forked from cpwc/le-serverpilot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
renew-cert.sh
141 lines (116 loc) · 4.85 KB
/
renew-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
#!/bin/bash
echo -e ""
echo -e " ###############################################################"
echo -e " ## THIS WILL RENEW A FREE 90 DAY SSL CERTIFICATE ##"
echo -e " ## FROM LETS ENCRYPT ##"
echo -e " ###############################################################"
echo ""
# In Testing mode use only testing accounts
if [[ "${TESTING}" == 1 ]]; then DF_TMP_ACCD=${DF_ACCOUNT_DIR_T}; else DF_TMP_ACCD=${DF_ACCOUNT_DIR}; fi
# Check if there is a default email account configured
if [ ! -f "${DF_TMP_ACCD}/${DF_ACCOUNT_D}" ]; then
echo -e " ${RED}WARNING:${NC} No email default email account configured"
echo " - please use the account menu to set one up"
exit 1;
fi
# Load the Account
. "${DF_TMP_ACCD}/${DF_ACCOUNT_D}"
# Run
echo -e "${GREEN}Do you want to manually renew a SSL certificate (y/n)?${NC}"
echo " > existing certificates are renewed if older than 14 days"
read DFRUN
if [ "${DFRUN}" == "y" ]; then
# Find all the PRIMARY DOMAINS
SEVHOST="${BASEDIR}/certs";
DFC=0; DF_TMP_TXT=""; DFCO=
for Domain in $(find ${SEVHOST}/* -maxdepth 0 -type d );
do
FolderName=$(basename $Domain);
if [ -d "${SEVHOST}/${FolderName}" ]; then
DF_TMP_TXT="${DF_TMP_TXT} > ${FolderName}\n";
DFC=$((DFC + 1))
DFCO=${FolderName}
fi
done
if [[ ${DFC} == 0 ]]; then
echo " - No Domains found"
exit 1;
fi
echo ""
if [[ ${DFC} == 1 ]]; then
# Only one certificate which can be renewed
echo " + Domain (${DFCO}) added"
DFRUNCERT=${DFCO};
else
# More then 1 make the user choose
echo -e "Which domain do you wish to renew?"
echo -e "${DF_TMP_TXT}"
echo ""
read DFRUNCERT
echo ""
fi
# Get current list of domains
if [ ! -f "${BASEDIR}/certs/${DFRUNCERT}/${DF_ACCOUNT_DOMAIN}" ]; then
echo -e "${RED}ERROR:${NC} Cannot find domain list";
exit 1;
else
echo " + Domain list added"
fi
# Check if Challange directory exists
if [ ! -d "$AUTODF" ]; then
echo -e " + Creating global auto challenge directory";
mkdir -p "$AUTODF";
else
echo -e " - global auto challange directory exists"
# Create a test file (so we can check if the file is readable from the public internet using http)
if [ ! -e "${AUTODF}/df" ]; then
"df" > ${AUTODF}/df
fi
fi
# Add well-known alias to all vhosts on the server
SEVHOST=${DF_CL_NGINX};
# Do we need to restart the NGINX Service?
DFSERVICER=0;
for Dir in $(find ${SEVHOST}* -maxdepth 0 -type d );
do
FolderName=$(basename $Dir);
cd /etc/nginx-sp/vhosts.d/
if [ ! -f "${FolderName}/acme.conf" ]; then
echo " + Adding ACME Challange Alias to (${FolderName})";
DFSERVICER=1;
sudo touch $FolderName.custom.conf
# LETS ADD THE CUSTOM WEBROOT ALIAS
echo -e "
# ADDS THE CHALLENGE DIR TO THE VHOST SERVER BLOCK
# DO NOT EDIT (generated by sh files)
location /.well-known/acme-challenge/ {
alias ${AUTODF}/;
}" | sudo tee "${FolderName}/acme.conf" > /dev/null
fi
done
# reset the cd back to script dir
cd ${BASEDIR};
if [ $DFSERVICER == 1 ]; then
# Restart Nginx
echo " + Challange files updated, restarting NGINX..."
sudo service nginx-sp restart
else
echo " - No changes needed in Vhosts"
fi
# Create the tmp config (for acme.sh) - doing it the lazy way
echo -e "WELLKNOWN='${AUTODF}'" > ${CFDFT}
echo -e "CONTACT_EMAIL='${CONTACT_EMAIL}'" >> ${CFDFT}
echo -e "DOMAINS_TXT='${BASEDIR}/certs/${DFRUNCERT}/${DF_ACCOUNT_DOMAIN}'" >> ${CFDFT}
echo -e "PRIVATE_KEY='${PRIVATE_KEY}'" >> ${CFDFT}
if [[ "${TESTING}" == 1 ]]; then
echo -e 'CA="https://acme-staging.api.letsencrypt.org/directory"' >> ${CFDFT}
else
echo -e 'CA="https://acme-v01.api.letsencrypt.org/directory"' >> ${CFDFT}
fi
bash "${BASEDIR}/acme.sh" -c --config ${CFDFT}
# Remove tmp config file
rm -- ${CFDFT}
else
echo "Nothing issued/renewed!"
exit;
fi