fryfrog
/
lets-encrypt-scripts
forked from brielle/lets-encrypt-scripts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Browse Source

Updates to gen-cert.sh to make it more foolproof.

master
Brie Bruns 6 years ago
parent
4e02c62bd7
commit
7c6cfd1fab
2 changed files with 29 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      CHANGELOG
  2. 31
      gen-cert.sh

4
CHANGELOG
Unescape View File

@ -1,3 +1,7 @@
04/04/2016
- Minor updates to URLs in files
- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
03/24/2016
- Updated gen-unifi-cert.sh to do more sanity checks and embed the
needed IdenTrust cert so we don't need to include it separately.

31
gen-cert.sh
Unescape View File

@ -1,9 +1,10 @@
#!/bin/bash
# Easy letsencrypt certs using a bash script.
# v1.2 - 12/13/2015
# v1.3 - 04/04/2016
# By Brielle Bruns <bruns@2mbit.com>
# http://www.sosdg.org
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Use like: gen-cert.sh -d domain1.com -d domain2.com
#
@ -15,27 +16,46 @@
#
# 2) Webroot (alias)
# Same as #1, but also include an alias directive in apache like in:
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
# https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
# And:
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
#
# 3) Proxy auth
# This auth method uses the standalone authenticator with a mod_proxy
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
# https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
# Original proxy idea from:
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
# Location of LetsEncrypt binary we use
LEBINARY="/usr/src/letsencrypt/letsencrypt-auto"
if [[ ! -x ${LEBINARY} ]]; then
echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
echo "You'll need to do one of the following:"
echo "1) Change LEBINARY variable in this script"
echo "2) Install LE manually or via your package manager and do #1"
echo "3) Use the included get-letsencrypt.sh script to install it"
exit 1
fi
while getopts "d:r:e:" opt; do
case $opt in
d) domains+=("$OPTARG");;
d) domains+=("$OPTARG");;
r) webroot=("$OPTARG");;
e) email=("$OPTARG");;
esac
done
MAINDOMAIN=${domains[0]}
if [[ -z ${MAINDOMAIN} ]]; then
echo "Error: At least one -d argument is required"
exit 1
fi
if [[ ! -z ${email} ]]; then
email="--email ${email}"
else
@ -58,8 +78,7 @@ done
cd /usr/src/letsencrypt
./letsencrypt-auto ${email} \
${LEBINARY} ${email} \
--server https://acme-v01.api.letsencrypt.org/directory \
--agree-tos \
--renew-by-default \

Write Preview
Loading…
Cancel
Save