Comments (11)
Any specific location in mind ? how about in the ${BASEDIR}/certs/${domain}/ folder then each cert domain could overwrite the defaults set in the main config ( if it needed anything different ) and just use the defaults if not.
have a quick look at https://github.com/srvrco/getssl - I wrote it primarily because I wanted different defaults on different domains, and also wanted to be able to copy the challenges and final certs to remote servers ( ssh / scp) ..... If you are happy for that additional functionality - I can look at adding multiple configs and effectively combining ( separate configs per domain / remote servers ) in to your script ? (and effectively removing mine )
from dehydrated.
Yea, I was thinking to allow for config.sh
next to the certificates in the target directory.
For implementation I guess the best thing would be to move certificate-specific code to a new function and use local
variables, but this has to be implemented clean, variables should never be carried over to the next call of the function, because that would mess with other certificates.
from dehydrated.
agreed. I'm away this weekend - I'll take a closer look at your code early next week.
from dehydrated.
I would prefer to have a set of certificates with the same settings without creating a config for every certificate that is different from the main config but identical with at least some other configs.
Two ideas to make this possible:
- Make the
domains.txt
customisable viaconfig.sh
. This allows to runletsencrypt.sh
first with default settings anddomains.txt
. And then run it again with-f config2.sh
which points todomains2.txt
. - Extent the syntax of
domains.txt
. Add a line starting with a character not allowed in domains (e.g. a colon:
). And point to a customconfig.sh
which merges with the current config and is valid for all following domains.
In every scenario using multiple configuration files we should add a debug option which just outputs all configuration values per certificate(set) and does nothing else.
from dehydrated.
I was thinking more of a priority system, so in effect there are defaults within the code ( if no config files are specified ). The main config file could then be used to modify this default. Anything at the certificate level would use these unless there was a value in a certificate specific config file which would overwrite the earlier values.
from dehydrated.
Yes, idea was to have those specific configs as optional config files overriding some parameters for a single certificate, not having them as a requirement.
from dehydrated.
I like the idea to overwrite parameters for a single certificate.
Additionally it would be great to have the possibility to overwrite specific parameters for a group/set of certificates at once.
The reason for this are two domains registered by different resellers with different DNS-APIs.
- http-01 as default verification method for
- example.com www.example.com
- example.net www.example.net
- webmail.example.com
- dns-01 with hook1.sh for DNS-API1:
- smtp.example.com
- imap.example.com
- dns-01 with hook2.sh for DNS-API2:
- ipv6-only.example.net
With this setup it would be great to have two independent hooks. One for challenge handling and another one for certificate deployment and service restart. So we can specify challenge handling at group level and certificate deployment for every certificate.
from dehydrated.
Well, you could always use symlinks to have a shared config for multiple certs.
But maybe this could also be implemented with the help of a hook script so that people could script this...
from dehydrated.
+1
I would love to set different locations and hooks for certain domains
from dehydrated.
I like this idea a lot.
For certain domains it might even be good to have a RSA and an ECDSA key available:
http://www.postfix.org/TLS_README.html
Would be great to have this choice too.
from dehydrated.
This is now implemented in ec48906. See https://github.com/lukas2511/letsencrypt.sh/blob/master/docs/per-certificate-config.md for more information
from dehydrated.
Related Issues (20)
- empty
- Argument to get certalias in hook script HOT 1
- Local file write when using http-01 and hook script HOT 1
- Managing multiple certificates and servers
- `hexdump` is a linux only tool HOT 3
- Incorrect validation certificate for tls-alpn-01 challenge HOT 4
- Failing with error "/usr/bin/env: ‘bash\\r’: No such file or directory" HOT 1
- OVH hooks in bash
- Preserve cert alias case
- The problem of getting a certificate from staging mode HOT 1
- Will dehydrated be broken after Sep 30th, 2024? HOT 1
- need help configuring things that the docs don't mention HOT 1
- Phase in key rollover
- Respect domain-specific hooks when using dns-01 challenge type HOT 1
- init config file
- Dehydrated gets confused by openssl req -verify output. HOT 3
- Do I need to define all hook functions? HOT 2
- E-Mail from buypass informing about changes, dehydrated stopped working immediately HOT 1
- New Hook for Rcode0 - DNS Automation
- Self-Signed revoke documented but not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from dehydrated.