add configuration exist verification

This commit is contained in:
VirtuBox 2018-02-28 19:06:16 +01:00 committed by GitHub
parent d1fdd5757e
commit c0e5d850a5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 3 deletions

View File

@ -5,11 +5,14 @@ ssl-ee-domain ()
{
read -p "Enter your domain name: " domain_name
if [ ! -f ~/.acme.sh/acme.sh ]; then
wget -O - https://get.acme.sh | sh
fi
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
# create folder to store certificate
mkdir -p /etc/nginx/acme.sh/$domain_name
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
# add certificate to the nginx vhost configuration
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
@ -20,7 +23,12 @@ cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
EOF
fi
# create folder to store certificate
mkdir -p /etc/nginx/acme.sh/$domain_name
if [ ! -f /etc/nginx/conf.d/$domain_name-forcessl.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/$domain_name-forcessl.conf
server {
@ -30,6 +38,7 @@ server {
return 301 https://$domain_name$request_uri;
}
EOF
fi
# install the cert and reload nginx
acme.sh --install-cert -d $domain_name --ecc \
@ -44,12 +53,17 @@ ssl-ee-subdomain ()
{
read -p "Enter your sub-domain name: " domain_name
if [ ! -f ~/.acme.sh/acme.sh ]; then
wget -O - https://get.acme.sh | sh
fi
# issue cert
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
# create folder to store certificate
mkdir -p /etc/nginx/acme.sh/$domain_name
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
# add certificate to the nginx vhost configuration
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
listen 443 ssl http2;
@ -59,7 +73,9 @@ cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
EOF
fi
if [ ! -f /etc/nginx/conf.d/$domain_name-forcessl.conf ]; then
# add the redirection from http to https
cat <<EOF >/etc/nginx/conf.d/$domain_name-forcessl.conf
server {
@ -69,6 +85,7 @@ server {
return 301 https://$domain_name$request_uri;
}
EOF
fi
# install the cert and reload nginx
/root/.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
@ -78,3 +95,4 @@ EOF
--reloadcmd "systemctl reload nginx.service"
}