forked from cpwc/le-serverpilot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
issue-cert.sh
143 lines (119 loc) · 5.79 KB
/
issue-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
#!/bin/bash
echo -e ""
echo -e " ###############################################################"
echo -e " ## THIS WILL ISSUE A FREE 90 DAY SSL CERTIFICATE ##"
echo -e " ## FROM LETS ENCRYPT ##"
echo -e " ###############################################################"
echo ""
# In Testing mode use only testing accounts
if [[ "${TESTING}" == 1 ]]; then DF_TMP_ACCD=${DF_ACCOUNT_DIR_T}; else DF_TMP_ACCD=${DF_ACCOUNT_DIR}; fi
# Check if there is a default email account configured
if [ ! -f "${DF_TMP_ACCD}/${DF_ACCOUNT_D}" ]; then
echo -e " ${RED}WARNING:${NC} No default email account configured"
echo " - please use the account menu to set one up"
exit 1;
fi
# Load the Account
. "${DF_TMP_ACCD}/${DF_ACCOUNT_D}"
# Run
echo -e "${GREEN}Do you want to ISSUE a SSL certificate (y/n)?${NC}"
echo " > existing certificates are renewed if older than 14 days"
read DFRUN
echo ""
if [ "${DFRUN}" == "y" ]; then
echo -e "Which domain(s) do you wish to issue a certificate for?"
echo " > eg; mydomain.com"
echo " > For more than one SSL cert per IP,"
echo " please use spaces in between for any SNI domains"
echo " > eg; mydomain.com myseconddomain.com someothergreatdomain.com"
echo ""
echo " NOTE: www.mydomain and mydomain are not the same and need to be"
echo " added seperatly using SNI"
echo ""
read DFRUNCERT
echo ""
if [ "${DFRUNCERT}" == "" ]; then echo -e "${RED}ERROR:${NC} Please enter a domain"; exit 1; fi
# Check if we already have an existing domain
dftmpstring="$( cut -d ' ' -f 1 <<< "${DFRUNCERT}" )";
if [ -d "${BASEDIR}/certs/${dftmpstring}" ]; then
echo -e "${RED}WARNING:${NC} Primary domain already exists!"
echo ""
echo -n "Do you wish to continue? (y/n) "
read DF_TMP_INPUT2
echo ""
if [ ! "${DF_TMP_INPUT2}" == "y" ]; then echo " - Nothing issued!"; exit 1; fi
fi
# create tmp file for the domains
echo -e "${DFRUNCERT}" > "${BASEDIR}/tmp-domains.txt";
# Check if Challenge directory exists
if [ ! -d "$AUTODF" ]; then
echo -e " + Creating global auto challenge directory";
mkdir -p "$AUTODF";
else
echo -e " - global auto challange directory exists";
# Create a test file (so we can check if the file is readable from the public internet using http)
fi
# Add well-known alias to all vhosts on the server
SEVHOST="${DF_CL_NGINX}/"
# Do we need to restart the NGINX Service?
DFSERVICER=0;
# Search through the vhosts.d directory for all folders
for Dir in $(find ${SEVHOST}* -maxdepth 0 -type d );
do
# Check if the DIR is found (prevents config errors)
FolderName=$(basename $Dir);
if [[ ! -d "${DF_CL_NGINX}/${FolderName}" ]]; then
echo -e "${RED}ERROR:${NC} Vhost directory NOT found for (${FolderName})";
echo " - (${DF_CL_NGINX}/${FolderName})";
exit 1;
fi
# Check if we have an existing file? Check if it is correct
# if wrong delete it so we can re-create again
if [[ -f "${DF_CL_NGINX}/${FolderName}/acme.conf" ]]; then
DF_TMP_RE=1;
if grep -q "${AUTODF}" "${DF_CL_NGINX}/${FolderName}/acme.conf"; then DF_TMP_RE=0; fi
if [[ ${DF_TMP_RE} == 1 ]]; then
echo " - Found incorrect ACME Challenge Alias for (${FolderName})";
sudo rm -f -- "${DF_CL_NGINX}/${FolderName}/acme.conf"
fi
fi
# Check if the ACME Conf already exists
if [[ ! -f "${DF_CL_NGINX}/${FolderName}/acme.conf" ]]; then
echo " + Adding ACME Challenge Alias to (${FolderName})";
DFSERVICER=1;
# LETS ADD THE CUSTOM WEBROOT ALIAS
echo -e "
# ADDS THE CHALLENGE DIR TO THE VHOST SERVER BLOCK
# DO NOT EDIT (generated by sh files)
location /.well-known/acme-challenge/ {
alias ${AUTODF}/;
}" | sudo tee "${DF_CL_NGINX}/${FolderName}/acme.conf" > /dev/null
fi
done
# reset the cd back to script dir
cd ${BASEDIR};
if [ $DFSERVICER == 1 ]; then
# Restart Nginx
echo " + Challenge files updated, restarting NGINX..."
sudo service nginx-sp restart
else
echo " + No changes needed in Vhosts"
fi
# Create the tmp config (for acme.sh) - doing it the lazy way -> tmp.df
echo -e "WELLKNOWN='${AUTODF}'" > ${CFDFT}
echo -e "CONTACT_EMAIL='${CONTACT_EMAIL}'" >> ${CFDFT}
echo -e "DOMAINS_TXT='${BASEDIR}/tmp-domains.txt'" >> ${CFDFT}
echo -e "PRIVATE_KEY='${PRIVATE_KEY}'" >> ${CFDFT}
if [[ "${TESTING}" == 1 ]]; then
echo -e 'CA="https://acme-staging.api.letsencrypt.org/directory"' >> ${CFDFT}
else
echo -e 'CA="https://acme-v01.api.letsencrypt.org/directory"' >> ${CFDFT}
fi
bash "${BASEDIR}/acme.sh" -c --config ${CFDFT}
# Remove tmp config file
rm -- ${CFDFT}
rm -- "${BASEDIR}/tmp-domains.txt"
else
echo "Nothing issued/renewed!"
exit;
fi