Generate and manage a fleet of SSL certificates for free with ease
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

74 lines
2.0KB

  1. #!/bin/bash
  2. ## Copyright © 2017 Bret Human
  3. ## https://cynicaloptimist.me/
  4. ##
  5. ## Documentation at:
  6. ## https://psi.cynicaloptimist.me/Caffarius/letsEncryptScripts
  7. ##
  8. ## For questions or comments write:
  9. ## info@cynicaloptimist.me
  10. #
  11. # Generate and manage a fleet of SSL certificates for free with ease
  12. # Stuff the public certificates in your package repository!
  13. # - No trailing slash! -
  14. pacRepo="/var/cache/pacman/pkg"
  15. umask 022
  16. echo "#############################"
  17. date
  18. echo "#############################"
  19. ## Define our functions
  20. function exampleChain () {
  21. echo "Chaining ${1}example.com..."
  22. cat /etc/ssl/keys/example.com.key /etc/acme-tiny/live/${1}example.com/cert.pem /etc/haproxy/dhparams.pem > /etc/haproxy/crt/${1}example.com.pem
  23. echo "Pubkeying ${1}example.com..."
  24. cat /etc/acme-tiny/live/${1}example.com/cert.pem > /var/cache/pacman/pkg/pubcerts/${1}example.com.pem
  25. }
  26. # Get encryptin'
  27. echo "*** Moving original hosts file..."
  28. mv /etc/hosts /etc/hosts.bak && cp /etc/hosts.le_upd /etc/hosts
  29. chown -R letsencrypt: /etc/acme-tiny/
  30. echo "*** Switching HAProxy to basic config..."
  31. systemctl stop haproxy
  32. mv /etc/haproxy/haproxy.cfg /etc/haproxy/backup_configs/haproxy.cfg.$(date +'%Y%m%d_%H-%M')
  33. cp /etc/haproxy/haproxy.cfg.le /etc/haproxy/haproxy.cfg
  34. systemctl start haproxy
  35. cd /etc/acme-tiny/
  36. echo "*** Running acme-tiny-wrapper..."
  37. acme-tiny-wrapper /usr/share/nginx/html/.well-known/acme-challenge/
  38. echo "Moving original hosts file back..."
  39. cp /etc/hosts.orig /etc/hosts
  40. chown -R letsencrypt: /etc/acme-tiny/
  41. exampleChain ""
  42. exampleChain "www."
  43. exampleChain "subdomain."
  44. chmod 755 "${pacRepo}"/pubcerts/
  45. chmod 644 "${pacRepo}"/pubcerts/*
  46. chown -R root: "${pacRepo}"/pubcerts/
  47. chmod 700 /etc/haproxy/crt/
  48. chmod 600 /etc/haproxy/crt/*
  49. chown root: /etc/haproxy/crt/*
  50. echo "Switching HAProxy back to standard config..."
  51. systemctl stop haproxy
  52. cp /etc/haproxy/haproxy.cfg.latest_working /etc/haproxy/haproxy.cfg
  53. systemctl start haproxy
  54. echo "Cleaning up the acme-challenge folder..."
  55. rm /usr/share/nginx/html/.well-known/acme-challenge/*
  56. echo "Done."