|
|
@@ -1243,7 +1243,14 @@ _createcsr() {
|
|
|
_debug2 csr "$csr"
|
|
|
_debug2 csrconf "$csrconf"
|
|
|
|
|
|
- printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]\nextendedKeyUsage=serverAuth,clientAuth\n" >"$csrconf"
|
|
|
+ printf "[ req_distinguished_name ]\n[ req ]\ndistinguished_name = req_distinguished_name\nreq_extensions = v3_req\n[ v3_req ]" >"$csrconf"
|
|
|
+
|
|
|
+ if [ "$Le_ExtKeyUse" ]; then
|
|
|
+ _savedomainconf Le_ExtKeyUse "$Le_ExtKeyUse"
|
|
|
+ printf "\nextendedKeyUsage=$Le_ExtKeyUse\n" >>"$csrconf"
|
|
|
+ else
|
|
|
+ printf "\nextendedKeyUsage=serverAuth,clientAuth\n" >>"$csrconf"
|
|
|
+ fi
|
|
|
|
|
|
if [ "$acmeValidationv1" ]; then
|
|
|
domainlist="$(_idn "$domainlist")"
|
|
|
@@ -7007,6 +7014,7 @@ Parameters:
|
|
|
--post-hook <command> Command to be run after attempting to obtain/renew certificates. Runs regardless of whether obtain/renew succeeded or failed.
|
|
|
--renew-hook <command> Command to be run after each successfully renewed certificate.
|
|
|
--deploy-hook <hookname> The hook file to deploy cert
|
|
|
+ --extended-key-usage <string> Manually define the CSR extended key usage value. The default is serverAuth,clientAuth.
|
|
|
--ocsp, --ocsp-must-staple Generate OCSP-Must-Staple extension.
|
|
|
--always-force-new-domain-key Generate new domain key on renewal. Otherwise, the domain key is not changed by default.
|
|
|
--auto-upgrade [0|1] Valid for '--upgrade' command, indicating whether to upgrade automatically in future. Defaults to 1 if argument is omitted.
|
|
|
@@ -7698,6 +7706,10 @@ _process() {
|
|
|
_deploy_hook="$_deploy_hook$2,"
|
|
|
shift
|
|
|
;;
|
|
|
+ --extended-key-usage)
|
|
|
+ Le_ExtKeyUse="$2"
|
|
|
+ shift
|
|
|
+ ;;
|
|
|
--ocsp-must-staple | --ocsp)
|
|
|
Le_OCSP_Staple="1"
|
|
|
;;
|
Matt Mower