ee-acme-sh fully rewritten
* add support for bash argument * unified script with dns or standalone acme validation * add checks between each steps
This commit is contained in:
parent
642c3a7593
commit
966c068377
92
install.sh
92
install.sh
|
@ -19,11 +19,10 @@ echo ""
|
|||
echo "checking if acme.sh is already installed"
|
||||
echo ""
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
echo ""
|
||||
echo "installing acme.sh"
|
||||
echo ""
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source .bashrc
|
||||
echo ""
|
||||
echo "installing acme.sh"
|
||||
echo ""
|
||||
wget -O - https://get.acme.sh | sh
|
||||
fi
|
||||
|
||||
|
||||
|
@ -33,40 +32,34 @@ echo ""
|
|||
echo "Welcome to the ee-acme-sh installation."
|
||||
echo ""
|
||||
|
||||
echo "What mode of validation you want to use with Acme.sh ?"
|
||||
echo "1) Cloudflare API validation (domain/subdomain/wildcard certs)"
|
||||
echo "2) Standalone mode validation (domain/subdomain certs)"
|
||||
while [[ $acmemode != "1" && $acmemode != "2" ]]; do
|
||||
read -p "Select an option [1-2]: " acmemode
|
||||
done
|
||||
echo ""
|
||||
|
||||
# install ee-acme-cf or ee-acme-standalone
|
||||
mkdir -p ~/.ee-acme
|
||||
if [ "$acmemode" = "1" ]
|
||||
then
|
||||
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-cf
|
||||
cd || exit
|
||||
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
|
||||
source .bashrc
|
||||
echo ""
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
echo ""
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
|
||||
read -r cf_api_key
|
||||
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-cf
|
||||
cd || exit
|
||||
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
|
||||
source .bashrc
|
||||
echo ""
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
echo ""
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ? You API Key is available on https://www.cloudflare.com/a/profile"
|
||||
read -r cf_api_key
|
||||
|
||||
echo "SAVED_CF_Key='$cf_api_key'" >> .acme.sh/account.conf
|
||||
echo "SAVED_CF_Email='$cf_email'" >> .acme.sh/account.conf
|
||||
echo "SAVED_CF_Key='$cf_api_key'" >> .acme.sh/account.conf
|
||||
echo "SAVED_CF_Email='$cf_email'" >> .acme.sh/account.conf
|
||||
|
||||
elif [[ "$acmemode" = "2" ]]; then
|
||||
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-standalone
|
||||
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
|
||||
source .bashrc
|
||||
echo ""
|
||||
elif [[ "$acmemode" = "2" ]]; then
|
||||
wget -O ~/.ee-acme/ee-acme https://raw.githubusercontent.com/VirtuBox/ee-acme-sh/master/script/ee-acme-standalone
|
||||
echo "alias ee-acme="/root/.ee-acme/ee-acme.sh""
|
||||
echo '. "/root/.ee-acme/ee-acme"' >> .bashrc
|
||||
source .bashrc
|
||||
echo ""
|
||||
else
|
||||
echo "this option doesn't exist"
|
||||
exit 1
|
||||
echo "this option doesn't exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# We're done !
|
||||
|
@ -78,21 +71,28 @@ echo ""
|
|||
echo -e " ${CGREEN}source .bashrc${CEND}"
|
||||
echo ""
|
||||
echo ""
|
||||
echo " ee-acme-sh usage :"
|
||||
echo "Usage: ee-acme [type] <domain> [mode]"
|
||||
echo " Types:"
|
||||
echo " -d, --domain <domain_name> ..... for domain.tld + www.domain.tld"
|
||||
echo " -s, --subdomain <subdomain_name> ....... for sub.domain.tld"
|
||||
echo " -w, --wildcard <domain_name> ..... for domain.tld + *.domain.tld"
|
||||
echo " Modes:"
|
||||
echo " --standalone ..... acme challenge in standalone mode"
|
||||
echo " --cf ..... acme challenge in dns mode with Cloudflare"
|
||||
echo " Options:"
|
||||
echo " -h, --help, help ... displays this help information"
|
||||
echo "Examples:"
|
||||
echo ""
|
||||
echo "domain.tld + www.domain.tld in standalone mode :"
|
||||
echo " ee-acme -d domain.tld --standalone"
|
||||
echo ""
|
||||
echo "sub.domain.tld in dns mode with Cloudflare"
|
||||
echo " ee-acme -s sub.domain.tld --cf"
|
||||
echo ""
|
||||
echo "wildcard certificate for domain.tld in dns mode with Cloudflare :"
|
||||
echo " ee-acme -w domain.tld --cf"
|
||||
echo ""
|
||||
if [ "$acmemode" = "1" ]
|
||||
then
|
||||
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
|
||||
echo ""
|
||||
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld "
|
||||
echo ""
|
||||
echo " ee-acme-wildcard : install Let's Encrypt SSL certificate on domain.tld + *.domain.tld"
|
||||
echo ""
|
||||
else
|
||||
echo " ee-acme-domain : install Let's Encrypt SSL certificate on domain.tld + www.domain.tld"
|
||||
echo ""
|
||||
echo " ee-acme-subdomain : install Let's Encrypt SSL certificate on sub.domain.tld"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
alias ee-acme="/root/.ee-acme/ee-acme.sh"
|
|
@ -1,236 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
ee-acme-domain ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# end add certificate to nginx vhost
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name www.$domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
ee-acme-subdomain ()
|
||||
{
|
||||
echo "What is your subdomain ?"
