diff --git a/certbot.sh b/certbot.sh new file mode 100644 index 0000000..e365c84 --- /dev/null +++ b/certbot.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +domains=(example.com example.org) +rsa_key_size=4096 +data_path="./data/certbot" +email="" # Adding a valid address is strongly recommended +staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits + +echo "### Preparing directories in $data_path ..." +if [ -d "$data_path" ]; then + read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision + case $decision in + [Y]* ) rm -rf "$data_path";; + [n]* ) ;; + * ) echo "Please choose the right variant (Y/n).";; + esac +fi +mkdir -p "$data_path/www" +mkdir -p "$data_path/conf" + + +if [ ! -f "$data_path/conf/options-ssl-nginx.conf" && "$data_path/conf/ssl-dhparams.pem"]; then + echo "### Downloading recommended TLS parameters ..." + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" +fi + + +for domain in "${domains[@]}"; do + if [ -d "$data_path/conf/live/$domain" ]; then + path="/etc/letsencrypt/live/$domain" + + read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision + case $decision in + [Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain" \ + && docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \ + -days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot;; + [n]* ) domains=(${domains[@]/$domain});; + * ) echo "Please choose the right variant (Y/n).";; + esac + else + mkdir -p "$data_path/conf/live/$domain" + fi +done + + +echo "### Starting nginx ..." +docker-compose up -d nginx + + +# Select appropriate email arg +case "$email" in + "") email_arg="--register-unsafely-without-email" ;; + *) email_arg="--email $email" ;; +esac + +# Enable staging mode if needed +if [ $staging != "0" ]; then staging_arg="--staging"; fi + +for domain in "${domains[@]}"; do + echo "### Deleting dummy certificate of $domain domain..." + rm -rf "$data_path/conf/live/$domain" + + echo "### Requesting Let's Encrypt certificate for $domain domain ..." + docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \ + $staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot +done + +docker-compose stop nginx diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh deleted file mode 100644 index 0504433..0000000 --- a/init-letsencrypt.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -domains=( "example.com" "example.org" ) -rsa_key_size=4096 -data_path="./data/certbot" -email="" # Adding a valid address is strongly recommended -staging=0 # Set to 1 if you're just testing your setup to avoid hitting request limits - -echo "### Preparing directories in $data_path ..." -rm -Rf "$data_path" -mkdir -p "$data_path/www" -mkdir -p "$data_path/conf/live/$domains" - - -echo "### Creating dummy certificate ..." -path="/etc/letsencrypt/live/$domains" -mkdir -p "$path" -docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \ - -days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot - - -echo "### Downloading recommended TLS parameters ..." -curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" -curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" - - -echo "### Starting nginx ..." -docker-compose up -d nginx - - -echo "### Deleting dummy certificate ..." -sudo rm -Rf "$data_path/conf/live" - - -echo "### Requesting initial certificate ..." - -# Join $domains to -d args -domain_args="" -for domain in "${domains[@]}"; do - domain_args="$domain_args -d $domain" -done - -# Select appropriate email arg -case "$email" in - "") email_arg="--register-unsafely-without-email" ;; - *) email_arg="--email $email" ;; -esac - -# Enable staging mode if needed -if [ $staging != "0" ]; then staging_arg="--staging"; fi - -docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot $staging_arg $email_arg \ - $domain_args --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot - -docker-compose stop nginx