Skip to content

Instantly share code, notes, and snippets.

@Syrup-tan
Last active February 15, 2016 22:48
Show Gist options
  • Save Syrup-tan/5351a1987d4279f6e408 to your computer and use it in GitHub Desktop.
Save Syrup-tan/5351a1987d4279f6e408 to your computer and use it in GitHub Desktop.
simple acme-tiny sh wrapper

Shell script to generate ssl certificates signed from letsencrypt.

demo

Requires diafygi/acme-tiny.

Requires a web-server with a configured /.well-known/acme-challenge/ set to CHALLENGE_PATH in the third line of the script. See Step 3 of diafygi's great readme

TODO:

  • configurable ./account.key (i.e. not hardcoded)
    • with checks for readable, etc
  • configurable acme-tiny install dir
  • add a help dialogue when domain is not provided
  • add support for www. prefix in CN

It's a pretty flexible script in that it should be easy to edit to your needs.

glhf

#!/bin/sh
### This script assumes you have webserver:/.well-known/acme-challenge/ to $CHALLENGE_PATH
CHALLENGE_PATH="/srv/lets-encrypt/challenges/";
DOMAIN="$1";
if [ -z "${DOMAIN}" ]; then
echo "ERROR: domain is required.";
exit 1;
fi;
## Check for $domain.key
if [ -e "${DOMAIN}.key" ]; then
echo "INFO: Using existing ${DOMAIN}.key.";
## check if $domain.key is readable
if [ ! -r "${DOMAIN}.key" ]; then
echo "ERROR: ${DOMAIN}.key is not readable.";
exit 1;
fi;
else
## if $domain.key doesn't exist; create it
echo "INFO: Generating ${DOMAIN}.key...";
if ! openssl genrsa 4096 > "${DOMAIN}.key" 2>/dev/null; then
echo "ERROR: Failed to generate ${DOMAIN}.key";
exit 1;
fi;
echo "INFO: Generated ${DOMAIN}.key.";
fi;
## Check for $domain.csr
if [ -e "${DOMAIN}.csr" ]; then
echo "INFO: Using existing ${DOMAIN}.csr.";
## check if $domain.csr is readable
if [ ! -r "${DOMAIN}.csr" ]; then
echo "ERROR: ${DOMAIN}.csr is not readable.";
exit 1;
fi;
else
## if $domain.csr doesn't exist; create it
echo "INFO: Generating ${DOMAIN}.csr...";
if ! openssl req -new -sha256 -key "${DOMAIN}.key" -subj "/CN=${DOMAIN}" > "${DOMAIN}.csr"; then
echo "ERROR: Failed to generate ${DOMAIN}.csr.";
exit 1;
fi;
echo "INFO: Generated ${DOMAIN}.csr.";
fi;
## Get a signed cert
echo "INFO: Requesting signed cert...";
exec 4>&1;
STATUS="$(
{
{
python acme-tiny/acme_tiny.py \
--account-key ./account.key \
--csr "./${DOMAIN}.csr" \
--acme-dir "/${CHALLENGE_PATH}" \
> "${DOMAIN}.crt";
printf "$?" 1>&3;
} 2>&1 | sed 's/^/ -> /' 1>&4;
} 3>&1;
)";
exec 4>&-;
if [ "${STATUS}" -ne 0 ]; then
echo "ERROR: Failed to get a signed cert.";
exit 1;
else
echo "INFO: Signed cert acquired: ${DOMAIN}.crt.";
exit 0;
fi;

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

  1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

  2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

  3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment