virtubox
/
ee-acme-sh
mirror of https://github.com/VirtuBox/ee-acme-sh.git
1
0
Fork 0
Code Issues Releases Wiki Activity

ee-acme-sh fully rewritten 

* add support for bash argument
* unified script with dns or standalone acme validation
* add checks between each steps
This commit is contained in:
VirtuBox 2018-09-17 07:15:29 +02:00
parent 642c3a7593
commit 966c068377
5 changed files with 261 additions and 448 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
install.sh
View File

@ -19,11 +19,10 @@ echo ""
echo "checking if acme.sh is already installed"
echo ""
if [ ! -f ~/.acme.sh/acme.sh ]; then
echo ""
echo "installing acme.sh"
echo ""
wget -O - https://get.acme.sh | sh
source .bashrc
echo ""
echo "installing acme.sh"
echo ""
wget -O - https://get.acme.sh | sh
fi
@ -33,40 +32,34 @@ echo ""
echo "Welcome to the ee-acme-sh installation."
echo ""
echo "What mode of validation you want to use with Acme.sh ?"
echo "1) Cloudflare API validation (domain/subdomain/wildcard certs)"
echo "2) Standalone mode validation (domain/subdomain certs)"
while [[ $acmemode != "1" && $acmemode != "2" ]]; do
read -p "Select an option [1-2]: " acmemode
done
echo ""
# install ee-acme-cf or ee-acme-standalone
mkdir -p ~/.ee-acme
if [ "$acmemode" = "1" ]
then
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-cf
cd || exit
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
source .bashrc
echo ""
echo "What is your Cloudflare email address ? :"
echo ""
read -r cf_email
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
read -r cf_api_key
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-cf
cd || exit
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
source .bashrc
echo ""
echo "What is your Cloudflare email address ? :"
echo ""
read -r cf_email
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
read -r cf_api_key
echo "SAVED_CF_Key='$cf_api_key'" >> .acme.sh/account.conf
echo "SAVED_CF_Email='$cf_email'" >> .acme.sh/account.conf
echo "SAVED_CF_Key='$cf_api_key'" >> .acme.sh/account.conf
echo "SAVED_CF_Email='$cf_email'" >> .acme.sh/account.conf
elif [[ "$acmemode" = "2" ]]; then
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-standalone
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
source .bashrc
echo ""
elif [[ "$acmemode" = "2" ]]; then
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-standalone
echo "alias ee-acme="/root/.ee-acme/ee-acme.sh""
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
source .bashrc
echo ""
else
echo "this option doesn't exist"
exit 1
echo "this option doesn't exist"
exit 1
fi
# We're done !
@ -78,21 +71,28 @@ echo ""
echo -e " ${CGREEN}source .bashrc${CEND}"
echo ""
echo ""
echo " ee-acme-sh usage :"
echo "Usage: ee-acme [type] <domain> [mode]"
echo " Types:"
echo " -d, --domain <domain_name> ..... for domain.tld + www.domain.tld"
echo " -s, --subdomain <subdomain_name> ....... for sub.domain.tld"
echo " -w, --wildcard <domain_name> ..... for domain.tld + *.domain.tld"
echo " Modes:"
echo " --standalone ..... acme challenge in standalone mode"
echo " --cf ..... acme challenge in dns mode with Cloudflare"
echo " Options:"
echo " -h, --help, help ... displays this help information"
echo "Examples:"
echo ""
echo "domain.tld + www.domain.tld in standalone mode :"
echo " ee-acme -d domain.tld --standalone"
echo ""
echo "sub.domain.tld in dns mode with Cloudflare"
echo " ee-acme -s sub.domain.tld --cf"
echo ""
echo "wildcard certificate for domain.tld in dns mode with Cloudflare :"
echo " ee-acme -w domain.tld --cf"
echo ""
if [ "$acmemode" = "1" ]
then
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
echo ""
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld "
echo ""
echo " ee-acme-wildcard : install Let's Encrypt SSL certificate on domain.tld + *.domain.tld"
echo ""
else
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
echo ""
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld"
echo ""
fi

1
script/ee-acme Normal file
View File

@ -0,0 +1 @@
alias ee-acme="/root/.ee-acme/ee-acme.sh"

