brielle/lets-encrypt-scripts
1
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity

Updates to gen-cert.sh to make it more foolproof.

Browse Source
This commit is contained in:
Brie Bruns 2016-04-04 20:48:29 -06:00
parent 4e02c62bd7
commit 7c6cfd1fab
2 changed files with 29 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -1,3 +1,7 @@
04/04/2016
- Minor updates to URLs in files
- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
03/24/2016 03/24/2016
- Updated gen-unifi-cert.sh to do more sanity checks and embed the - Updated gen-unifi-cert.sh to do more sanity checks and embed the
needed IdenTrust cert so we don't need to include it separately. needed IdenTrust cert so we don't need to include it separately.

29
gen-cert.sh
View File

@ -1,9 +1,10 @@
#!/bin/bash #!/bin/bash
# Easy letsencrypt certs using a bash script. # Easy letsencrypt certs using a bash script.
# v1.2 - 12/13/2015 # v1.3 - 04/04/2016
# By Brielle Bruns <bruns@2mbit.com> # By Brielle Bruns <bruns@2mbit.com>
# http://www.sosdg.org # http://www.sosdg.org
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Use like: gen-cert.sh -d domain1.com -d domain2.com # Use like: gen-cert.sh -d domain1.com -d domain2.com
# #
@ -15,19 +16,31 @@
# #
# 2) Webroot (alias) # 2) Webroot (alias)
# Same as #1, but also include an alias directive in apache like in: # Same as #1, but also include an alias directive in apache like in:
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
# And: # And:
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge # mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root # gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
# #
# 3) Proxy auth # 3) Proxy auth
# This auth method uses the standalone authenticator with a mod_proxy # This auth method uses the standalone authenticator with a mod_proxy
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
# Original proxy idea from: # Original proxy idea from:
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/ # http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999" PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
# Location of LetsEncrypt binary we use
LEBINARY="/usr/src/letsencrypt/letsencrypt-auto"
if [[ ! -x ${LEBINARY} ]]; then
echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
echo "You'll need to do one of the following:"
echo "1) Change LEBINARY variable in this script"
echo "2) Install LE manually or via your package manager and do #1"
echo "3) Use the included get-letsencrypt.sh script to install it"
exit 1
fi
while getopts "d:r:e:" opt; do while getopts "d:r:e:" opt; do
case $opt in case $opt in
d) domains+=("$OPTARG");; d) domains+=("$OPTARG");;
@ -36,6 +49,13 @@ while getopts "d:r:e:" opt; do
esac esac
done done
MAINDOMAIN=${domains[0]}
if [[ -z ${MAINDOMAIN} ]]; then
echo "Error: At least one -d argument is required"
exit 1
fi
if [[ ! -z ${email} ]]; then if [[ ! -z ${email} ]]; then
email="--email ${email}" email="--email ${email}"
else else
@ -58,8 +78,7 @@ done
cd /usr/src/letsencrypt ${LEBINARY} ${email} \
./letsencrypt-auto ${email} \
--server https://acme-v01.api.letsencrypt.org/directory \ --server https://acme-v01.api.letsencrypt.org/directory \
--agree-tos \ --agree-tos \
--renew-by-default \ --renew-by-default \