Browse Source

Updates to gen-cert.sh to make it more foolproof.

Brielle Bruns 2 years ago
parent
commit
7c6cfd1fab
2 changed files with 29 additions and 6 deletions
  1. 4
    0
      CHANGELOG
  2. 25
    6
      gen-cert.sh

+ 4
- 0
CHANGELOG View File

@@ -1,3 +1,7 @@
1
+04/04/2016
2
+	- Minor updates to URLs in files
3
+	- Add sanity checking to gen-cert.sh like whats in gen-unifi-cert.sh
4
+
1 5
 03/24/2016
2 6
 	- Updated gen-unifi-cert.sh to do more sanity checks and embed the
3 7
 		needed IdenTrust cert so we don't need to include it separately.

+ 25
- 6
gen-cert.sh View File

@@ -1,9 +1,10 @@
1 1
 #!/bin/bash
2 2
 # Easy letsencrypt certs using a bash script.
3
-# v1.2 - 12/13/2015
3
+# v1.3 - 04/04/2016
4 4
 # By Brielle Bruns <bruns@2mbit.com>
5 5
 # http://www.sosdg.org
6 6
 
7
+PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
7 8
 
8 9
 # Use like:  gen-cert.sh -d domain1.com -d domain2.com
9 10
 #
@@ -15,27 +16,46 @@
15 16
 #
16 17
 # 2) Webroot (alias)
17 18
 #	Same as #1, but also include an alias directive in apache like in:
18
-#	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
19
+#	https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
19 20
 #	And:
20 21
 #	mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
21 22
 #	gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
22 23
 #
23 24
 # 3) Proxy auth
24 25
 #	This auth method uses the standalone authenticator with a mod_proxy
25
-# 	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
26
+# 	https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
26 27
 #	Original proxy idea from:
27 28
 #	http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
28 29
 
29 30
 PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
30 31
 
32
+# Location of LetsEncrypt binary we use
33
+LEBINARY="/usr/src/letsencrypt/letsencrypt-auto"
34
+
35
+if [[ ! -x ${LEBINARY} ]]; then
36
+	echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
37
+	echo "You'll need to do one of the following:"
38
+	echo "1) Change LEBINARY variable in this script"
39
+	echo "2) Install LE manually or via your package manager and do #1"
40
+	echo "3) Use the included get-letsencrypt.sh script to install it"
41
+	exit 1
42
+fi
43
+
31 44
 while getopts "d:r:e:" opt; do
32 45
     case $opt in
33
-        d) domains+=("$OPTARG");;
46
+    d) domains+=("$OPTARG");;
34 47
 	r) webroot=("$OPTARG");;
35 48
 	e) email=("$OPTARG");;
36 49
     esac
37 50
 done
38 51
 
52
+MAINDOMAIN=${domains[0]}
53
+
54
+if [[ -z ${MAINDOMAIN} ]]; then
55
+	echo "Error: At least one -d argument is required"
56
+	exit 1
57
+fi
58
+
39 59
 if [[ ! -z ${email} ]]; then
40 60
 	email="--email ${email}"
41 61
 else
@@ -58,8 +78,7 @@ done
58 78
 
59 79
 
60 80
 
61
-cd /usr/src/letsencrypt
62
-./letsencrypt-auto ${email} \
81
+${LEBINARY} ${email} \
63 82
         --server https://acme-v01.api.letsencrypt.org/directory \
64 83
         --agree-tos \
65 84
         --renew-by-default \