2018-11-30 10:46:11 +01:00
#!/bin/bash
# Make sure to load environment variables.
. ~/.bashrc
2020-11-13 15:26:11 +01:00
ACME_DIR = "/root/.acme.sh"
ACME = " ${ ACME_DIR } /acme.sh --force "
2018-11-30 10:46:11 +01:00
BASE = "/srv/ssl"
2018-11-30 10:46:23 +01:00
ECHO_PREFIX = "[acme.sh Helper Script]"
2018-11-30 10:46:11 +01:00
2020-11-13 15:26:11 +01:00
CMD_PARAMS = " $@ " ;
# Check if we should use BuyPass instead of Let's Encrypt
# as the certificate authority for this certificate.
BUYPASS = 0;
if [ [ " ${ CMD_PARAMS } " = ~ "--buypass" ] ] ; then
BUYPASS = 1;
2020-12-21 16:25:00 +01:00
echo " ${ ECHO_PREFIX } '--buypass' specified - Using BuyPass CA (Go SSL). "
2020-11-13 15:26:11 +01:00
fi
2020-11-13 15:38:43 +01:00
# BuyPass requires a valid email to be registered
# before we issue certificates.
if [ [ $BUYPASS -eq 1 ] ] ; then
CA_DIR = " ${ ACME_DIR } /ca/api.buypass.com " ;
if [ [ ! -d " ${ CA_DIR } " ] ] ; then
echo " ${ ECHO_PREFIX } Account email for BuyPass CA (required)? "
read ACCOUNT_EMAIL
eval " ${ ACME } --server https://api.buypass.com/acme/directory --register-account --accountemail ' ${ ACCOUNT_EMAIL } ' "
fi
fi
2018-11-30 10:46:11 +01:00
# Create directory if it exists, make sure permissions are as strict as possible.
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Creating base certificate directory: ${ BASE } "
2018-11-30 10:46:11 +01:00
mkdir -p $BASE
chmod -R 600 $BASE
chown -R root:root $BASE
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Name of folder containing certificates? (Will be created under ${ BASE } ) "
2018-11-30 10:46:11 +01:00
read FOLDERNAME
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Creating folder if it doesn't exist: ${ BASE } / ${ FOLDERNAME } "
mkdir -p " ${ BASE } / ${ FOLDERNAME } "
2018-11-30 10:46:11 +01:00
# ¯\_(ツ)_/¯ - https://timmurphy.org/2012/03/09/convert-a-delimited-string-into-an-array-in-bash/
OIFS = $IFS
IFS = ' '
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Space-separated list of domains to generate a certificate for? "
2022-12-27 21:25:52 +01:00
echo " ${ ECHO_PREFIX } You can specify a DNS provider or webroot for each domain. For example: some.example.com:/var/www/html other.example.com:dns_cf "
2018-11-30 10:46:11 +01:00
read DOMAIN_LIST
DOMAINS = ( $DOMAIN_LIST )
IFS = $OIFS
DOMAIN_PARAMS = ""
ACME_PARAMS = ""
for ( ( i = 0; i < ${# DOMAINS [@] } ; i++ ) ) ; do
2022-12-27 21:25:52 +01:00
DOMAIN = " ${ DOMAINS [ $i ] } " ;
DOMAIN_NAME = " $( echo $DOMAIN | cut -d ':' -f 1) " ;
PROVIDER_NAME = " $( echo $DOMAIN | cut -d ':' -f 2) " ;
PROVIDER_TYPE = "--dns" ;
if [ [ -z " ${ PROVIDER_NAME } " ] ] ; then
PROVIDER_NAME = "dns_cf" ;
fi
# Starts with a slash, we assume it's a path & webroot.
if [ [ " ${ PROVIDER_NAME } " = ~ "^/" * ] ] ; then
PROVIDER_TYPE = "-w" ;
fi
DOMAIN_PARAMS += " -d ${ DOMAIN_NAME } " ;
ACME_PARAMS += " -d ${ DOMAIN_NAME } ${ PROVIDER_TYPE } ${ PROVIDER_NAME } " ;
2018-11-30 10:46:11 +01:00
done
2022-12-27 21:25:52 +01:00
# DNS handler is now specified as part of the domain list.
# echo "${ECHO_PREFIX} DNS? [y/N]"
# read IS_DNS
2018-11-30 10:46:11 +01:00
2022-12-27 21:25:52 +01:00
# IS_DNS=${IS_DNS,,}
# if [[ $IS_DNS == *"y"* ]]; then
# echo "${ECHO_PREFIX} DNS provider? For example: Cloudflare = dns_cf."
# echo "${ECHO_PREFIX} Provider also assumes the proper environment variables are set. Read: https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api"
# read DNS_PROVIDER
2018-11-30 10:46:11 +01:00
2022-12-27 21:25:52 +01:00
# ACME_PARAMS+="--dns ${DNS_PROVIDER}"
# else
# echo "${ECHO_PREFIX} Webroot? For example: /var/www/html"
# read WEBROOT_DIR
2018-11-30 10:46:11 +01:00
2022-12-27 21:25:52 +01:00
# ACME_PARAMS+="-w ${WEBROOT_DIR}"
# fi
2020-11-13 15:26:11 +01:00
# Make sure we point to the right CA.
if [ [ $BUYPASS -eq 1 ] ] ; then
ACME_PARAMS += " --server https://api.buypass.com/acme/directory"
2021-06-13 14:25:05 +02:00
else
# For some reason acme.sh is now using ZeroSSL as the default CA for new certs.
# I hate change, so we force Let's Encrypt unless BuyPass is used.
ACME_PARAMS += " --server letsencrypt"
2018-11-30 10:46:11 +01:00
fi
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Reload command? For example: nginx -s reload "
2018-11-30 10:46:11 +01:00
read RELOADCMD
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Requesting certificate using the chosen methods: "
2022-12-27 21:25:52 +01:00
eval " ${ ACME } ${ ACME_PARAMS } --issue "
2018-11-30 10:46:11 +01:00
SSL_PATH = " $BASE / $FOLDERNAME "
if [ [ " $? " = = "0" ] ] ; then
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } Certificate request completed. Installing certificate with reload command. "
2021-07-04 14:17:58 +02:00
eval " ${ ACME } ${ DOMAIN_PARAMS } --key-file ' ${ SSL_PATH } /key.pem' --fullchain-file ' ${ SSL_PATH } /fullchain.pem' --cert-file ' ${ SSL_PATH } /cert.pem' --ca-file ' ${ SSL_PATH } /chain.pem' --reloadcmd ' ${ RELOADCMD } ' --install-cert "
2018-11-30 10:46:11 +01:00
else
2020-11-13 15:26:11 +01:00
echo " ${ ECHO_PREFIX } An error occurred during certificate request. Aborting. "
2018-11-30 10:46:11 +01:00
fi