|
|
@ -148,11 +148,33 @@ EOF |
|
|
|
export CAROOT=/etc/letsencrypt/local/ |
|
|
|
/root/mkcert/mkcert -install # CA dans /etc/letsencrypt/local/ |
|
|
|
cd "${CAROOT}" |
|
|
|
/root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/ |
|
|
|
cat > "${CAROOT}/kaz.sns.cnf" <<EOF |
|
|
|
[ req ] |
|
|
|
prompt = no |
|
|
|
distinguished_name = dn |
|
|
|
req_extensions = req_ext |
|
|
|
|
|
|
|
[ dn ] |
|
|
|
CN = *.kaz.sns |
|
|
|
emailAddress = admin@kaz.sns |
|
|
|
O = KAZ |
|
|
|
OU = Dev |
|
|
|
L = Vannes |
|
|
|
ST = France |
|
|
|
C = FR |
|
|
|
|
|
|
|
[ req_ext ] |
|
|
|
subjectAltName = @alt_names |
|
|
|
|
|
|
|
[alt_names] |
|
|
|
DNS.0 = *.kaz.sns |
|
|
|
EOF |
|
|
|
openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout kaz.sns.key -out kaz.sns.csr -config kaz.sns.cnf |
|
|
|
/root/mkcert/mkcert -csr "${CAROOT}/kaz.sns.csr" # cert et clé dans /etc/letsencrypt/local/ |
|
|
|
|
|
|
|
mkdir -p /etc/letsencrypt/live/kaz.sns/ |
|
|
|
mkdir -p /etc/letsencrypt/live/kaz.sns/ |
|
|
|
ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem |
|
|
|
ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem |
|
|
|
ln -s ../../local/kaz.sns.key /etc/letsencrypt/live/kaz.sns/privkey.pem |
|
|
|
fi |
|
|
|
|
|
|
|
# Cache docker registry |
|
|
|