tim
/
acme_provision.sh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
tim 2024-11-06 04:38:09 +00:00
parent ebc81a7758
commit a024870b80
1 changed files with 77 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

77
acme_provision.sh Normal file
View File

@ -0,0 +1,77 @@
#!/bin/bash
acme.sh="/root/.acme.sh/acme.sh"
if [ ! -f "$acme.sh"]; then
echo "acme.sh binary ($acme.sh) not found. Please update the path or download it from here: https://github.com/acmesh-official/acme.sh"
exit 1
fi
echo -n 'Enter domain name: '
read domain
mkdir -p -v "/var/www/$domain/.well-known"
if [ ! -f /etc/ssl/certs/nginx-selfsigned.crt ] || [ ! -f /etc/ssl/private/nginx-selfsigned.key ]; then
echo "/etc/ssl/certs/nginx-selfsigned.crt or /etc/ssl/private/nginx-selfsigned.key not found"
echo -n "Would you like to generate a self-signed certificate now? [y/n] "
read choice
if [[ "$choice" == [Yy]* ]]; then
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
fi
fi
if [ ! -f /etc/ssl/dhparam.pem ]; then
echo "/etc/ssl/dhparam.pem not found"
echo -n "Would you like to generate DiffieHellman parameters now? [y/n] "
read choice
if [[ "$choice" == [Yy]* ]]; then
openssl dhparam -out /etc/ssl/dhparam.pem 4096
fi
fi
if [ -f template.conf ]; then
echo 'template.conf exists, populating it now...'
sed -e "s/<<domain>>/$domain/g" template.conf > "/etc/nginx/sites-available/$domain.conf"
echo -n "Please check that \"/etc/nginx/sites-available/$domain.conf\" is correctly configured [Enter]"
read
else
echo "template.conf not found, please manually populate this configuration file: /etc/nginx/sites-available/$domain.conf"
read
fi
if [ ! -L "/etc/nginx/sites-enabled/$domain.conf" ]; then
echo "\"$domain.conf\" not enabled. Linking it now..."
ln -v -s "/etc/nginx/sites-available/$domain.conf" "/etc/nginx/sites-enabled/"
fi
echo "Testing nginx config:"
nginx -t
echo -n "Please make sure the test passed successfully and fix any issues if it didn't [Enter]"
read
/root/.acme.sh/acme.sh --set-default-ca --server letsencrypt
echo -n '[Enter] to continue'
read
/root/.acme.sh/acme.sh --issue -d "$domain" -w "/var/www/$domain/"
echo -n '[Enter] to continue'
read
mkdir -p -v "/etc/nginx/certs/$domain"
/root/.acme.sh/acme.sh --install-cert -d "$domain" --cert-file "/etc/nginx/certs/$domain/cert.pem" --key-file "/etc/nginx/certs/$domain/key.key" --fullchain-file "/etc/nginx/certs/$domain/fullchain.cer" --reloadcmd "service nginx force-reload"
echo -n '[Enter] to continue'
read
echo "Please add/enable the following lines in \"/etc/nginx/sites-available/$domain.conf\":"
echo " ssl_certificate /etc/nginx/certs/$domain/fullchain.cer;"
echo " ssl_certificate_key /etc/nginx/certs/$domain/key.key;"
echo -n "Press [Enter] to reload nginx"
read
service nginx force-reload
echo "All done."