You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

69 lines
1.7 KiB

  1. #!/bin/bash
  2. # Easy letsencrypt certs using a bash script.
  3. # v1.2 - 12/13/2015
  4. # By Brielle Bruns <bruns@2mbit.com>
  5. # http://www.sosdg.org
  6. # Use like: gen-cert.sh -d domain1.com -d domain2.com
  7. #
  8. # There are three options for authentication:
  9. #
  10. # 1) Webroot (normal)
  11. # Specify -r flag with -d and -e flags.
  12. # gen-cert.sh -d domain1.com -r /var/www/domain1.com
  13. #
  14. # 2) Webroot (alias)
  15. # Same as #1, but also include an alias directive in apache like in:
  16. # http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
  17. # And:
  18. # mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
  19. # gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge
  20. #
  21. # 3) Proxy auth
  22. # This auth method uses the standalone authenticator with a mod_proxy
  23. # http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
  24. # Original proxy idea from:
  25. # http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
  26. PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
  27. while getopts "d:r:e:" opt; do
  28. case $opt in
  29. d) domains+=("$OPTARG");;
  30. r) webroot=("$OPTARG");;
  31. e) email=("$OPTARG");;
  32. esac
  33. done
  34. if [[ ! -z ${email} ]]; then
  35. email="--email ${email}"
  36. else
  37. email=""
  38. fi
  39. # Webroot auth method, activated with -r
  40. WEBAUTH="-a webroot --webroot-path ${webroot}"
  41. if [[ -z ${webroot} ]]; then
  42. AUTH=${PROXYAUTH}
  43. else
  44. AUTH=${WEBAUTH}
  45. fi
  46. shift $((OPTIND -1))
  47. for val in "${domains[@]}"; do
  48. DOMAINS="${DOMAINS} -d ${val} "
  49. done
  50. cd /usr/src/letsencrypt
  51. ./letsencrypt-auto ${email} \
  52. --server https://acme-v01.api.letsencrypt.org/directory \
  53. --agree-tos \
  54. --renew-by-default \
  55. ${AUTH} \
  56. ${DOMAINS} \
  57. certonly