#!/bin/bash ## Copyright © 2017 Bret Human ## https://cynop.me/ ## ## Documentation at: ## https://psi.cynop.me/Caffarius/letsEncryptScripts ## ## For questions or comments write: ## info@cynop.me # # Generate and manage a fleet of SSL certificates for free with ease # Stuff the public certificates in your package repository! # - No trailing slash! - pacRepo="/var/cache/pacman/pkg" umask 022 echo "#############################" date echo "#############################" ## Define our functions function exampleChain () { echo "Chaining ${1}example.com..." cat /etc/ssl/keys/example.com.key /etc/acme-tiny/live/${1}example.com/cert.pem /etc/haproxy/dhparams.pem > /etc/haproxy/crt/${1}example.com.pem echo "Pubkeying ${1}example.com..." cat /etc/acme-tiny/live/${1}example.com/cert.pem > /var/cache/pacman/pkg/pubcerts/${1}example.com.pem } # Get encryptin' echo "*** Moving original hosts file..." mv /etc/hosts /etc/hosts.bak && cp /etc/hosts.le_upd /etc/hosts chown -R letsencrypt: /etc/acme-tiny/ echo "*** Switching HAProxy to basic config..." systemctl stop haproxy mv /etc/haproxy/haproxy.cfg /etc/haproxy/backup_configs/haproxy.cfg.$(date +'%Y%m%d_%H-%M') cp /etc/haproxy/haproxy.cfg.le /etc/haproxy/haproxy.cfg systemctl start haproxy cd /etc/acme-tiny/ echo "*** Running acme-tiny-wrapper..." acme-tiny-wrapper /usr/share/nginx/html/.well-known/acme-challenge/ echo "Moving original hosts file back..." cp /etc/hosts.orig /etc/hosts chown -R letsencrypt: /etc/acme-tiny/ exampleChain "" exampleChain "www." exampleChain "subdomain." chmod 755 "${pacRepo}"/pubcerts/ chmod 644 "${pacRepo}"/pubcerts/* chown -R root: "${pacRepo}"/pubcerts/ chmod 700 /etc/haproxy/crt/ chmod 600 /etc/haproxy/crt/* chown root: /etc/haproxy/crt/* echo "Switching HAProxy back to standard config..." systemctl stop haproxy cp /etc/haproxy/haproxy.cfg.latest_working /etc/haproxy/haproxy.cfg systemctl start haproxy echo "Cleaning up the acme-challenge folder..." rm /usr/share/nginx/html/.well-known/acme-challenge/* echo "Done."