-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcertify
executable file
·96 lines (80 loc) · 3.43 KB
/
certify
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
#!/bin/bash
# ------------------------
# Invoke script as following:
# ./certify <Country-City> <webroot>
# e.g.:
# ./certify Germany-Hamburg /srv/trufi/nginx/www
# ------------------------
# <webroot> explained
# <webroot> specifies the directory to save the token Let's Encrypt generates for you. That <webroot> needs to be served by a web server which you set up to react when Let's Encrypt pings your domain you want to enable HTTPS on port 80 (HTTP port) for. It looks up the token to verify that the domain really belongs to you. See https://stackoverflow.com/questions/49964315/what-should-letsencrypt-certbot-autos-webroot-path-be-for-a-non-php-non-sta for better explanation.
source ./lib/colorful
letsencryptDirHost="./data/letsencrypt"
letsencryptDirConfig="$letsencryptDirHost/config"
letsencryptDirLog="$letsencryptDirHost/log"
letsencryptDirWork="$letsencryptDirHost/work"
pathsToCheck=( "$letsencryptDirHost" "$letsencryptDirConfig" "$letsencryptDirLog" "$letsencryptDirWork" )
emailArg="--register-unsafely-without-email"
blueecho "1. perform some checks & normalizations ..."
source ./lib/validation
webroot="${args[0]}"
if [ -n "${args[1]}" ]; then
domain="${args[1]}"
fi
if [ -n "$email" ]; then
emailArg="--email $email"
else
redecho " registering a HTTPS certificate without specifying an email address is discouraged but allowed!"
fi
for item in "${pathsToCheck[@]}"; do
if ! [ -d "$item" ]; then
mkdir -p $item --verbose
fi
if ! [ -d "$item" ]; then
redecho "Error: Creation of directory '$item' failed! Do I have write access?"
exit 1
fi
done
if [ -z "$webroot" ]; then
echo -e "Where is the webroot? A directory where certbot stores the token sent by Let's Encrypt to verify that you own the domain and which will be served by a web server running on port 80\033[0;34m"
read webroot
if [ -z "$webroot" ] && ! [ -d "$webroot" ]; then
redecho "Invalid input! Either provided an empty input or the specified directory does not exist"
exit 1
fi
fi
# modify that line as you like and as required to fit your setup
cmd="certbot certonly --webroot --webroot-path \"$webroot\" -d $domain --config-dir \"$letsencryptDirConfig\" --work-dir \"$letsencryptDirWork\" --logs-dir \"$letsencryptDirLog\" $emailArg --rsa-key-size 4096 --agree-tos --non-interactive" #--force-renewal
blueecho "2. executing '$cmd' ..."
eval $cmd # execute the command stored in the variable 'cmd'
blueecho "3. Setting up automatic renewal of HTTPS certificate for domain '$domain' every 60 days from now on"
orangeecho " creating systemd system service file ..."
servicefilepath="/etc/systemd/system/$domain.service"
if [ -f "$servicefilepath" ]; then
greenecho " already exists somehow, won't overwrite!"
else
echo "[Unit]
Description=renew certificate for domain '$domain'
[Service]
Type=simple
WorkingDirectory=$PWD
ExecStart=$cmd
" | sudo tee "$servicefilepath"
sudo systemctl disable "$domain.service"
fi
orangeecho " creating systemd system timer file ..."
timerfilepath="/etc/systemd/system/$domain.timer"
if [ -f "$timerfilepath" ]; then
greenecho " already exists somehow, won't overwrite!"
else
echo "[Unit]
Description=timer to renew certificate for domain '$domain'
[Timer]
OnCalendar=$(date --date="60 days" +"%Y-%m-%d") 00:00:00
OnUnitActiveSec=60d
Persistent=true
[Install]
WantedBy=basic.target"| sudo tee "$timerfilepath"
sudo systemctl enable "$domain.timer"
fi
orangeecho " activating systemd system timer ..."
sudo systemctl daemon-reload