[CA] Add support for `--buypass` to use BuyPass Go SSL
This commit is contained in:
parent
55a51ecef2
commit
707589c2f4
|
@ -3,27 +3,37 @@
|
|||
# Make sure to load environment variables.
|
||||
. ~/.bashrc
|
||||
|
||||
ACME="/root/.acme.sh/acme.sh --force"
|
||||
ACME_DIR="/root/.acme.sh"
|
||||
ACME="${ACME_DIR}/acme.sh --force"
|
||||
BASE="/srv/ssl"
|
||||
ECHO_PREFIX="[acme.sh Helper Script]"
|
||||
|
||||
CMD_PARAMS="$@";
|
||||
|
||||
# Check if we should use BuyPass instead of Let's Encrypt
|
||||
# as the certificate authority for this certificate.
|
||||
BUYPASS=0;
|
||||
if [[ "${CMD_PARAMS}" =~ "--buypass" ]]; then
|
||||
BUYPASS=1;
|
||||
fi
|
||||
|
||||
# Create directory if it exists, make sure permissions are as strict as possible.
|
||||
echo "$ECHO_PREFIX Creating base certificate directory: $BASE"
|
||||
echo "${ECHO_PREFIX} Creating base certificate directory: ${BASE}"
|
||||
mkdir -p $BASE
|
||||
chmod -R 600 $BASE
|
||||
chown -R root:root $BASE
|
||||
|
||||
echo "$ECHO_PREFIX Name of folder containing certificates? (Will be created under $BASE)"
|
||||
echo "${ECHO_PREFIX} Name of folder containing certificates? (Will be created under ${BASE})"
|
||||
read FOLDERNAME
|
||||
|
||||
echo "$ECHO_PREFIX Creating folder if it doesn't exist: $BASE/$FOLDERNAME"
|
||||
mkdir -p "$BASE/$FOLDERNAME"
|
||||
echo "${ECHO_PREFIX} Creating folder if it doesn't exist: ${BASE}/${FOLDERNAME}"
|
||||
mkdir -p "${BASE}/${FOLDERNAME}"
|
||||
|
||||
# ¯\_(ツ)_/¯ - https://timmurphy.org/2012/03/09/convert-a-delimited-string-into-an-array-in-bash/
|
||||
OIFS=$IFS
|
||||
IFS=' '
|
||||
|
||||
echo "$ECHO_PREFIX Space-separated list of domains to generate a certificate for?"
|
||||
echo "${ECHO_PREFIX} Space-separated list of domains to generate a certificate for?"
|
||||
read DOMAIN_LIST
|
||||
|
||||
DOMAINS=($DOMAIN_LIST)
|
||||
|
@ -35,33 +45,38 @@ for (( i = 0; i < ${#DOMAINS[@]}; i++ )); do
|
|||
DOMAIN_PARAMS+=" -d ${DOMAINS[$i]}"
|
||||
done
|
||||
|
||||
echo "$ECHO_PREFIX DNS? [y/N]"
|
||||
echo "${ECHO_PREFIX} DNS? [y/N]"
|
||||
read IS_DNS
|
||||
|
||||
IS_DNS=${IS_DNS,,}
|
||||
if [[ $IS_DNS == *"y"* ]]; then
|
||||
echo "$ECHO_PREFIX DNS provider? For example: Cloudflare = dns_cf."
|
||||
echo "$ECHO_PREFIX Provider also assumes the proper environment variables are set. Read: https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api"
|
||||
echo "${ECHO_PREFIX} DNS provider? For example: Cloudflare = dns_cf."
|
||||
echo "${ECHO_PREFIX} Provider also assumes the proper environment variables are set. Read: https://github.com/Neilpang/acme.sh/tree/master/dnsapi#how-to-use-dns-api"
|
||||
read DNS_PROVIDER
|
||||
|
||||
ACME_PARAMS+="--dns $DNS_PROVIDER"
|
||||
ACME_PARAMS+="--dns ${DNS_PROVIDER}"
|
||||
else
|
||||
echo "$ECHO_PREFIX Webroot? For example: /var/www/html"
|
||||
echo "${ECHO_PREFIX} Webroot? For example: /var/www/html"
|
||||
read WEBROOT_DIR
|
||||
|
||||
ACME_PARAMS+="-w $WEBROOT_DIR"
|
||||
ACME_PARAMS+="-w ${WEBROOT_DIR}"
|
||||
fi
|
||||
|
||||
echo "$ECHO_PREFIX Reload command? For example: nginx -s reload"
|
||||
# Make sure we point to the right CA.
|
||||
if [[ $BUYPASS -eq 1 ]]; then
|
||||
ACME_PARAMS+=" --server https://api.buypass.com/acme/directory"
|
||||
fi
|
||||
|
||||
echo "${ECHO_PREFIX} Reload command? For example: nginx -s reload"
|
||||
read RELOADCMD
|
||||
|
||||
echo "$ECHO_PREFIX Requesting certificate using the chosen methods:"
|
||||
eval "$ACME $DOMAIN_PARAMS $ACME_PARAMS --issue"
|
||||
echo "${ECHO_PREFIX} Requesting certificate using the chosen methods:"
|
||||
eval "${ACME} ${DOMAIN_PARAMS} ${ACME_PARAMS} --issue"
|
||||
|
||||
SSL_PATH="$BASE/$FOLDERNAME"
|
||||
if [[ "$?" == "0" ]]; then
|
||||
echo "$ECHO_PREFIX Certificate request completed. Installing certificate with reload command."
|
||||
eval "$ACME $DOMAIN_PARAMS --key-file $SSL_PATH/key.pem --fullchain-file $SSL_PATH/fullchain.pem --cert-file $SSL_PATH/cert.pem --reloadcmd '$RELOADCMD' --install-cert"
|
||||
echo "${ECHO_PREFIX} Certificate request completed. Installing certificate with reload command."
|
||||
eval "${ACME} ${DOMAIN_PARAMS} --key-file '${SSL_PATH}/key.pem' --fullchain-file '${SSL_PATH}/fullchain.pem' --cert-file '${SSL_PATH}/cert.pem' --reloadcmd '${RELOADCMD}' --install-cert"
|
||||
else
|
||||
echo "$ECHO_PREFIX An error occurred during certificate request. Aborting."
|
||||
echo "${ECHO_PREFIX} An error occurred during certificate request. Aborting."
|
||||
fi
|
||||
|
|
Loading…
Reference in New Issue