236
script/ee-acme-cf
View File

@ -1,236 +0,0 @@
#!/bin/bash
ee-acme-domain ()
{
clear
echo ""
echo "What is your domain ?: "
read -r domain_name
echo ""
if [ ! -f /etc/nginx/sites-available/$domain_name ];
then
echo "Error: non existant domain"
exit 1
fi
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
# create folder to store certificate
mkdir -p /etc/letsencrypt/live/$domain_name
fi
# install the cert and reload nginx
acme.sh --install-cert -d $domain_name --ecc \
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
# add certificate to the nginx vhost configuration
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# end add certificate to nginx vhost
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name www.$domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
fi
}
ee-acme-subdomain ()
{
echo "What is your subdomain ?"
read -r domain_name
if [ ! -f /etc/nginx/sites-available/$domain_name ];
then
echo "Error: non existant domain"
exit 1
fi
# issue cert
acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
# create folder to store certificate
mkdir -p /etc/letsencrypt/live/$domain_name
else
rm -rf /etc/letsencrypt/live/$domain_name/*
fi
# add certificate to the nginx vhost configuration
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# end add certificate to nginx vhost
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
fi
# install the cert and reload nginx
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
echo ""
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
echo ""
}
ee-acme-wildcard ()
{
clear
echo ""
echo "What is your domain ? (without www.) "
read -r domain_name
echo ""
if [ ! -f /etc/nginx/sites-available/$domain_name ];
then
echo "Error: non existant domain"
exit 1
fi
~/.acme.sh/acme.sh --issue -d "$domain_name" -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
# create folder to store certificate
mkdir -p /etc/letsencrypt/live/$domain_name
else
rm -rf /etc/letsencrypt/live/$domain_name/*
fi
# install the cert and reload nginx
acme.sh --install-cert -d $domain_name --ecc \
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
# add certificate to the nginx vhost configuration
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# end add certificate to nginx vhost
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name *.$domain_name;
return 301 https://\$host\$request_uri;
}
EOF
fi
echo ""
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
echo ""
}

166
script/ee-acme-standalone
View File

@ -1,166 +0,0 @@
#!/bin/bash
ee-acme-domain ()
{
clear
echo ""
echo "What is your domain (without www.) ?: "
read -r domain_name
echo ""
if [ ! -f /etc/nginx/sites-available/$domain_name ];
then
echo "Error: non existant domain"
exit 1
fi
if [ ! -f ~/.acme.sh/acme.sh ]; then
wget -O - https://get.acme.sh | sh
source ~.bashrc
fi
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
# create folder to store certificate
mkdir -p /etc/letsencrypt/live/$domain_name
else
rm -rf /etc/letsencrypt/live/$domain_name/*
fi
# install the cert and reload nginx
acme.sh --install-cert -d $domain_name --ecc \
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
# add certificate to the nginx vhost configuration
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# end add certificate to nginx vhost
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name www.$domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
fi
echo ""
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
echo ""
}
ee-acme-subdomain ()
{
echo "What is your subdomain ? "
read -r domain_name
if [ ! -f ~/.acme.sh/acme.sh ]; then
wget -O - https://get.acme.sh | sh
source ~/.bashrc
fi
# issue cert
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
# create folder to store certificate
mkdir -p /etc/letsencrypt/live/$domain_name
else
# or delete previous certificates
rm -rf /etc/letsencrypt/live/$domain_name/*
fi
# add certificate to the nginx vhost configuration
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# end add certificate to nginx vhost
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
fi
# install the cert and reload nginx
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
--reloadcmd "systemctl reload nginx.service"
echo ""
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
echo ""
}

