Jenkins/resources/com/cadoles/common/add-letsencrypt-ca.sh

42 lines
1004 B
Bash
Raw Permalink Normal View History

#!/bin/sh
set -eo pipefail
declare -a DESTDIR_PATHS=(
"/usr/local/share/ca-certificates"
"/etc/ca-certificates/trust-source/anchors"
"/etc/pki/ca-trust/source/anchors"
)
for path in "${DESTDIR_PATHS[@]}"; do
if [ -d "$path" ]; then
DESTDIR=$path
break
fi
done
UPDATE_CERTS_CMD=update-ca-certificates
if [ -z "$(which $UPDATE_CERTS_CMD)" ]; then
UPDATE_CERTS_CMD="update-ca-trust extract"
fi
CERTS="$(cat <<EOF
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/lets-encrypt-e1.pem
https://letsencrypt.org/certs/lets-encrypt-r4.pem
https://letsencrypt.org/certs/lets-encrypt-e2.pem
EOF
)"
cd "$DESTDIR"
for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert"
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD