2021-01-17 23:45:50 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
ssldir=${1:?"error params"}
|
|
|
|
|
domain=${2:?"error params"}
|
|
|
|
|
|
|
|
|
|
letsencryptdir=$ssldir/letsencrypt
|
|
|
|
|
letsencrypt_script=$letsencryptdir/acme_tiny.py
|
|
|
|
|
|
|
|
|
|
ssl_account_key=${domain}.account.key
|
|
|
|
|
ssl_csr=${domain}.csr
|
|
|
|
|
ssl_key=${domain}.key
|
|
|
|
|
ssl_crt=${domain}.crt
|
|
|
|
|
|
|
|
|
|
mkdir -p /var/www/challenges && chmod -R 777 /var/www/challenges
|
2021-01-18 15:04:12 +00:00
|
|
|
mkdir -p ssldir
|
2021-01-17 23:45:50 +00:00
|
|
|
|
|
|
|
|
if ! [[ -d $letsencryptdir ]]; then
|
|
|
|
|
git clone git://github.com/diafygi/acme-tiny.git $letsencryptdir
|
|
|
|
|
else
|
|
|
|
|
cd $letsencryptdir
|
|
|
|
|
git pull origin master:master
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
cd $ssldir
|
|
|
|
|
|
|
|
|
|
if [[ ! -e ${ssl_account_key} ]]; then
|
|
|
|
|
openssl genrsa 4096 > ${ssl_account_key}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [[ ! -e ${ssl_key} ]]; then
|
|
|
|
|
openssl genrsa 4096 > ${ssl_key}
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
if [[ ! -e ${ssl_csr} ]]; then
|
|
|
|
|
openssl req -new -sha256 -key ${ssl_key} -subj "/CN=$domain" > $ssl_csr
|
|
|
|
|
fi
|
|
|
|
|
|
2021-01-18 15:04:12 +00:00
|
|
|
python $letsencrypt_script --account-key ${ssl_account_key} --csr $ssl_csr --acme-dir /var/www/challenges/ > ./signed.crt
|
2021-01-17 23:45:50 +00:00
|
|
|
curl -sSL -o intermediate.pem https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem
|
|
|
|
|
cat signed.crt intermediate.pem > ${ssl_crt}
|
|
|
|
|
|
|
|
|
|
nginx -s reload
|
|
|
|
|
|
|
|
|
|
echo "Nginx reloaded."
|
