74 linhas
2.0 KiB
Bash
Arquivo executável
74 linhas
2.0 KiB
Bash
Arquivo executável
#!/bin/bash
|
|
|
|
## Copyright © 2017 Bret Human
|
|
## https://cynop.me/
|
|
##
|
|
## Documentation at:
|
|
## https://psi.cynop.me/Caffarius/letsEncryptScripts
|
|
##
|
|
## For questions or comments write:
|
|
## info@cynop.me
|
|
#
|
|
# Generate and manage a fleet of SSL certificates for free with ease
|
|
|
|
# Stuff the public certificates in your package repository!
|
|
# - No trailing slash! -
|
|
pacRepo="/var/cache/pacman/pkg"
|
|
|
|
umask 022
|
|
echo "#############################"
|
|
date
|
|
echo "#############################"
|
|
|
|
## Define our functions
|
|
|
|
function exampleChain () {
|
|
echo "Chaining ${1}example.com..."
|
|
cat /etc/ssl/keys/example.com.key /etc/acme-tiny/live/${1}example.com/cert.pem /etc/haproxy/dhparams.pem > /etc/haproxy/crt/${1}example.com.pem
|
|
echo "Pubkeying ${1}example.com..."
|
|
cat /etc/acme-tiny/live/${1}example.com/cert.pem > /var/cache/pacman/pkg/pubcerts/${1}example.com.pem
|
|
}
|
|
|
|
|
|
|
|
# Get encryptin'
|
|
|
|
echo "*** Moving original hosts file..."
|
|
mv /etc/hosts /etc/hosts.bak && cp /etc/hosts.le_upd /etc/hosts
|
|
|
|
chown -R letsencrypt: /etc/acme-tiny/
|
|
|
|
echo "*** Switching HAProxy to basic config..."
|
|
systemctl stop haproxy
|
|
mv /etc/haproxy/haproxy.cfg /etc/haproxy/backup_configs/haproxy.cfg.$(date +'%Y%m%d_%H-%M')
|
|
cp /etc/haproxy/haproxy.cfg.le /etc/haproxy/haproxy.cfg
|
|
systemctl start haproxy
|
|
|
|
cd /etc/acme-tiny/
|
|
echo "*** Running acme-tiny-wrapper..."
|
|
acme-tiny-wrapper /usr/share/nginx/html/.well-known/acme-challenge/
|
|
echo "Moving original hosts file back..."
|
|
cp /etc/hosts.orig /etc/hosts
|
|
|
|
chown -R letsencrypt: /etc/acme-tiny/
|
|
|
|
exampleChain ""
|
|
exampleChain "www."
|
|
exampleChain "subdomain."
|
|
|
|
chmod 755 "${pacRepo}"/pubcerts/
|
|
chmod 644 "${pacRepo}"/pubcerts/*
|
|
chown -R root: "${pacRepo}"/pubcerts/
|
|
chmod 700 /etc/haproxy/crt/
|
|
chmod 600 /etc/haproxy/crt/*
|
|
chown root: /etc/haproxy/crt/*
|
|
|
|
echo "Switching HAProxy back to standard config..."
|
|
systemctl stop haproxy
|
|
cp /etc/haproxy/haproxy.cfg.latest_working /etc/haproxy/haproxy.cfg
|
|
systemctl start haproxy
|
|
|
|
echo "Cleaning up the acme-challenge folder..."
|
|
rm /usr/share/nginx/html/.well-known/acme-challenge/*
|
|
|
|
echo "Done." |