From 1504f3f899c6694030e7b3fc09a2589c9ab9f2f7 Mon Sep 17 00:00:00 2001 From: Yaroslav Date: Wed, 28 Nov 2018 20:01:49 +0400 Subject: [PATCH] A lot of changes Now you can simply add new domain to the certbot.sh and rerun script, other domains' certificates won't be touched You can now choose what to delete or not delete And other which is needed to be d --- certbot.sh | 69 +++++++++++++++++++++++++++++++++++++++++++++ init-letsencrypt.sh | 55 ------------------------------------ 2 files changed, 69 insertions(+), 55 deletions(-) create mode 100644 certbot.sh delete mode 100644 init-letsencrypt.sh diff --git a/certbot.sh b/certbot.sh new file mode 100644 index 0000000..e365c84 --- /dev/null +++ b/certbot.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +domains=(example.com example.org) +rsa_key_size=4096 +data_path="./data/certbot" +email="" # Adding a valid address is strongly recommended +staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits + +echo "### Preparing directories in $data_path ..." +if [ -d "$data_path" ]; then + read -p "There is already folder with certbot data, do you want to remove it? (WARNING: removing folder will remove all data which is stored in the $data_path) (Y/n) " decision + case $decision in + [Y]* ) rm -rf "$data_path";; + [n]* ) ;; + * ) echo "Please choose the right variant (Y/n).";; + esac +fi +mkdir -p "$data_path/www" +mkdir -p "$data_path/conf" + + +if [ ! -f "$data_path/conf/options-ssl-nginx.conf" && "$data_path/conf/ssl-dhparams.pem"]; then + echo "### Downloading recommended TLS parameters ..." + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" + curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" +fi + + +for domain in "${domains[@]}"; do + if [ -d "$data_path/conf/live/$domain" ]; then + path="/etc/letsencrypt/live/$domain" + + read -p "There is already folder with $domain domain data, do you want to remove it? (WARNING: removing folder will remove all certbot data for this domain) (Y/n) " decision + case $decision in + [Y]* ) rm -rf "$data_path/conf/live/$domain" && mkdir -p "$data_path/conf/live/$domain" \ + && docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \ + -days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot;; + [n]* ) domains=(${domains[@]/$domain});; + * ) echo "Please choose the right variant (Y/n).";; + esac + else + mkdir -p "$data_path/conf/live/$domain" + fi +done + + +echo "### Starting nginx ..." +docker-compose up -d nginx + + +# Select appropriate email arg +case "$email" in + "") email_arg="--register-unsafely-without-email" ;; + *) email_arg="--email $email" ;; +esac + +# Enable staging mode if needed +if [ $staging != "0" ]; then staging_arg="--staging"; fi + +for domain in "${domains[@]}"; do + echo "### Deleting dummy certificate of $domain domain..." + rm -rf "$data_path/conf/live/$domain" + + echo "### Requesting Let's Encrypt certificate for $domain domain ..." + docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot -d $domain \ + $staging_arg $email_arg --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot +done + +docker-compose stop nginx diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh deleted file mode 100644 index 0504433..0000000 --- a/init-letsencrypt.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash - -domains=( "example.com" "example.org" ) -rsa_key_size=4096 -data_path="./data/certbot" -email="" # Adding a valid address is strongly recommended -staging=0 # Set to 1 if you're just testing your setup to avoid hitting request limits - -echo "### Preparing directories in $data_path ..." -rm -Rf "$data_path" -mkdir -p "$data_path/www" -mkdir -p "$data_path/conf/live/$domains" - - -echo "### Creating dummy certificate ..." -path="/etc/letsencrypt/live/$domains" -mkdir -p "$path" -docker-compose run --rm --entrypoint "openssl req -x509 -nodes -newkey rsa:4096 \ - -days 10 -keyout '$path/privkey.pem' -out '$path/fullchain.pem' -subj '/CN=localhost'" certbot - - -echo "### Downloading recommended TLS parameters ..." -curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" -curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" - - -echo "### Starting nginx ..." -docker-compose up -d nginx - - -echo "### Deleting dummy certificate ..." -sudo rm -Rf "$data_path/conf/live" - - -echo "### Requesting initial certificate ..." - -# Join $domains to -d args -domain_args="" -for domain in "${domains[@]}"; do - domain_args="$domain_args -d $domain" -done - -# Select appropriate email arg -case "$email" in - "") email_arg="--register-unsafely-without-email" ;; - *) email_arg="--email $email" ;; -esac - -# Enable staging mode if needed -if [ $staging != "0" ]; then staging_arg="--staging"; fi - -docker-compose run --rm --entrypoint "certbot certonly --webroot -w /var/www/certbot $staging_arg $email_arg \ - $domain_args --rsa-key-size $rsa_key_size --agree-tos --force-renewal" certbot - -docker-compose stop nginx