We have a virtual Dev-Environment in which we develop a multitude of websites. We have some scripts that we use to create the environment, one of which handles the creation of the Certificates and pushing them to certain directories. Said script works for my colleague, who uses Tumbleweed, but not for me (Kubuntu 22.04, Kernel 5.15)
The script is the following:
#!/bin/bash
mkdir -p cert/live/exist.ulb.tu-darmstadt.de
mkdir -p cert/live/purl.ulb.tu-darmstadt.de
mkdir -p cert/live/tueditions.ulb.tu-darmstadt.de
cd cert
openssl req \
-x509 \
-nodes \
-new \
-sha256 \
-days 1024 \
-newkey rsa:2048 \
-keyout ${CertAUTH}.key \
-out ${CertAUTH}.pem \
-subj "/C=DE/CN=Example-Root-CA"
openssl x509 \
-outform pem \
-in ${CertAUTH}.pem \
-out ${CertAUTH}.crt
openssl req \
-outform pem \
-new \
-nodes \
-newkey rsa:2048 \
-keyout privkey.pem \
-out localhost.csr \
-subj "/C=DE/ST=HE/L=Darmstadt/O=ULB/CN=*.localhost"
openssl x509 \
-outform pem \
-req \
-sha256 \
-days 1024 \
-in localhost.csr \
-CA ${CertAUTH}.pem \
-CAkey ${CertAUTH}.key \
-CAcreateserial \
-extfile domains.ext \
-out fullchain.pem
cp fullchain.pem live/exist.ulb.tu-darmstadt.de
cp fullchain.pem live/purl.ulb.tu-darmstadt.de
cp fullchain.pem live/tueditions.ulb.tu-darmstadt.de
cp privkey.pem live/exist.ulb.tu-darmstadt.de
cp privkey.pem live/purl.ulb.tu-darmstadt.de
cp privkey.pem live/tueditions.ulb.tu-darmstadt.de
cd ..
The script is supposed to create directories and create fullchain.pem files, yyou can probably get what it should do.My output is the following:
Can't open "domains.ext" for reading, No such file or directory
4047A01AD37F0000:error:80000002:system library:BIO_new_file:No such file or directory:../crypto/bio/bss_file.c:67:calling fopen(domains.ext, r)
4047A01AD37F0000:error:10000080:BIO routines:BIO_new_file:no such file:../crypto/bio/bss_file.c:75:
cp: Aufruf von stat für 'fullchain.pem' nicht möglich: Datei oder Verzeichnis nicht gefunden
cp: Aufruf von stat für 'fullchain.pem' nicht möglich: Datei oder Verzeichnis nicht gefunden
cp: Aufruf von stat für 'fullchain.pem' nicht möglich: Datei oder Verzeichnis nicht gefunden
nota bene: we have pre-created the domains.ext as current user and entered the necessary information.We're clueless what's happening here, maybe somebody here has a solution for me/us?
all the best
The cp errors are because the script didn't exit after failing the create the previous dependency. Add set -e -o pipefail the top to prevent the script from proceeding after an error.
Next, the domains.ext isn't in the correct location. At the top, your allowing mkdir to fail silently with the -p argument:
-p, --parents
no error if existing, make parent directories as needed
Meaning that it likely created the cert dir too, which is where your script was expecting to find the domains.ext. You can confirm this by testing for your prerequsits first, exiting with a sane failure if it's missing. This is what I would add to the top of the file:
#!/usr/bin/env bash
set -e -o pipefail
[[ -f cert/domains.ext ]] || { echo 'ERROR: ./cert/domains.ext is missing' ; exit 1 ; }