No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

gen-cert.sh 2.9KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. #!/bin/bash
  2. # Easy letsencrypt certs using a bash script.
  3. # v1.4 - 03/21/2017
  4. # By Brielle Bruns <bruns@2mbit.com>
  5. # http://www.sosdg.org
  6. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
  7. # Use like: gen-cert.sh -d domain1.com -d domain2.com
  8. #
  9. # There are three options for authentication:
  10. #
  11. # 1) Webroot (normal)
  12. # Specify -r flag with -d and -e flags.
  13. # gen-cert.sh -d domain1.com -r /var/www/domain1.com
  14. #
  15. # 2) Webroot (alias)
  16. # Same as #1, but also include an alias directive in apache like in:
  17. # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-alias.conf
  18. # And:
  19. # mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
  20. # gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root
  21. #
  22. # 3) Proxy auth
  23. # This auth method uses the standalone authenticator with a mod_proxy
  24. # https://source.sosdg.org/brielle/lets-encrypt-scripts/blob/master/apache-le-proxy.conf
  25. # Original proxy idea from:
  26. # http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
  27. PROXYAUTH="--standalone --preferred-challenges http-01 --http-01-port 9999"
  28. # Location of LetsEncrypt binary we use. Leave unset if you want to let it find automatically
  29. #LEBINARY="/usr/src/letsencrypt/certbot-auto"
  30. DEFAULTLEBINARY="/usr/bin/certbot /usr/bin/letsencrypt /usr/sbin/certbot
  31. /usr/sbin/letsencrypt /usr/local/bin/certbot /usr/local/sbin/certbot
  32. /usr/local/bin/letsencrypt /usr/local/sbin/letsencrypt
  33. /usr/src/letsencrypt/certbot-auto /usr/src/letsencrypt/letsencrypt-auto
  34. /usr/src/certbot/certbot-auto /usr/src/certbot/letsencrypt-auto
  35. /usr/src/certbot-master/certbot-auto /usr/src/certbot-master/letsencrypt-auto"
  36. if [[ ! -v LEBINARY ]]; then
  37. for i in ${DEFAULTLEBINARY}; do
  38. if [[ -x ${i} ]]; then
  39. LEBINARY=${i}
  40. echo "Found LetsEncrypt/Certbot binary at ${LEBINARY}"
  41. break
  42. fi
  43. done
  44. fi
  45. if [[ ! -x ${LEBINARY} ]]; then
  46. echo "Error: LetsEncrypt binary not found in ${LEBINARY} !"
  47. echo "You'll need to do one of the following:"
  48. echo "1) Change LEBINARY variable in this script"
  49. echo "2) Install LE manually or via your package manager and do #1"
  50. echo "3) Use the included get-letsencrypt.sh script to install it"
  51. exit 1
  52. fi
  53. while getopts "d:r:e:" opt; do
  54. case $opt in
  55. d) domains+=("$OPTARG");;
  56. r) webroot=("$OPTARG");;
  57. e) email=("$OPTARG");;
  58. esac
  59. done
  60. MAINDOMAIN=${domains[0]}
  61. if [[ -z ${MAINDOMAIN} ]]; then
  62. echo "Error: At least one -d argument is required"
  63. exit 1
  64. fi
  65. if [[ ! -z ${email} ]]; then
  66. email="--email ${email}"
  67. else
  68. email=""
  69. fi
  70. # Webroot auth method, activated with -r
  71. WEBAUTH="-a webroot --webroot-path ${webroot}"
  72. if [[ -z ${webroot} ]]; then
  73. AUTH=${PROXYAUTH}
  74. else
  75. AUTH=${WEBAUTH}
  76. fi
  77. shift $((OPTIND -1))
  78. for val in "${domains[@]}"; do
  79. DOMAINS="${DOMAINS} -d ${val} "
  80. done
  81. ${LEBINARY} ${email} \
  82. --server https://acme-v01.api.letsencrypt.org/directory \
  83. --agree-tos \
  84. --renew-by-default \
  85. ${AUTH} \
  86. ${DOMAINS} \
  87. certonly