letsencrypt::Client method certificateRequest (protected)
<instance of letsencrypt::Client> certificateRequest orderURL \ finalizeURL
Defined in /usr/local/ns/tcl/letsencrypt/letsencrypt-procs.tcl
- Parameters:
- orderURL (required)
- finalizeURL (required)
- Testcases:
- No testcase defined.
Source code: :log "<br>Generating key pair of type ${:key_type} for SSL certificate... " set csrFile ${:sslpath}/${:domain}.csr if {${:key_type} eq "ecdsa"} { set keyFile ${:sslpath}/${:domain}.ecdsa.key } else { set keyFile ${:sslpath}/${:domain}.key } lassign [exec openssl version -d] _ openssldir set opensslConf [file normalize [file join $openssldir openssl.cnf]] # # 1. prepare key/csr once # :requireKeyFile $keyFile set :certPrivKey [:readFile $keyFile] set fh [file tempfile csrConfFile] close $fh try { set conf [:readFile $opensslConf] if {[llength ${:sans}] > 0} { set altNames [lmap alt ${:sans} {set _ DNS:$alt}] append conf "\n\[SAN\]\nsubjectAltName=[join $altNames ,]\n" set extensions [list -reqexts SAN -extensions SAN] } else { set extensions {} } :writeFile $csrConfFile $conf file attributes $csrConfFile -permissions 0600 exec openssl req -new -sha256 -outform DER -passout pass:"" {*}$extensions -subj "/CN=${:domain}" -key $keyFile -config $csrConfFile -out $csrFile 2>@1 set csr [:readFile -binary $csrFile] } finally { catch {file delete -force -- $csrConfFile} } set csr64 [ns_base64urlencode -binary $csr] set payload [subst {{"csr": "$csr64"}}] # # 2. retry finalize poll # set httpStatus 504 set finalized 0 for {set count 0} {$count < 30} {incr count} { set orderDict [:refreshOrder $orderURL] set orderStatus [dict get $orderDict status] :log "order status $orderStatus<br>" if {$orderStatus eq "ready"} { if {!$finalized} { set httpStatus [:send_signed_request $finalizeURL $payload] :log "request to finalize URL $finalizeURL returned HTTP status $httpStatus<br>" :log "[:printHeaders ${:replyHeaders}]<br>${:replyText}<br>" if {$httpStatus ne "200"} { return $httpStatus } set finalized 1 } ns_sleep 5s continue } elseif {$orderStatus in {pending processing}} { ns_sleep 5s continue } elseif {$orderStatus eq "valid"} { set certificateURL [dict get $orderDict certificate] set httpStatus [:send_signed_request -nolog $certificateURL ""] :log "request to certificate URL $certificateURL returned HTTP status $httpStatus<br>" :log "[:printHeaders ${:replyHeaders}]<br>${:replyText}<br>" return $httpStatus } elseif {$orderStatus eq "invalid"} { :log "order became invalid<br>" return 400 } else { :log "unexpected order status $orderStatus<br>" return 500 } } return $httpStatusXQL Not present: Generic, PostgreSQL, Oracle
![[i]](/resources/acs-subsite/ZoomIn16.gif)