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# end add certificate to nginx vhost
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
ee-acme-wildcard ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ? (without www.) "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# end add certificate to nginx vhost
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name *.$domain_name;
|
||||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
}
|
|
@ -1,166 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
ee-acme-domain ()
|
||||
{
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain (without www.) ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ];
|
||||
then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~.bashrc
|
||||
fi
|
||||
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# end add certificate to nginx vhost
|
||||
|
||||
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name www.$domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
|
||||
}
|
||||
|
||||
ee-acme-subdomain ()
|
||||
{
|
||||
echo "What is your subdomain ? "
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
else
|
||||
# or delete previous certificates
|
||||
rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
fi
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
rm -rf /var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# end add certificate to nginx vhost
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/letsencrypt/live/$domain_name/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/$domain_name/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/$domain_name/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
echo ""
|
||||
echo -e " ${CGREEN}SSL certificate was installed successfully !${CEND}"
|
||||
echo ""
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,214 @@
|
|||
#!/bin/bash
|
||||
|
||||
|
||||
|
||||
_help() {
|
||||
echo "Issue and install SSL certificates using acme.sh with EasyEngine"
|
||||
echo "Usage: ee-acme [type] <domain> [mode]"
|
||||
echo " Types:"
|
||||
echo " -d, --domain <domain_name> ..... for domain.tld + www.domain.tld"
|
||||
echo " -s, --subdomain <subdomain_name> ....... for sub.domain.tld"
|
||||
echo " -w, --wildcard <domain_name> ..... for domain.tld + *.domain.tld"
|
||||
echo " Modes:"
|
||||
echo " --standalone ..... acme challenge in standalone mode"
|
||||
echo " --cf ..... acme challenge in dns mode with Cloudflare"
|
||||
echo " Options:"
|
||||
echo " -h, --help, help ... displays this help information"
|
||||
echo "Examples:"
|
||||
echo ""
|
||||
echo "domain.tld + www.domain.tld in standalone mode :"
|
||||
echo " ee-acme -d domain.tld --standalone"
|
||||
echo ""
|
||||
echo "sub.domain.tld in dns mode with Cloudflare"
|
||||
echo " ee-acme -s sub.domain.tld --cf"
|
||||
echo ""
|
||||
echo "wildcard certificate for domain.tld in dns mode with Cloudflare :"
|
||||
echo " ee-acme -w domain.tld --cf"
|
||||
echo ""
|
||||
return 0
|
||||
}
|
||||
|
||||
if [ ! -f /etc/systemd/system/multi-user.target.wants/nginx.service ]; then
|
||||
{
|
||||
sudo systemctl enable nginx.service
|
||||
sudo systemctl start nginx
|
||||
} >>/var/log/ee-acme-sh.log
|
||||
fi
|
||||
|
||||
while [[ $# -gt 0 ]]; do
|
||||
arg="$1"
|
||||
case $arg in
|
||||
-d | --domain)
|
||||
domain_name=$2
|
||||
domain_type=domain
|
||||
shift
|
||||
;;
|
||||
-s | --subdomain)
|
||||
domain_name=$2
|
||||
domain_type=subdomain
|
||||
shift
|
||||
;;
|
||||
-w | --wildcard)
|
||||
domain_name=$2
|
||||
domain_type=wildcard
|
||||
shift
|
||||
;;
|
||||
--cf)
|
||||
acme_validation=cloudflare
|
||||
shift
|
||||
;;
|
||||
--standalone)
|
||||
acme_validation=standalone
|
||||
shift
|
||||
;;
|
||||
-h | --help | help)
|
||||
_help
|
||||
exit 1
|
||||
;;
|
||||
*) # positional args
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ -z "$domain_name" ]; then
|
||||
echo ""
|
||||
echo "What is your domain ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
fi
|
||||
|
||||
if [ -z "$acme_validation" ]; then
|
||||
echo ""
|
||||
echo "Do you want to use standalone mode [1] or dns mode with Cloudflare [2] ?"
