nginx-certbot/init-letsencrypt.sh

#!/bin/bash

domains=(example.com www.example.com)
rsa_key_size=4096
data_path="./data/certbot"
email="" # Adding a valid address is strongly recommended
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits

if [ "$EUID" -ne 0 ]; then
  read -p "You ran this script without root privileges, do you want to continue? (WARNING: script won't be able to delete generated by Let's Encrypt TLS certificates) (Y/n) " decision
  case $decision in
    [Y]* ) ;;
    [n]* ) exit;;
    * ) echo "Please choose the right variant (Y/n).";;
  esac
fi


echo "### Preparing directories in $data_path ..."
if [ -d "$data_path" ]; then
  read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision
  case $decision in
    [Y]* ) rm -rf "$data_path" && mkdir -p "$data_path";;
    [n]* ) ;;
    * ) echo "Please choose the right variant (Y/n).";;
  esac
fi


if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] && [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
  echo "### Downloading recommended TLS parameters ..."
  mkdir -p "$data_path/conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
fi


for domain in "${domains[@]}"; do
  if [ -d "$data_path/conf/live/$domain" ]; then
    read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision
    case $decision in
      [Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain";;
      [n]* ) domains=(${domains[@]/$domain});;
      * ) echo "Please choose the right variant (Y/n).";;
    esac
  else
    mkdir -p "$data_path/conf/live/$domain"
  fi
done


for domain in "${domains[@]}"; do
  echo "### Creating dummy certificate for $domain domain..."

  path="/etc/letsencrypt/live/$domain"
  docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:1024 \
  -days 1 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot
done

echo "### Starting nginx ..."
# Restarting for case if nginx container is already started
docker-compose up -d nginx && docker-compose restart nginx

# Select appropriate email arg
case "$email" in
  "") email_arg="--register-unsafely-without-email" ;;
  *) email_arg="--email $email" ;;
esac

# Enable staging mode if needed
if [ $staging != "0" ]; then staging_arg="--staging"; fi

for domain in "${domains[@]}"; do
  echo "### Deleting dummy certificate for $domain domain ..."
  rm -rf "$data_path/conf/live/$domain"

  echo "### Requesting Let's Encrypt certificate for $domain domain ..."
  mkdir -p "$data_path/www"
  docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \
  $staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot
done

docker-compose exec nginx nginx -s reload
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`#!/bin/bash`

Change default domains to example.com/www.example.com This should make it clearer that init-letsencrypt creates one certificate for all domains 2019-01-01 21:58:57 +01:00			`domains=(example.com www.example.com)`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`rsa_key_size=4096`
			`data_path="./data/certbot"`
			`email="" # Adding a valid address is strongly recommended`
			`staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits`

Add error when init-letsencrypt.sh runs doesn't run as root 2018-12-18 00:01:41 +04:00			`if [ "$EUID" -ne 0 ]; then`
Fix grammar 2018-12-23 14:50:09 +04:00			`read -p "You ran this script without root privileges, do you want to continue? (WARNING: script won't be able to delete generated by Let's Encrypt TLS certificates) (Y/n) " decision`
Root privileges are now optional 2018-12-23 14:47:29 +04:00			`case $decision in`
			`[Y]* ) ;;`
			`[n]* ) exit;;`
			`* ) echo "Please choose the right variant (Y/n).";;`
			`esac`
Add error when init-letsencrypt.sh runs doesn't run as root 2018-12-18 00:01:41 +04:00			`fi`


A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`echo "### Preparing directories in $data_path ..."`
			`if [ -d "$data_path" ]; then`
			`read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision`
			`case $decision in`
Code formatting 2018-11-28 19:59:46 +03:00			`[Y]* ) rm -rf "$data_path" && mkdir -p "$data_path";;`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`[n]* ) ;;`
			`* ) echo "Please choose the right variant (Y/n).";;`
			`esac`
			`fi`


Fixes are on the way 2018-11-28 20:11:05 +04:00			`if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] && [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`echo "### Downloading recommended TLS parameters ..."`
Code formatting 2018-11-28 19:59:46 +03:00			`mkdir -p "$data_path/conf"`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"`
			`curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"`
			`fi`


			`for domain in "${domains[@]}"; do`
			`if [ -d "$data_path/conf/live/$domain" ]; then`
			`read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision`
			`case $decision in`
Fixed issue with self-signed certs 2018-11-28 20:33:55 +04:00			`[Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain";;`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`[n]* ) domains=(${domains[@]/$domain});;`
			`* ) echo "Please choose the right variant (Y/n).";;`
			`esac`
			`else`
			`mkdir -p "$data_path/conf/live/$domain"`
			`fi`
			`done`


Firstly: generate dummy self-signed certs for ALL domains and only then start nginx 2018-11-29 18:37:17 +04:00			`for domain in "${domains[@]}"; do`
			`echo "### Creating dummy certificate for $domain domain..."`

			`path="/etc/letsencrypt/live/$domain"`
Switched back to 1024 RSA & renamed certbot.sh -> init-letsencrypt.sh It is useless to use RSA 4096 self-signed certificate because it will be removed 2018-11-29 20:30:39 +04:00			`docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:1024 \`
			`-days 1 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot`
Firstly: generate dummy self-signed certs for ALL domains and only then start nginx 2018-11-29 18:37:17 +04:00			`done`

			`echo "### Starting nginx ..."`
Small change 2018-11-29 19:12:31 +04:00			`# Restarting for case if nginx container is already started`
Fixed the issue with up -d 2018-11-29 19:15:33 +04:00			`docker-compose up -d nginx && docker-compose restart nginx`
Firstly: generate dummy self-signed certs for ALL domains and only then start nginx 2018-11-29 18:37:17 +04:00
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`# Select appropriate email arg`
			`case "$email" in`
			`"") email_arg="--register-unsafely-without-email" ;;`
			`*) email_arg="--email $email" ;;`
			`esac`

			`# Enable staging mode if needed`
			`if [ $staging != "0" ]; then staging_arg="--staging"; fi`

			`for domain in "${domains[@]}"; do`
Fixes are on the way 2018-11-28 20:11:05 +04:00			`echo "### Deleting dummy certificate for $domain domain ..."`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`rm -rf "$data_path/conf/live/$domain"`

			`echo "### Requesting Let's Encrypt certificate for $domain domain ..."`
Code formatting 2018-11-28 19:59:46 +03:00			`mkdir -p "$data_path/www"`
A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d 2018-11-28 20:01:49 +04:00			`docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \`
			`$staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot`
			`done`
Executing nginx reload only after everything 2018-11-29 18:56:59 +04:00
			`docker-compose exec nginx nginx -s reload`