letsEncryptScripts/letsencrypt.sh

74 行
2.0 KiB
Bash
可执行文件

#!/bin/bash
## Copyright © 2017 Bret Human
## https://cynop.me/
##
## Documentation at:
## https://psi.cynop.me/Caffarius/letsEncryptScripts
##
## For questions or comments write:
## info@cynop.me
#
# Generate and manage a fleet of SSL certificates for free with ease
# Stuff the public certificates in your package repository!
# - No trailing slash! -
pacRepo="/var/cache/pacman/pkg"
umask 022
echo "#############################"
date
echo "#############################"
## Define our functions
function exampleChain () {
echo "Chaining ${1}example.com..."
cat /etc/ssl/keys/example.com.key /etc/acme-tiny/live/${1}example.com/cert.pem /etc/haproxy/dhparams.pem > /etc/haproxy/crt/${1}example.com.pem
echo "Pubkeying ${1}example.com..."
cat /etc/acme-tiny/live/${1}example.com/cert.pem > /var/cache/pacman/pkg/pubcerts/${1}example.com.pem
}
# Get encryptin'
echo "*** Moving original hosts file..."
mv /etc/hosts /etc/hosts.bak && cp /etc/hosts.le_upd /etc/hosts
chown -R letsencrypt: /etc/acme-tiny/
echo "*** Switching HAProxy to basic config..."
systemctl stop haproxy
mv /etc/haproxy/haproxy.cfg /etc/haproxy/backup_configs/haproxy.cfg.$(date +'%Y%m%d_%H-%M')
cp /etc/haproxy/haproxy.cfg.le /etc/haproxy/haproxy.cfg
systemctl start haproxy
cd /etc/acme-tiny/
echo "*** Running acme-tiny-wrapper..."
acme-tiny-wrapper /usr/share/nginx/html/.well-known/acme-challenge/
echo "Moving original hosts file back..."
cp /etc/hosts.orig /etc/hosts
chown -R letsencrypt: /etc/acme-tiny/
exampleChain ""
exampleChain "www."
exampleChain "subdomain."
chmod 755 "${pacRepo}"/pubcerts/
chmod 644 "${pacRepo}"/pubcerts/*
chown -R root: "${pacRepo}"/pubcerts/
chmod 700 /etc/haproxy/crt/
chmod 600 /etc/haproxy/crt/*
chown root: /etc/haproxy/crt/*
echo "Switching HAProxy back to standard config..."
systemctl stop haproxy
cp /etc/haproxy/haproxy.cfg.latest_working /etc/haproxy/haproxy.cfg
systemctl start haproxy
echo "Cleaning up the acme-challenge folder..."
rm /usr/share/nginx/html/.well-known/acme-challenge/*
echo "Done."