|
||||
while [[ $acme_choice != "1" && $acme_choice != "2" ]]; do
|
||||
read -p "Select an option [1-2]: " acme_choice
|
||||
done
|
||||
fi
|
||||
if [ $acme_choice = "1" ]; then
|
||||
acme_validation=standalone
|
||||
elif [ $acme_choice = "2" ]; then
|
||||
acme_validation=cloudflare
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/sites-available/$domain_name ]; then
|
||||
echo "Error: non existant domain"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -d $HOME/.acme.sh/${domain_name}_ecc ]; then
|
||||
if [ $acme_validation = "cloudflare" ]; then
|
||||
if [ $domain_type = "domain" ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
elif [ $domain_type = "subdomain" ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
elif [ $domain_type = "wildcard" ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d "*.$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
fi
|
||||
elif [ $acme_validation = "standalone" ]; then
|
||||
sudo apt-get install socat -y
|
||||
if [ $domain_type = "domain" ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
|
||||
elif [ $domain_type = "subdomain" ]; then
|
||||
$HOME/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "service nginx stop " --post-hook "service nginx start"
|
||||
elif [ $domain_type = "wildcard" ]; then
|
||||
echo "standalone mode do not support wildcard certificates"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
else
|
||||
echo "certificate already exist !"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# check if folder already exist
|
||||
if [ -d /etc/letsencrypt/live/$domain_name ]; then
|
||||
sudo rm -rf /etc/letsencrypt/live/$domain_name/*
|
||||
else
|
||||
# create folder to store certificate
|
||||
sudo mkdir -p /etc/letsencrypt/live/$domain_name
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
if [ -f $HOME/.acme.sh/${domain_name}_ecc/fullchain.cer ]; then
|
||||
$HOME/.acme.sh/acme.sh --install-cert -d ${domain_name} --ecc \
|
||||
--cert-file /etc/letsencrypt/live/${domain_name}/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/${domain_name}/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/${domain_name}/fullchain.pem \
|
||||
--reloadcmd "sudo systemctl reload nginx.service"
|
||||
else
|
||||
echo "acme.sh failed to issue certificate"
|
||||
exit 1
|
||||
fi
|
||||
if [ -f /etc/letsencrypt/live/${domain_name}/fullchain.pem ] && [ -f /etc/letsencrypt/live/${domain_name}/key.pem ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
CURRENT=$(nginx -v 2>&1 | awk -F "/" '{print $2}' | grep 1.15)
|
||||
if [ -z "$CURRENT" ]; then
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
else
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate /etc/letsencrypt/live/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/$domain_name/cert.pem;
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
# add redirection from http to https
|
||||
if [ $domain_type = "domain" ]; then
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name www.$domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
elif [ $domain_type = "subdomain" ]; then
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name;
|
||||
return 301 https://$domain_name\$request_uri;
|
||||
}
|
||||
EOF
|
||||
elif [ $domain_type = "wildcard" ]; then
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name *.$domain_name;
|
||||
return 301 https://\$host\$request_uri;
|
||||
}
|
||||
|
||||
EOF
|
||||
fi
|
||||
else
|
||||
echo "acme.sh failed to install certificate"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
VERIFY_NGINX_CONFIG=$(nginx -t 2>&1 | grep failed)
|
||||
if [ -z "$VERIFY_NGINX_CONFIG" ]; then
|
||||
echo "####################################"
|
||||
echo "Reloading Nginx"
|
||||
echo "####################################"
|
||||
sudo service nginx reload
|
||||
else
|
||||
echo "####################################"
|
||||
echo "Nginx configuration is not correct"
|
||||
echo "####################################"
|
||||
fi
|
||||
}
|
||||
|
||||
alias ee-acme=ee_acme
|
Loading…
Reference in New Issue