Initial commit
This commit is contained in:
parent
ebc81a7758
commit
a024870b80
|
@ -0,0 +1,77 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
acme.sh="/root/.acme.sh/acme.sh"
|
||||||
|
|
||||||
|
if [ ! -f "$acme.sh"]; then
|
||||||
|
echo "acme.sh binary ($acme.sh) not found. Please update the path or download it from here: https://github.com/acmesh-official/acme.sh"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n 'Enter domain name: '
|
||||||
|
read domain
|
||||||
|
|
||||||
|
mkdir -p -v "/var/www/$domain/.well-known"
|
||||||
|
|
||||||
|
if [ ! -f /etc/ssl/certs/nginx-selfsigned.crt ] || [ ! -f /etc/ssl/private/nginx-selfsigned.key ]; then
|
||||||
|
echo "/etc/ssl/certs/nginx-selfsigned.crt or /etc/ssl/private/nginx-selfsigned.key not found"
|
||||||
|
echo -n "Would you like to generate a self-signed certificate now? [y/n] "
|
||||||
|
read choice
|
||||||
|
if [[ "$choice" == [Yy]* ]]; then
|
||||||
|
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f /etc/ssl/dhparam.pem ]; then
|
||||||
|
echo "/etc/ssl/dhparam.pem not found"
|
||||||
|
echo -n "Would you like to generate Diffie–Hellman parameters now? [y/n] "
|
||||||
|
read choice
|
||||||
|
if [[ "$choice" == [Yy]* ]]; then
|
||||||
|
openssl dhparam -out /etc/ssl/dhparam.pem 4096
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f template.conf ]; then
|
||||||
|
echo 'template.conf exists, populating it now...'
|
||||||
|
sed -e "s/<<domain>>/$domain/g" template.conf > "/etc/nginx/sites-available/$domain.conf"
|
||||||
|
echo -n "Please check that \"/etc/nginx/sites-available/$domain.conf\" is correctly configured [Enter]"
|
||||||
|
read
|
||||||
|
else
|
||||||
|
echo "template.conf not found, please manually populate this configuration file: /etc/nginx/sites-available/$domain.conf"
|
||||||
|
read
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -L "/etc/nginx/sites-enabled/$domain.conf" ]; then
|
||||||
|
echo "\"$domain.conf\" not enabled. Linking it now..."
|
||||||
|
ln -v -s "/etc/nginx/sites-available/$domain.conf" "/etc/nginx/sites-enabled/"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "Testing nginx config:"
|
||||||
|
nginx -t
|
||||||
|
echo -n "Please make sure the test passed successfully and fix any issues if it didn't [Enter]"
|
||||||
|
read
|
||||||
|
|
||||||
|
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
|
||||||
|
echo -n '[Enter] to continue'
|
||||||
|
read
|
||||||
|
|
||||||
|
/root/.acme.sh/acme.sh --issue -d "$domain" -w "/var/www/$domain/"
|
||||||
|
echo -n '[Enter] to continue'
|
||||||
|
read
|
||||||
|
|
||||||
|
mkdir -p -v "/etc/nginx/certs/$domain"
|
||||||
|
|
||||||
|
/root/.acme.sh/acme.sh --install-cert -d "$domain" --cert-file "/etc/nginx/certs/$domain/cert.pem" --key-file "/etc/nginx/certs/$domain/key.key" --fullchain-file "/etc/nginx/certs/$domain/fullchain.cer" --reloadcmd "service nginx force-reload"
|
||||||
|
echo -n '[Enter] to continue'
|
||||||
|
read
|
||||||
|
|
||||||
|
|
||||||
|
echo "Please add/enable the following lines in \"/etc/nginx/sites-available/$domain.conf\":"
|
||||||
|
echo " ssl_certificate /etc/nginx/certs/$domain/fullchain.cer;"
|
||||||
|
echo " ssl_certificate_key /etc/nginx/certs/$domain/key.key;"
|
||||||
|
|
||||||
|
echo -n "Press [Enter] to reload nginx"
|
||||||
|
read
|
||||||
|
|
||||||
|
service nginx force-reload
|
||||||
|
|
||||||
|
echo "All done."
|
Loading…
Reference in New Issue