kiero · June 4, 2024 12:05 · kiero · Nov 23, 2016
diff --git a/letsencrypt_generator.sh b/letsencrypt_generator.sh
 #!/usr/bin/env bash
 # Script for creating Let's Encrypt SSL certifcate.
 # Used by cron job mostly.

 # Set PATH variable for purposes of this script
 PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:login/bin

 export ACME_HOME="${HOME}/acme-tiny"

 # Create Acme Tiny files
 if [ ! -d "$ACME_HOME" ]; then
  mkdir -p "$ACME_HOME"
  wget https://github.com/diafygi/acme-tiny/raw/master/acme_tiny.py -O "${ACME_HOME}/acme_tiny.py"
  wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O "${ACME_HOME}/intermediate.pem"
  openssl genrsa 4096 > "${ACME_HOME}/account.key"
 fi

 # sign_domain <domain> <ip> <type>
 # E.g. sign_domain example.com 8.8.8.8 php
 function sign_domain() {
  domain=$1
  ip_address=$2
  website_type=$3

  if [ -z $website_type -o $website_type == "php" -o $website_type == "html" ]; then
    local knowndir="$HOME/domains/$domain/public_html/.well-known"
  else
    local knowndir="$HOME/domains/$domain/public_$website_type/public/.well-known"
  fi
  local workdir="$HOME/acme-tiny/$domain"

  rm -rf "${knowndir}" "${workdir}"

  # Check if there is a SSL certificate for given IP address and domain
  devil ssl www list | grep "${ip_address}" | grep "${domain}" &> /dev/null
  devil_ssl_exit_code=$?

  # Delete SSL certificate if it exists
  if [[ $devil_ssl_exit_code = 0 ]]; then
    devil ssl www del "${ip_address}" "${domain}"
  fi

  mkdir -p "${workdir}" "${knowndir}/acme-challenge/"

  openssl genrsa 4096 > "${workdir}/domain.key"
  openssl req -new -sha256 -key "${workdir}/domain.key" -subj "/CN=$domain" > "${workdir}/domain.csr"

  # Need to turn off Force SSL for the domain. Otherwise acme_tiny.py script will throw error.
  devil www options "${domain}" sslonly off

  python ${ACME_HOME}/acme_tiny.py --account-key "${ACME_HOME}/account.key" \
                      --csr "${workdir}/domain.csr" \
                      --acme-dir "${knowndir}/acme-challenge/" > "${workdir}/signed.crt"

  cat "${workdir}/signed.crt" "${ACME_HOME}/intermediate.pem" > "${workdir}/chained.pem"

  # Add SSL certificate
  devil ssl www add "$ip_address" "${workdir}/chained.pem" "${workdir}/domain.key" "$domain"

  rm -rf "${knowndir}"

  # Turn on Force SSL for the domain.
  devil www options "${domain}" sslonly on
 };

 # Run
 sign_domain <domain> <ip_address> <website_type>
	#!/usr/bin/env bash
	# Script for creating Let's Encrypt SSL certifcate.
	# Used by cron job mostly.

	# Set PATH variable for purposes of this script
	PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:login/bin

	export ACME_HOME="${HOME}/acme-tiny"

	# Create Acme Tiny files
	if [ ! -d "$ACME_HOME" ]; then
	mkdir -p "$ACME_HOME"
	wget https://github.com/diafygi/acme-tiny/raw/master/acme_tiny.py -O "${ACME_HOME}/acme_tiny.py"
	wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O "${ACME_HOME}/intermediate.pem"
	openssl genrsa 4096 > "${ACME_HOME}/account.key"
	fi

	# sign_domain <domain> <ip> <type>
	# E.g. sign_domain example.com 8.8.8.8 php
	function sign_domain() {
	domain=$1
	ip_address=$2
	website_type=$3

	if [ -z $website_type -o $website_type == "php" -o $website_type == "html" ]; then
	local knowndir="$HOME/domains/$domain/public_html/.well-known"
	else
	local knowndir="$HOME/domains/$domain/public_$website_type/public/.well-known"
	fi
	local workdir="$HOME/acme-tiny/$domain"

	rm -rf "${knowndir}" "${workdir}"

	# Check if there is a SSL certificate for given IP address and domain
	devil ssl www list \| grep "${ip_address}" \| grep "${domain}" &> /dev/null
	devil_ssl_exit_code=$?

	# Delete SSL certificate if it exists
	if [[ $devil_ssl_exit_code = 0 ]]; then
	devil ssl www del "${ip_address}" "${domain}"
	fi

	mkdir -p "${workdir}" "${knowndir}/acme-challenge/"

	openssl genrsa 4096 > "${workdir}/domain.key"
	openssl req -new -sha256 -key "${workdir}/domain.key" -subj "/CN=$domain" > "${workdir}/domain.csr"

	# Need to turn off Force SSL for the domain. Otherwise acme_tiny.py script will throw error.
	devil www options "${domain}" sslonly off

	python ${ACME_HOME}/acme_tiny.py --account-key "${ACME_HOME}/account.key" \
	--csr "${workdir}/domain.csr" \
	--acme-dir "${knowndir}/acme-challenge/" > "${workdir}/signed.crt"

	cat "${workdir}/signed.crt" "${ACME_HOME}/intermediate.pem" > "${workdir}/chained.pem"

	# Add SSL certificate
	devil ssl www add "$ip_address" "${workdir}/chained.pem" "${workdir}/domain.key" "$domain"

	rm -rf "${knowndir}"

	# Turn on Force SSL for the domain.
	devil www options "${domain}" sslonly on
	};

	# Run
	sign_domain <domain> <ip_address> <website_type>
No results found