-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathletsencrypt.sh
executable file
·66 lines (54 loc) · 1.71 KB
/
letsencrypt.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
#!/bin/bash
# set working directory
DIR="$(dirname $0)"
mkdir -p "$DIR/data"
cd "$DIR/data"
## Create account key for LetsEncrypt.org once
if [ ! -f account.key ]; then
openssl genrsa 4096 > account.key
#openssl rsa -in account.key -pubout > account.pub
fi
## Create CSR and key once
if [ ! -f csr.pem ]; then
# Get system ssl config
CNF=/etc/ssl/openssl.cnf
if [ ! -f $CNF ]; then
echo 'Error: Cant find openssl.cnf'
exit 1
fi
cp $CNF openssl.cnf
# Get user config
if [ ! -f csr.conf ]; then
echo 'Error: Cant find csr.conf, please place in ./data/csr.conf'
exit 1
fi
SUBJECT="$(head -1 csr.conf)"
DOMAINS="$(tail -1 csr.conf)"
if [[ -z "$SUBJECT" ]] || [[ -z "$DOMAINS" ]]; then
echo 'Error: csr.conf is incomplete'
exit 1
fi
# Add user confing to system config
echo '[SAN]' >> openssl.cnf
echo "subjectAltName=$DOMAINS" >> openssl.cnf
# Create CSR and key
openssl req -new \
-keyout csr.key.pem -newkey rsa:4096 -sha256 -nodes \
-subj "$SUBJECT" -reqexts SAN \
-config openssl.cnf \
-out csr.pem
fi
## Get latest acme_tiny script
wget -q https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py -O acme_tiny.py
## Prep challenge directory
CDIR=/home/public/.well-known/acme-challenge
mkdir -p $CDIR
## Submit CSR and get cert
python2 acme_tiny.py --quiet --account-key account.key --csr csr.pem \
--acme-dir $CDIR > cert.pem || exit
## Get chain cert (warning: this could change)
wget -q https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O chain.pem
## Get root cert
wget -q https://letsencrypt.org/certs/isrgrootx1.pem -O root.pem
## Add certificates to nfsn
cat csr.key.pem cert.pem chain.pem root.pem | nfsn -i 'set-tls'