Create common script to download LetsEncrypt CA in pipeline environments

2021-02-22 14:46:22 +01:00
parent 8f0d37213b
commit 94abda3f1a
3 changed files with 31 additions and 12 deletions
--- a/resources/com/cadoles/common/add-letsencrypt-ca.sh
+++ b/resources/com/cadoles/common/add-letsencrypt-ca.sh
@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -eo pipefail
+
+DESTDIR=/usr/local/share/ca-certificates
+UPDATE_CERTS_CMD=update-ca-certificates
+CERTS="$(cat <<EOF
+https://letsencrypt.org/certs/isrgrootx1.pem
+https://letsencrypt.org/certs/isrg-root-x2.pem
+https://letsencrypt.org/certs/lets-encrypt-r3.pem
+https://letsencrypt.org/certs/lets-encrypt-e1.pem
+https://letsencrypt.org/certs/lets-encrypt-r4.pem
+https://letsencrypt.org/certs/lets-encrypt-e2.pem
+EOF
+)"
+
+cd "$DESTDIR"
+
+for cert in $CERTS; do
+    echo "Downloading '$cert'..."
+    filename=$(basename "$cert")
+    wget -O "$filename" "$cert"
+    openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
+done
+
+$UPDATE_CERTS_CMD