Updates to gen-cert.sh to make it more foolproof.
parent
4e02c62bd7
commit
7c6cfd1fab
|
@ -1,3 +1,7 @@
|
||||||
|
04/04/2016
|
||||||
|
- Minor updates to URLs in files
|
||||||
|
- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
|
||||||
|
|
||||||
03/24/2016
|
03/24/2016
|
||||||
- Updated gen-unifi-cert.sh to do more sanity checks and embed the
|
- Updated gen-unifi-cert.sh to do more sanity checks and embed the
|
||||||
needed IdenTrust cert so we don't need to include it separately.
|
needed IdenTrust cert so we don't need to include it separately.
|
||||||
|
|
31
gen-cert.sh
31
gen-cert.sh
|
@ -1,9 +1,10 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
# Easy letsencrypt certs using a bash script.
|
# Easy letsencrypt certs using a bash script.
|
||||||
# v1.2 - 12/13/2015
|
# v1.3 - 04/04/2016
|
||||||
# By Brielle Bruns <bruns@2mbit.com>
|
# By Brielle Bruns <bruns@2mbit.com>
|
||||||
# http://www.sosdg.org
|
# http://www.sosdg.org
|
||||||
|
|
||||||
|
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
||||||
|
|
||||||
# Use like: gen-cert.sh -d domain1.com -d domain2.com
|
# Use like: gen-cert.sh -d domain1.com -d domain2.com
|
||||||
#
|
#
|
||||||
|
@ -15,27 +16,46 @@
|
||||||
#
|
#
|
||||||
# 2) Webroot (alias)
|
# 2) Webroot (alias)
|
||||||
# Same as #1, but also include an alias directive in apache like in:
|
# Same as #1, but also include an alias directive in apache like in:
|
||||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
|
# https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
|
||||||
# And:
|
# And:
|
||||||
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
|
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
|
||||||
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
|
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
|
||||||
#
|
#
|
||||||
# 3) Proxy auth
|
# 3) Proxy auth
|
||||||
# This auth method uses the standalone authenticator with a mod_proxy
|
# This auth method uses the standalone authenticator with a mod_proxy
|
||||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
|
# https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
|
||||||
# Original proxy idea from:
|
# Original proxy idea from:
|
||||||
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
|
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
|
||||||
|
|
||||||
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
|
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
|
||||||
|
|
||||||
|
# Location of LetsEncrypt binary we use
|
||||||
|
LEBINARY="/usr/src/letsencrypt/letsencrypt-auto"
|
||||||
|
|
||||||
|
if [[ ! -x ${LEBINARY} ]]; then
|
||||||
|
echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
|
||||||
|
echo "You'll need to do one of the following:"
|
||||||
|
echo "1) Change LEBINARY variable in this script"
|
||||||
|
echo "2) Install LE manually or via your package manager and do #1"
|
||||||
|
echo "3) Use the included get-letsencrypt.sh script to install it"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
while getopts "d:r:e:" opt; do
|
while getopts "d:r:e:" opt; do
|
||||||
case $opt in
|
case $opt in
|
||||||
d) domains+=("$OPTARG");;
|
d) domains+=("$OPTARG");;
|
||||||
r) webroot=("$OPTARG");;
|
r) webroot=("$OPTARG");;
|
||||||
e) email=("$OPTARG");;
|
e) email=("$OPTARG");;
|
||||||
esac
|
esac
|
||||||
done
|
done
|
||||||
|
|
||||||
|
MAINDOMAIN=${domains[0]}
|
||||||
|
|
||||||
|
if [[ -z ${MAINDOMAIN} ]]; then
|
||||||
|
echo "Error: At least one -d argument is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
if [[ ! -z ${email} ]]; then
|
if [[ ! -z ${email} ]]; then
|
||||||
email="--email ${email}"
|
email="--email ${email}"
|
||||||
else
|
else
|
||||||
|
@ -58,8 +78,7 @@ done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
cd /usr/src/letsencrypt
|
${LEBINARY} ${email} \
|
||||||
./letsencrypt-auto ${email} \
|
|
||||||
--server https://acme-v01.api.letsencrypt.org/directory \
|
--server https://acme-v01.api.letsencrypt.org/directory \
|
||||||
--agree-tos \
|
--agree-tos \
|
||||||
--renew-by-default \
|
--renew-by-default \
|
||||||
|
|
Loading…
Reference in New Issue