ee-acme testing
This commit is contained in:
parent
5cc141b07e
commit
ddfd6710c2
|
@ -3,84 +3,121 @@
|
|||
|
||||
ee-ssl-www ()
|
||||
{
|
||||
read -p "Enter your domain name: " domain_name
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" -d www."$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/acme.sh/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/nginx/acme.sh/$domain_name
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/$domain_name-forcessl.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/$domain_name-forcessl.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name www.$domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
EOF
|
||||
if [ ! -d /etc/letsencrypt/live/"$domain_name" ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/"$domain_name"
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/nginx/acme.sh/$domain_name/cert.pem \
|
||||
--key-file /etc/nginx/acme.sh/$domain_name/key.pem \
|
||||
--fullchain-file /etc/nginx/acme.sh/$domain_name/fullchain.pem \
|
||||
acme.sh --install-cert -d "$domain_name" --ecc \
|
||||
--cert-file /etc/letsencrypt/live/"$domain_name"/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/"$domain_name"/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/"$domain_name"/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
|
||||
if [ ! -f /var/www/"$domain_name"/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/"$domain_name"/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/"$domain_name"/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/"$domain_name"/vtbox.cf/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/"$domain_name"/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
|
||||
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-"$domain_name".conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name "$domain_name" www.$domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
ee-ssl-subdomain ()
|
||||
{
|
||||
read -p "Enter your sub-domain name: " domain_name
|
||||
echo "Enter your sub-domain name: "
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
acme.sh --issue -d "$domain_name" --keylength ec-384 --dns dns_cf --dnssleep 60
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/nginx/acme.sh/$domain_name
|
||||
if [ ! -d /etc/letsencrypt/live/"$domain_name" ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/"$domain_name"
|
||||
fi
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
cat <<EOF >/var/www/"$domain_name"/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/acme.sh/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/"$domain_name"/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/"$domain_name"/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/"$domain_name"/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/$domain_name-forcessl.conf ]; then
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/$domain_name-forcessl.conf
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-"$domain_name".conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
|
@ -88,10 +125,10 @@ EOF
|
|||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
/root/.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/nginx/acme.sh/$domain_name/cert.pem \
|
||||
--key-file /etc/nginx/acme.sh/$domain_name/key.pem \
|
||||
--fullchain-file /etc/nginx/acme.sh/$domain_name/fullchain.pem \
|
||||
.acme.sh/acme.sh --install-cert -d "$domain_name" --ecc \
|
||||
--cert-file /etc/letsencrypt/live/"$domain_name"/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/"$domain_name"/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/"$domain_name"/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
}
|
||||
|
|
|
@ -3,84 +3,121 @@
|
|||
|
||||
ee-ssl-www ()
|
||||
{
|
||||
read -p "Enter your domain name: " domain_name
|
||||
clear
|
||||
echo ""
|
||||
echo "What is your domain (without www.) ?: "
|
||||
read -r domain_name
|
||||
echo ""
|
||||
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" -d www.$domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/acme.sh/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/nginx/acme.sh/$domain_name
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name www.$domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
EOF
|
||||
if [ ! -d /etc/letsencrypt/live/"$domain_name" ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/"$domain_name"
|
||||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/nginx/acme.sh/$domain_name/cert.pem \
|
||||
--key-file /etc/nginx/acme.sh/$domain_name/key.pem \
|
||||
--fullchain-file /etc/nginx/acme.sh/$domain_name/fullchain.pem \
|
||||
acme.sh --install-cert -d "$domain_name" --ecc \
|
||||
--cert-file /etc/letsencrypt/live/"$domain_name"/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/"$domain_name"/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/"$domain_name"/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
}
|
||||
|
||||
ee-ssl-sub ()
|
||||
{
|
||||
read -p "Enter your sub-domain name: " domain_name
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d $domain_name --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/nginx/acme.sh/$domain_name
|
||||
|
||||
if [ ! -f /var/www/$domain_name/conf/nginx/ssl.conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/$domain_name/conf/nginx/ssl.conf
|
||||
|
||||
if [ ! -f /var/www/"$domain_name"/conf/nginx/ssl.conf ]; then
|
||||
|
||||
cat <<EOF >/var/www/"$domain_name"/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/acme.sh/$domain_name/fullchain.pem;
|
||||
ssl_certificate_key /etc/nginx/acme.sh/$domain_name/key.pem;
|
||||
ssl_trusted_certificate /etc/nginx/acme.sh/$domain_name/cert.pem;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/"$domain_name"/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/"$domain_name"/vtbox.cf/privkey.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/"$domain_name"/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-$domain_name.conf ]; then
|
||||
|
||||
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-$domain_name.conf
|
||||
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-"$domain_name".conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen [::]:80;
|
||||
server_name "$domain_name" www.$domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
EOF
|
||||
|
||||
fi
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
ee-ssl-subdomain ()
|
||||
{
|
||||
echo "Enter your sub-domain name: "
|
||||
read -r domain_name
|
||||
|
||||
if [ ! -f ~/.acme.sh/acme.sh ]; then
|
||||
wget -O - https://get.acme.sh | sh
|
||||
source ~/.bashrc
|
||||
|
||||
echo "What is your Cloudflare email address ? :"
|
||||
read -r cf_email
|
||||
echo "What is your Cloudflare API Key ?"
|
||||
read -r cf_api_key
|
||||
export CF_Email="$cf_email"
|
||||
export CF_Key="$cf_api_key"
|
||||
fi
|
||||
|
||||
# issue cert
|
||||
~/.acme.sh/acme.sh --issue -d "$domain_name" --keylength ec-384 --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
|
||||
|
||||
if [ ! -d /etc/letsencrypt/live/"$domain_name" ]; then
|
||||
|
||||
# create folder to store certificate
|
||||
mkdir -p /etc/letsencrypt/live/"$domain_name"
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
# add certificate to the nginx vhost configuration
|
||||
cat <<EOF >/var/www/"$domain_name"/conf/nginx/ssl.conf
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl on;
|
||||
ssl_certificate /etc/letsencrypt/live/"$domain_name"/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/"$domain_name"/key.pem;
|
||||
ssl_trusted_certificate /etc/letsencrypt/live/"$domain_name"/cert.pem;
|
||||
EOF
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/nginx/conf.d/force-ssl-"$domain_name".conf ]; then
|
||||
# add the redirection from http to https
|
||||
cat <<EOF >/etc/nginx/conf.d/force-ssl-"$domain_name".conf
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $domain_name;
|
||||
return 301 https://$domain_name$request_uri;
|
||||
}
|
||||
|
@ -88,11 +125,10 @@ EOF
|
|||
fi
|
||||
|
||||
# install the cert and reload nginx
|
||||
/root/.acme.sh/acme.sh --install-cert -d $domain_name --ecc \
|
||||
--cert-file /etc/nginx/acme.sh/$domain_name/cert.pem \
|
||||
--key-file /etc/nginx/acme.sh/$domain_name/key.pem \
|
||||
--fullchain-file /etc/nginx/acme.sh/$domain_name/fullchain.pem \
|
||||
.acme.sh/acme.sh --install-cert -d "$domain_name" --ecc \
|
||||
--cert-file /etc/letsencrypt/live/"$domain_name"/cert.pem \
|
||||
--key-file /etc/letsencrypt/live/"$domain_name"/key.pem \
|
||||
--fullchain-file /etc/letsencrypt/live/"$domain_name"/fullchain.pem \
|
||||
--reloadcmd "systemctl reload nginx.service"
|
||||
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue