Add option to dump CSR and bail

README.md

@@ -26,6 +26,7 @@ GLOBAL OPTIONS:
    --commonname value, -c value  common name [$COMMON]
    --hosts value, -l value       comma delimited list of hosts to add to cert [$HOSTS]
    --ips value, -i value         comma delimited list of IPAddresses to add to cert [$IPADDRS]
+   --csronly, -O                 write csr/key only (default: false)
    --k8s-secret, -k              output as a kubernetes secret (default: false)
    --help, -h                    show help (default: false)
 

adssl.go

@@ -36,6 +36,7 @@ type Request struct {
 	Country, Province, Locality string
 	DNSNames                    string
 	IPAddresses                 string
+	CsrOnly                     bool
 }
 
 // Certificate contains a x509 certificate
@@ -258,6 +259,11 @@ func New(s Server, r Request) (Certificate, error) {
 	if err := c.generateCertificateRequest(r); err != nil {
 		log.Fatal(err)
 	}
+	if r.CsrOnly {
+		WriteFile("tls.csr", c.CertificateRequest)
+		WriteFile("tls.key", c.PrivateKeyString)
+		return c, nil
+	}
 	if err := c.requestNewCert(s); err != nil {
 		log.Fatal(err)
 	}

cmd/adssl.go

@@ -88,6 +88,13 @@ func main() {
 				Required:    true,
 				Destination: &r.IPAddresses,
 			},
+			&cli.BoolFlag{
+				Name:        "csronly",
+				Aliases:     []string{"O"},
+				Usage:       "write csr/key only",
+				Value:       false,
+				Destination: &r.CsrOnly,
+			},
 			&cli.BoolFlag{
 				Name:    "k8s-secret",
 				Aliases: []string{"k"},
@@ -103,9 +110,11 @@ func main() {
 			if ctx.Bool("k8s-secret") {
 				adssl.PrintKubeSecret(os.Stdout, res)
 			} else {
-				adssl.WriteFile("ca.crt", res.CaCert)
-				adssl.WriteFile("tls.key", res.PrivateKeyString)
-				adssl.WriteFile("tls.crt", res.Result)
+				if !r.CsrOnly {
+					adssl.WriteFile("ca.crt", res.CaCert)
+					adssl.WriteFile("tls.key", res.PrivateKeyString)
+					adssl.WriteFile("tls.crt", res.Result)
+				}
 			}
 
 			return err