
-      0) ;;
-      *)
-       map="webroot-map = {" sep=" "
-       for san in "$@"; do
-         map="$map$sep\"$san\": \"$home/webroot\"" sep=", "
-       done
-       map="$map }"
-       echo "$map"
-       ;;
-    esac
-  } >$tmp/le.conf
-}
\ No newline at end of file