Patched Scripts for New LE CAs

Added new LE CA's to setup-le.sh and also added logic to copy full CA path to cert in renew-le.sh

renew-le.sh

@@ -40,7 +40,8 @@ letsencrypt certonly --standalone --csr "$WORKDIR/httpd-csr.der" --email "$EMAIL
 
 # replace the cert
 cp /var/lib/ipa/certs/httpd.crt /var/lib/ipa/certs/httpd.crt.bkp
-mv -f "$WORKDIR/0000_cert.pem" /var/lib/ipa/certs/httpd.crt
+cat "$WORKDIR/0000_cert.pem" "$WORKDIR/0001_chain.pem" > "$WORKDIR/full_chain.pem"
+mv -f "$WORKDIR/full_chain.pem" /var/lib/ipa/certs/httpd.crt
 restorecon -v /var/lib/ipa/certs/httpd.crt
 
 # start httpd with the new cert

setup-le.sh

@@ -4,6 +4,7 @@ set -o nounset -o errexit
 FQDN=$(hostname -f)
 WORKDIR=$(dirname "$(realpath $0)")
 CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem" "lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
+CERTS2=("e5.pem" "e6.pem" "r10.pem" "r11.pem")
 
 sed -i "s/server.example.test/$FQDN/g" $WORKDIR/ipa-httpd.cnf
 
@@ -26,6 +27,18 @@ do
   ipa-cacert-manage install "/etc/ssl/$FQDN/$CERT"
 done
 
+for CERT2 in "${CERTS2[@]}"
+do
+  if command -v wget &> /dev/null
+  then
+    wget -O "/etc/ssl/$FQDN/$CERT2" "https://letsencrypt.org/certs/2024/$CERT2"
+  elif command -v curl &> /dev/null
+  then
+    curl -o "/etc/ssl/$FQDN/$CERT2" "https://letsencrypt.org/certs/2024/$CERT2"
+  fi
+  ipa-cacert-manage install "/etc/ssl/$FQDN/$CERT2"
+done
+
 ipa-certupdate
 
-"$WORKDIR/renew-le.sh" --first-time
+"$WORKDIR/renew-le.sh" --first-time