diff --git a/acme_provision.sh b/acme_provision.sh new file mode 100644 index 0000000..f0374c8 --- /dev/null +++ b/acme_provision.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +acme.sh="/root/.acme.sh/acme.sh" + +if [ ! -f "$acme.sh"]; then + echo "acme.sh binary ($acme.sh) not found. Please update the path or download it from here: https://github.com/acmesh-official/acme.sh" + exit 1 +fi + +echo -n 'Enter domain name: ' +read domain + +mkdir -p -v "/var/www/$domain/.well-known" + +if [ ! -f /etc/ssl/certs/nginx-selfsigned.crt ] || [ ! -f /etc/ssl/private/nginx-selfsigned.key ]; then + echo "/etc/ssl/certs/nginx-selfsigned.crt or /etc/ssl/private/nginx-selfsigned.key not found" + echo -n "Would you like to generate a self-signed certificate now? [y/n] " + read choice + if [[ "$choice" == [Yy]* ]]; then + openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt + fi +fi + +if [ ! -f /etc/ssl/dhparam.pem ]; then + echo "/etc/ssl/dhparam.pem not found" + echo -n "Would you like to generate Diffie–Hellman parameters now? [y/n] " + read choice + if [[ "$choice" == [Yy]* ]]; then + openssl dhparam -out /etc/ssl/dhparam.pem 4096 + fi +fi + +if [ -f template.conf ]; then + echo 'template.conf exists, populating it now...' + sed -e "s/<>/$domain/g" template.conf > "/etc/nginx/sites-available/$domain.conf" + echo -n "Please check that \"/etc/nginx/sites-available/$domain.conf\" is correctly configured [Enter]" + read +else + echo "template.conf not found, please manually populate this configuration file: /etc/nginx/sites-available/$domain.conf" + read +fi + +if [ ! -L "/etc/nginx/sites-enabled/$domain.conf" ]; then + echo "\"$domain.conf\" not enabled. Linking it now..." + ln -v -s "/etc/nginx/sites-available/$domain.conf" "/etc/nginx/sites-enabled/" +fi + +echo "Testing nginx config:" +nginx -t +echo -n "Please make sure the test passed successfully and fix any issues if it didn't [Enter]" +read + +/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt +echo -n '[Enter] to continue' +read + +/root/.acme.sh/acme.sh --issue -d "$domain" -w "/var/www/$domain/" +echo -n '[Enter] to continue' +read + +mkdir -p -v "/etc/nginx/certs/$domain" + +/root/.acme.sh/acme.sh --install-cert -d "$domain" --cert-file "/etc/nginx/certs/$domain/cert.pem" --key-file "/etc/nginx/certs/$domain/key.key" --fullchain-file "/etc/nginx/certs/$domain/fullchain.cer" --reloadcmd "service nginx force-reload" +echo -n '[Enter] to continue' +read + + +echo "Please add/enable the following lines in \"/etc/nginx/sites-available/$domain.conf\":" +echo " ssl_certificate /etc/nginx/certs/$domain/fullchain.cer;" +echo " ssl_certificate_key /etc/nginx/certs/$domain/key.key;" + +echo -n "Press [Enter] to reload nginx" +read + +service nginx force-reload + +echo "All done." \ No newline at end of file