You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
2.3 KiB

  1. #!/bin/bash
  2. # Easy letsencrypt certs using a bash script.
  3. # v1.3 - 04/04/2016
  4. # By Brielle Bruns <bruns@2mbit.com>
  5. # http://www.sosdg.org
  6. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  7. # Use like: gen-cert.sh -d domain1.com -d domain2.com
  8. #
  9. # There are three options for authentication:
  10. #
  11. # 1) Webroot (normal)
  12. # Specify -r flag with -d and -e flags.
  13. # gen-cert.sh -d domain1.com -r /var/www/domain1.com
  14. #
  15. # 2) Webroot (alias)
  16. # Same as #1, but also include an alias directive in apache like in:
  17. # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
  18. # And:
  19. # mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
  20. # gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
  21. #
  22. # 3) Proxy auth
  23. # This auth method uses the standalone authenticator with a mod_proxy
  24. # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
  25. # Original proxy idea from:
  26. # http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
  27. PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
  28. # Location of LetsEncrypt binary we use
  29. LEBINARY="/usr/src/letsencrypt/certbot-auto"
  30. if [[ ! -x ${LEBINARY} ]]; then
  31. echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
  32. echo "You'll need to do one of the following:"
  33. echo "1) Change LEBINARY variable in this script"
  34. echo "2) Install LE manually or via your package manager and do #1"
  35. echo "3) Use the included get-letsencrypt.sh script to install it"
  36. exit 1
  37. fi
  38. while getopts "d:r:e:" opt; do
  39. case $opt in
  40. d) domains+=("$OPTARG");;
  41. r) webroot=("$OPTARG");;
  42. e) email=("$OPTARG");;
  43. esac
  44. done
  45. MAINDOMAIN=${domains[0]}
  46. if [[ -z ${MAINDOMAIN} ]]; then
  47. echo "Error: At least one -d argument is required"
  48. exit 1
  49. fi
  50. if [[ ! -z ${email} ]]; then
  51. email="--email ${email}"
  52. else
  53. email=""
  54. fi
  55. # Webroot auth method, activated with -r
  56. WEBAUTH="-a webroot --webroot-path ${webroot}"
  57. if [[ -z ${webroot} ]]; then
  58. AUTH=${PROXYAUTH}
  59. else
  60. AUTH=${WEBAUTH}
  61. fi
  62. shift $((OPTIND -1))
  63. for val in "${domains[@]}"; do
  64. DOMAINS="${DOMAINS} -d ${val} "
  65. done
  66. ${LEBINARY} ${email} \
  67. --server https://acme-v01.api.letsencrypt.org/directory \
  68. --agree-tos \
  69. --renew-by-default \
  70. ${AUTH} \
  71. ${DOMAINS} \
  72. certonly