nginx-certbot/certbot.sh

#!/bin/bash

domains=(example.com example.org)
rsa_key_size=4096
data_path="./data/certbot"
email="" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

echo "### Preparing directories in $data_path ..."
if [ -d "$data_path" ]; then
  read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision
  case $decision in
    [Y]* ) rm -rf "$data_path" && mkdir -p "$data_path";;
    [n]* ) ;;
    * ) echo "Please choose the right variant (Y/n).";;
  esac
fi


if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] && [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "$data_path/conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
fi


for domain in "${domains[@]}"; do
  if [ -d "$data_path/conf/live/$domain" ]; then
    read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision
    case $decision in
      [Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain";;
      [n]* ) domains=(${domains[@]/$domain});;
      * ) echo "Please choose the right variant (Y/n).";;
    esac
  else
    mkdir -p "$data_path/conf/live/$domain"
  fi
done


for domain in "${domains[@]}"; do
  echo "### Creating dummy certificate for $domain domain..."

  path="/etc/letsencrypt/live/$domain"
  docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \
  -days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot
done

echo "### Starting nginx ..."
docker-compose up -d nginx

# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
esac

# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi

for domain in "${domains[@]}"; do
  echo "### Deleting dummy certificate for $domain domain ..."
  rm -rf "$data_path/conf/live/$domain"

  echo "### Requesting Let's Encrypt certificate for $domain domain ..."
  mkdir -p "$data_path/www"
  docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \
  $staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot
  docker-compose exec nginx nginx -s reload
done
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`#!/bin/bash`

			`domains=(example.com example.org)`
			`rsa_key_size=4096`
			`data_path="./data/certbot"`
			`email="" # Adding a valid address is strongly recommended`
			`staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits`

			`echo "### Preparing directories in $data_path ..."`
			`if [ -d "$data_path" ]; then`
			`read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision`
			`case $decision in`
Code formatting 2018-11-28 19:59:46 +03:00			`[Y]* ) rm -rf "$data_path" && mkdir -p "$data_path";;`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`[n]* ) ;;`
			`* ) echo "Please choose the right variant (Y/n).";;`
			`esac`
			`fi`


Fixes are on the way 2018-11-28 20:11:05 +04:00			`if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] && [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`echo "### Downloading recommended TLS parameters ..."`
Code formatting 2018-11-28 19:59:46 +03:00			`mkdir -p "$data_path/conf"`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"`
			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"`
			`fi`


			`for domain in "${domains[@]}"; do`
			`if [ -d "$data_path/conf/live/$domain" ]; then`
			`read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision`
			`case $decision in`
Fixed issue with self-signed certs 2018-11-28 20:33:55 +04:00			`[Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain";;`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`[n]* ) domains=(${domains[@]/$domain});;`
			`* ) echo "Please choose the right variant (Y/n).";;`
			`esac`
			`else`
			`mkdir -p "$data_path/conf/live/$domain"`
			`fi`
			`done`


Firstly: generate dummy self-signed certs for ALL domains and only then start nginx 2018-11-29 18:37:17 +04:00			`for domain in "${domains[@]}"; do`
			`echo "### Creating dummy certificate for $domain domain..."`

			`path="/etc/letsencrypt/live/$domain"`
			`docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \`
			`-days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot`
			`done`

			`echo "### Starting nginx ..."`
			`docker-compose up -d nginx`

A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`# Select appropriate email arg`
			`case "$email" in`
			`"") email_arg="--register-unsafely-without-email" ;;`
			`*) email_arg="--email $email" ;;`
			`esac`

			`# Enable staging mode if needed`
			`if [ $staging != "0" ]; then staging_arg="--staging"; fi`

			`for domain in "${domains[@]}"; do`
Fixes are on the way 2018-11-28 20:11:05 +04:00			`echo "### Deleting dummy certificate for $domain domain ..."`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`rm -rf "$data_path/conf/live/$domain"`

			`echo "### Requesting Let's Encrypt certificate for $domain domain ..."`
Code formatting 2018-11-28 19:59:46 +03:00			`mkdir -p "$data_path/www"`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \`
			`$staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot`
Oops.. Fixed the docker-compose command 2018-11-29 18:50:04 +04:00			`docker-compose exec nginx nginx -s reload`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`done`