From f17f60fb84c03e07d3aea1f7bcf44c7b564e6834 Mon Sep 17 00:00:00 2001
From: Philipp <github@vanbittern.com>
Date: Sun, 27 Oct 2019 22:35:26 +0100
Subject: [PATCH] v2 of init-letsencrypt.sh

Make all options configurable via script arguments
---
 data/nginx/app.conf |   6 +--
 init-letsencrypt.sh | 114 ++++++++++++++++++++++++++++++++++----------
 2 files changed, 92 insertions(+), 28 deletions(-)

diff --git a/data/nginx/app.conf b/data/nginx/app.conf
index 52dc0e7..822487f 100644
--- a/data/nginx/app.conf
+++ b/data/nginx/app.conf
@@ -1,6 +1,5 @@
 server {
     listen 80;
-    server_name example.org;
     server_tokens off;
 
     location /.well-known/acme-challenge/ {
@@ -14,11 +13,10 @@ server {
 
 server {
     listen 443 ssl;
-    server_name example.org;
     server_tokens off;
 
-    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem;
+    ssl_certificate /etc/letsencrypt/live/all/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/all/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
 
diff --git a/init-letsencrypt.sh b/init-letsencrypt.sh
index 0f15e68..4509eff 100755
--- a/init-letsencrypt.sh
+++ b/init-letsencrypt.sh
@@ -1,11 +1,73 @@
 #!/bin/bash
 
-domains=(example.com www.example.com)
+domains=(example.com www.example.com) # Specify domains here or use the -d argument
+data_path="./data/certbot" # Specify data path here or use the --data-path argument
+email="" # Specify email here or use the --email argument
+staging=0 # Set to 1 here or use the --staging argument
 rsa_key_size=4096
-data_path="./data/certbot"
-email="" # Adding a valid address is strongly recommended
-staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
 
+print_help() {
+  echo "Usage: `basename $0` [-d DOMAIN] [--staging] [-f COMPOSE_FILE] [--data-path PATH]"
+  echo ""
+  echo "You can either modify `basename $0` directly or use the following options to adjust its behavior."
+  echo ""
+  echo "Options:"
+  echo "-h, --help:          Print this help."
+  echo "-d, --domain DOMAIN: Request certificates for the given DOMAIN. Can be used multiple times (e.g. -d example.com -d www.example.com)."
+  echo "-f, --file PATH:     If given, use specified docker-compose configuration file."
+  echo "-m, --email EMAIL:   If given, use EMAIL to registert Let's Encrypt account"
+  echo "--staging:           Use Let's Encrypt in Staging Mode"
+  echo "--data-path:         Set path for storing certificate data"
+}
+
+while [[ $# -gt 0 ]]; do
+  case $1 in
+    -h|--help)
+      print_help
+      exit
+      ;;
+    -d|--domain)
+      if [ "${domains[0]}" == "example.com" ]; then domains=(); fi
+      domains+=("$2")
+      shift; shift
+      ;;
+    --staging)
+      staging=1
+      shift;
+      ;;
+    -f|--file)
+      compose_file="$2"
+      shift; shift
+      ;;
+    -m|--email)
+      email="$2"
+      shift; shift
+      ;;
+    --data-path)
+      data_path="$2"
+      shift; shift
+      ;;
+    *)
+      echo "Unknown argument: $1"
+      exit
+      ;;
+  esac
+done
+
+# Make sure at least one domain has been configured
+if [ "${domains[0]}" == "example.com" ] || [ "${domains[0]}" == "" ]; then
+  echo "Error: You must specify at least one domain."
+  exit 1
+fi
+
+# Set compose_file_arg if requested
+if [ "$compose_file" != "" ]; then
+  compose_file_arg="-f $compose_file"
+else
+  compose_file_arg=""
+fi
+
+# Ask for confirmation before replacing existing certificates
 if [ -d "$data_path" ]; then
   read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
   if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
@@ -13,40 +75,42 @@ if [ -d "$data_path" ]; then
   fi
 fi
 
-
+# Download TLS parameters
 if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
   echo "### Downloading recommended TLS parameters ..."
   mkdir -p "$data_path/conf"
-  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
+  curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
   curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
   echo
 fi
 
+# Create dummy certificate
 echo "### Creating dummy certificate for $domains ..."
-path="/etc/letsencrypt/live/$domains"
-mkdir -p "$data_path/conf/live/$domains"
-docker-compose run --rm --entrypoint "\
-  openssl req -x509 -nodes -newkey rsa:1024 -days 1\
+path="/etc/letsencrypt/live/all"
+mkdir -p "$data_path/conf/live/all"
+docker-compose ${compose_file_arg} run --rm --entrypoint "\
+  openssl req -x509 -nodes -newkey rsa:1024 -days 1 \
     -keyout '$path/privkey.pem' \
     -out '$path/fullchain.pem' \
     -subj '/CN=localhost'" certbot
 echo
 
-
+# Start nginx
 echo "### Starting nginx ..."
-docker-compose up --force-recreate -d nginx
+docker-compose ${compose_file_arg} up --force-recreate --no-deps -d nginx
 echo
 
+# Delete dummy certificate
 echo "### Deleting dummy certificate for $domains ..."
-docker-compose run --rm --entrypoint "\
-  rm -Rf /etc/letsencrypt/live/$domains && \
-  rm -Rf /etc/letsencrypt/archive/$domains && \
-  rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
+docker-compose ${compose_file_arg} run --rm --entrypoint "\
+  rm -Rf /etc/letsencrypt/live/all && \
+  rm -Rf /etc/letsencrypt/archive/all && \
+  rm -Rf /etc/letsencrypt/renewal/all.conf" certbot
 echo
 
 
 echo "### Requesting Let's Encrypt certificate for $domains ..."
-#Join $domains to -d args
+# Join $domains to -d args
 domain_args=""
 for domain in "${domains[@]}"; do
   domain_args="$domain_args -d $domain"
@@ -58,18 +122,20 @@ case "$email" in
   *) email_arg="--email $email" ;;
 esac
 
-# Enable staging mode if needed
+# Enable staging mode if requested
 if [ $staging != "0" ]; then staging_arg="--staging"; fi
 
-docker-compose run --rm --entrypoint "\
+docker-compose ${compose_file_arg} run --rm --entrypoint "\
   certbot certonly --webroot -w /var/www/certbot \
-    $staging_arg \
-    $email_arg \
-    $domain_args \
-    --rsa-key-size $rsa_key_size \
+    ${staging_arg} \
+    ${email_arg} \
+    ${domain_args} \
+    --cert-name all \
+    --rsa-key-size ${rsa_key_size} \
     --agree-tos \
     --force-renewal" certbot
 echo
 
+# Reload nginx
 echo "### Reloading nginx ..."
-docker-compose exec nginx nginx -s reload
+docker-compose ${compose_file_arg} exec nginx nginx -s reload