Certif avec CN via mkcert

files/vm-provision.sh

@@ -148,11 +148,33 @@ EOF
        export CAROOT=/etc/letsencrypt/local/
        /root/mkcert/mkcert -install      # CA dans /etc/letsencrypt/local/
        cd "${CAROOT}"
-       /root/mkcert/mkcert "*.kaz.sns" # cert et clé dans /etc/letsencrypt/local/
+	  cat > "${CAROOT}/kaz.sns.cnf" <<EOF
+[ req ]
+prompt = no
+distinguished_name = dn
+req_extensions = req_ext
+
+[ dn ]
+CN = *.kaz.sns
+emailAddress = admin@kaz.sns
+O = KAZ
+OU = Dev
+L = Vannes
+ST = France
+C = FR
+
+[ req_ext ]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.0 = *.kaz.sns
+EOF
+		openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout kaz.sns.key -out kaz.sns.csr -config kaz.sns.cnf
+        /root/mkcert/mkcert -csr "${CAROOT}/kaz.sns.csr" # cert et clé dans /etc/letsencrypt/local/
 
      	mkdir -p /etc/letsencrypt/live/kaz.sns/
        ln -s ../../local/_wildcard.kaz.sns.pem /etc/letsencrypt/live/kaz.sns/fullchain.pem
-       ln -s ../../local/_wildcard.kaz.sns-key.pem /etc/letsencrypt/live/kaz.sns/privkey.pem
+       ln -s ../../local/kaz.sns.key /etc/letsencrypt/live/kaz.sns/privkey.pem
     fi
 
     # Cache docker registry