mirror of
https://github.com/wmnnd/nginx-certbot
synced 2023-04-20 18:47:46 +08:00
A lot of changes
Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d
This commit is contained in:
Yaroslav
parent
73af7708a0
commit
1504f3f899
69
certbot.sh
Normal file
69
certbot.sh
Normal file
@ -0,0 +1,69 @@
|
||||
#!/bin/bash
|
||||
|
||||
domains=(example.com example.org)
|
||||
rsa_key_size=4096
|
||||
data_path="./data/certbot"
|
||||
email="" # Adding a valid address is strongly recommended
|
||||
staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
|
||||
|
||||
echo "### Preparing directories in $data_path ..."
|
||||
if [ -d "$data_path" ]; then
|
||||
read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision
|
||||
case $decision in
|
||||
[Y]* ) rm -rf "$data_path";;
|
||||
[n]* ) ;;
|
||||
* ) echo "Please choose the right variant (Y/n).";;
|
||||
esac
|
||||
fi
|
||||
mkdir -p "$data_path/www"
|
||||
mkdir -p "$data_path/conf"
|
||||
|
||||
|
||||
if [ ! -f "$data_path/conf/options-ssl-nginx.conf" && "$data_path/conf/ssl-dhparams.pem"]; then
|
||||
echo "### Downloading recommended TLS parameters ..."
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
||||
fi
|
||||
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
if [ -d "$data_path/conf/live/$domain" ]; then
|
||||
path="/etc/letsencrypt/live/$domain"
|
||||
|
||||
read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision
|
||||
case $decision in
|
||||
[Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain" \
|
||||
&& docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \
|
||||
-days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot;;
|
||||
[n]* ) domains=(${domains[@]/$domain});;
|
||||
* ) echo "Please choose the right variant (Y/n).";;
|
||||
esac
|
||||
else
|
||||
mkdir -p "$data_path/conf/live/$domain"
|
||||
fi
|
||||
done
|
||||
|
||||
|
||||
echo "### Starting nginx ..."
|
||||
docker-compose up -d nginx
|
||||
|
||||
|
||||
# Select appropriate email arg
|
||||
case "$email" in
|
||||
"") email_arg="--register-unsafely-without-email" ;;
|
||||
*) email_arg="--email $email" ;;
|
||||
esac
|
||||
|
||||
# Enable staging mode if needed
|
||||
if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
||||
|
||||
for domain in "${domains[@]}"; do
|
||||
echo "### Deleting dummy certificate of $domain domain..."
|
||||
rm -rf "$data_path/conf/live/$domain"
|
||||
|
||||
echo "### Requesting Let's Encrypt certificate for $domain domain ..."
|
||||
docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \
|
||||
$staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot
|
||||
done
|
||||
|
||||
docker-compose stop nginx
|
||||
@ -1,55 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
domains=( "example.com" "example.org" )
|
||||
rsa_key_size=4096
|
||||
data_path="./data/certbot"
|
||||
email="" # Adding a valid address is strongly recommended
|
||||
staging=0 # Set to 1 if you're just testing your setup to avoid hitting request limits
|
||||
|
||||
echo "### Preparing directories in $data_path ..."
|
||||
rm -Rf "$data_path"
|
||||
mkdir -p "$data_path/www"
|
||||
mkdir -p "$data_path/conf/live/$domains"
|
||||
|
||||
|
||||
echo "### Creating dummy certificate ..."
|
||||
path="/etc/letsencrypt/live/$domains"
|
||||
mkdir -p "$path"
|
||||
docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \
|
||||
-days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot
|
||||
|
||||
|
||||
echo "### Downloading recommended TLS parameters ..."
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
||||
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
||||
|
||||
|
||||
echo "### Starting nginx ..."
|
||||
docker-compose up -d nginx
|
||||
|
||||
|
||||
echo "### Deleting dummy certificate ..."
|
||||
sudo rm -Rf "$data_path/conf/live"
|
||||
|
||||
|
||||
echo "### Requesting initial certificate ..."
|
||||
|
||||
# Join $domains to -d args
|
||||
domain_args=""
|
||||
for domain in "${domains[@]}"; do
|
||||
domain_args="$domain_args -d $domain"
|
||||
done
|
||||
|
||||
# Select appropriate email arg
|
||||
case "$email" in
|
||||
"") email_arg="--register-unsafely-without-email" ;;
|
||||
*) email_arg="--email $email" ;;
|
||||
esac
|
||||
|
||||
# Enable staging mode if needed
|
||||
if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
||||
|
||||
docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot $staging_arg $email_arg \
|
||||
$domain_args --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot
|
||||
|
||||
docker-compose stop nginx
|
||||
Loading…
x
Reference in New Issue
Block a user