214
script/ee-acme.sh Normal file
View File

@ -0,0 +1,214 @@
#!/bin/bash
_help() {
echo "Issue and install SSL certificates using acme.sh with EasyEngine"
echo "Usage: ee-acme [type] <domain> [mode]"
echo " Types:"
echo " -d, --domain <domain_name> ..... for domain.tld + www.domain.tld"
echo " -s, --subdomain <subdomain_name> ....... for sub.domain.tld"
echo " -w, --wildcard <domain_name> ..... for domain.tld + *.domain.tld"
echo " Modes:"
echo " --standalone ..... acme challenge in standalone mode"
echo " --cf ..... acme challenge in dns mode with Cloudflare"
echo " Options:"
echo " -h, --help, help ... displays this help information"
echo "Examples:"
echo ""
echo "domain.tld + www.domain.tld in standalone mode :"
echo " ee-acme -d domain.tld --standalone"
echo ""
echo "sub.domain.tld in dns mode with Cloudflare"
echo " ee-acme -s sub.domain.tld --cf"
echo ""
echo "wildcard certificate for domain.tld in dns mode with Cloudflare :"
echo " ee-acme -w domain.tld --cf"
echo ""
return 0
}
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
{
sudo systemctl enable nginx.service
sudo systemctl start nginx
} >>/var/log/ee-acme-sh.log
fi
while [[ $# -gt 0 ]]; do
arg="$1"
case $arg in
-d | --domain)
domain_name=$2
domain_type=domain
shift
;;
-s | --subdomain)
domain_name=$2
domain_type=subdomain
shift
;;
-w | --wildcard)
domain_name=$2
domain_type=wildcard
shift
;;
--cf)
acme_validation=cloudflare
shift
;;
--standalone)
acme_validation=standalone
shift
;;
-h | --help | help)
_help
exit 1
;;
*) # positional args
;;
esac
shift
done
if [ -z "$domain_name" ]; then
echo ""
echo "What is your domain ?: "
read -r domain_name
echo ""
fi
if [ -z "$acme_validation" ]; then
echo ""
echo "Do you want to use standalone mode [1] or dns mode with Cloudflare [2] ?"
while [[ $acme_choice != "1" && $acme_choice != "2" ]]; do
read -p "Select an option [1-2]: " acme_choice
done
fi
if [ $acme_choice = "1" ]; then
acme_validation=standalone
elif [ $acme_choice = "2" ]; then
acme_validation=cloudflare
fi
if [ ! -f /etc/nginx/sites-available/$domain_name ]; then
echo "Error: non existant domain"
exit 1
fi
if [ ! -d $HOME/.acme.sh/${domain_name}_ecc ]; then
if [ $acme_validation = "cloudflare" ]; then
if [ $domain_type = "domain" ]; then
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
elif [ $domain_type = "subdomain" ]; then
$HOME/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
elif [ $domain_type = "wildcard" ]; then
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
fi
elif [ $acme_validation = "standalone" ]; then
sudo apt-get install socat -y
if [ $domain_type = "domain" ]; then
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
elif [ $domain_type = "subdomain" ]; then
$HOME/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
elif [ $domain_type = "wildcard" ]; then
echo "standalone mode do not support wildcard certificates"
exit 1
fi
fi
else
echo "certificate already exist !"
exit 1
fi
# check if folder already exist
if [ -d /etc/letsencrypt/live/$domain_name ]; then
sudo rm -rf /etc/letsencrypt/live/$domain_name/*
else
# create folder to store certificate
sudo mkdir -p /etc/letsencrypt/live/$domain_name
fi
# install the cert and reload nginx
if [ -f $HOME/.acme.sh/${domain_name}_ecc/fullchain.cer ]; then
$HOME/.acme.sh/acme.sh --install-cert -d ${domain_name} --ecc \
--cert-file /etc/letsencrypt/live/${domain_name}/cert.pem \
--key-file /etc/letsencrypt/live/${domain_name}/key.pem \
--fullchain-file /etc/letsencrypt/live/${domain_name}/fullchain.pem \
--reloadcmd "sudo systemctl reload nginx.service"
else
echo "acme.sh failed to issue certificate"
exit 1
fi
if [ -f /etc/letsencrypt/live/${domain_name}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${domain_name}/key.pem ]; then
# add certificate to the nginx vhost configuration
CURRENT=$(nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15)
if [ -z "$CURRENT" ]; then
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl on;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
else
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
EOF
fi
# add redirection from http to https
if [ $domain_type = "domain" ]; then
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name www.$domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
elif [ $domain_type = "subdomain" ]; then
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name;
return 301 https://$domain_name\$request_uri;
}
EOF
elif [ $domain_type = "wildcard" ]; then
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
server {
listen 80;
listen [::]:80;
server_name $domain_name *.$domain_name;
return 301 https://\$host\$request_uri;
}
EOF
fi
else
echo "acme.sh failed to install certificate"
exit 1
fi
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
echo "####################################"
echo "Reloading Nginx"
echo "####################################"
sudo service nginx reload
else
echo "####################################"
echo "Nginx configuration is not correct"
echo "####################################"
fi
}
alias ee-acme=ee_acme