first pre-release
This commit is contained in:
parent
68457dbeee
commit
4b3242e7df
36
README.md
36
README.md
|
@ -1,6 +1,40 @@
|
|||
# ee-acme-sh
|
||||
|
||||
### Bash script to install Let's Encrypt SSL certificates automatically using acme.sh on servers running with EasyEngine
|
||||
|
||||
Currently in test, will be released soon
|
||||
## Features
|
||||
|
||||
- Automated Installation of Let's Encrypt SSL certificates using [acme.sh](http://acme.sh)
|
||||
- Acme validation with standalone mode or Cloudflare DNS API
|
||||
- Domain, Subdomain & Wildcard SSL Certificates support
|
||||
- IPv6 Support
|
||||
- Automated Certificates Renewal
|
||||
|
||||
![ee-acme-sh](https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/ee-acme.png)
|
||||
|
||||
## Installation
|
||||
|
||||
```bash
|
||||
bash <(wget --no-check-certificate -O - https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/install.sh)
|
||||
|
||||
# enable acme.sh & ee-acme-sh
|
||||
source .bashrc
|
||||
```
|
||||
|
||||
## Usage :
|
||||
|
||||
```bash
|
||||
# Install a SSL certificate on a domain + alias www
|
||||
ee-acme-www
|
||||
|
||||
# Install a SSL certificate on a subdomain
|
||||
ee-acme-subdomain
|
||||
|
||||
# Install a Wildcard SSL certificate on a domain
|
||||
ee-acme-wildcard
|
||||
```
|
||||
|
||||
## Limitations
|
||||
|
||||
- Wildcard certs are only available with Cloudflare DNS API
|
||||
-
|
||||
|
|
22
install.sh
22
install.sh
|
@ -22,7 +22,7 @@ echo "What mode of validation you want to use with Acme.sh ?"
|
|||
echo "1) Cloudflare API validation (domain/subdomain/wildcard certs)"
|
||||
echo "2) Standalone mode validation (domain/subdomain certs)"
|
||||
echo ""
|
||||
read -r acmemode
|
||||
read -r acmemode
|
||||
echo ""
|
||||
|
||||
# install acme.sh if needed
|
||||
|
@ -32,7 +32,7 @@ if [ ! -f ~/.acme.sh/acme.sh ]; then
|
|||
echo "installing acme.sh"
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
fi
|
||||
fi
|
||||
|
||||
# install ee-acme-cf or ee-acme-standalone
|
||||
mkdir -p ~/.ee-acme
|
||||
|
@ -44,7 +44,7 @@ then
|
|||
echo ""
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
|
||||
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
|
@ -52,8 +52,8 @@ elif [[ "$acmemode" = "2" ]]; then
|
|||
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-standalone
|
||||
cd || exit
|
||||
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
|
||||
echo ""
|
||||
else
|
||||
echo ""
|
||||
else
|
||||
echo "this option doesn't exist"
|
||||
exit 1
|
||||
fi
|
||||
|
@ -62,19 +62,19 @@ fi
|
|||
echo ""
|
||||
echo -e " ${CGREEN}ee-acme-sh was installed successfully !${CEND}"
|
||||
echo ""
|
||||
echo "use the command 'source .bashrc' to enable ee-acme-sh"
|
||||
echo "You have to run the command ' ${CGREEN}source .bashrc${CEND}' to enable ee-acme-sh"
|
||||
echo ""
|
||||
echo " ee-acme-sh usage :"
|
||||
echo " ee-acme-sh usage :"
|
||||
echo ""
|
||||
if [ "$acmemode" = "1" ]
|
||||
then
|
||||
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
|
||||
echo " ${CGREEN}ee-acme-domain${CEND} : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
|
||||
echo ""
|
||||
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld "
|
||||
echo " ${CGREEN}ee-acme-subdomain${CEND} : install Let's Encrypt SSL certificate on sub.domain.tld "
|
||||
echo ""
|
||||
echo " ee-acme-wildcard : install Let's Encrypt SSL certificate on domain.tld + *.domain.tld"
|
||||
echo " ${CGREEN}ee-acme-wildcard${CEND} : install Let's Encrypt SSL certificate on domain.tld + *.domain.tld"
|
||||
echo ""
|
||||
else
|
||||
else
|
||||
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
|
||||
echo ""
|
||||
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld"
|
||||
|
|
|
@ -2,53 +2,53 @@
|
|||
|
||||
ee-acme-domain ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -57,7 +57,7 @@ server {
|
|||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
@ -65,27 +65,29 @@ fi
|
|||
|
||||
ee-acme-subdomain ()
|
||||
{
|
||||
echo "What is your subdomain ? "
|
||||
read -r domain_name
|
||||
echo "What is your subdomain ?"
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
# issue cert
|
||||
acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
|
@ -93,11 +95,11 @@ cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
|||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -105,68 +107,77 @@ server {
|
|||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
ee-acme-wildcard ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ? (without www.) "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ? (without www.) "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -175,8 +186,10 @@ server {
|
|||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
}
|
||||
|
|
|
@ -2,68 +2,64 @@
|
|||
|
||||
ee-acme-domain ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain (without www.) ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain (without www.) ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~.bashrc
|
||||
fi
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -72,41 +68,41 @@ server {
|
|||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
|
||||
}
|
||||
|
||||
ee-acme-subdomain ()
|
||||
{
|
||||
echo "What is your subdomain ? "
|
||||
read -r domain_name
|
||||
echo "What is your subdomain ? "
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
# or delete previous certificates
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
|
@ -114,11 +110,11 @@ cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
|||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
@ -126,13 +122,18 @@ server {
|
|||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue