deanet · August 18, 2016 08:21
diff --git a/gen-le-ssl.sh b/gen-le-ssl.sh
 #!/bin/bash
 ## 
 ##get acme_tiny
 [ -d "./acme-tiny" ] && echo "Directory acme_tiny exists." || mkdir ./acme-tiny;
 ##curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py
 #curl https://raw.githubusercontent.com/deanet/acme-tiny/46b792aff37c0a18b86b7cf262e143ea1f230374/acme_tiny.py > acme-tiny/acme_tiny.py
 curl https://raw.githubusercontent.com/deanet/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py



 echo -n "Enter DN or FQDN: "
 read domain
 echo -n "Enter Full Path www: "
 read fullpath


 echo "$domain";
 echo "$fullpath";

 rm -rf $domain;
 echo "mkdir working directory..."
 mkdir $domain
 workdir="`pwd`/$domain/"

 echo "generate account key for $domain .."
 openssl genrsa 4096 > $workdir/${domain}_account.key

 echo "generate domain private key....";
 openssl genrsa 4096 > $workdir/${domain}.key

 echo "generate csr..";

 openssl req -new -sha256 -key $workdir/${domain}.key -subj "/CN=$domain" > $workdir/${domain}.csr

 #openssl req -new -sha256 -key $workdir/${domain}.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain,DNS:www.$domain")) > $workdir/${domain}.csr

 echo "create directory acmi at ${fullpath}.."
 mkdir -p $fullpath/.well-known/acme-challenge
 echo "create file verification at $fullpath/.well-known/acme-challenge/.."

 echo "Get a signed certificate.."
 python acme-tiny/acme_tiny.py --account-key $workdir/${domain}_account.key --csr $workdir/${domain}.csr --acme-dir $fullpath/.well-known/acme-challenge/ > $workdir/signed.crt

 wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > $workdir/intermediate.pem
 cat $workdir/signed.crt $workdir/intermediate.pem > $workdir/chained.crt

 echo "File $domain/chained.crt = Signed + Intermediate Cert";
 echo "File $domain/signed.crt = Signed Cert";
 echo "File $domain/${domain}.key = Private key";
	#!/bin/bash
	##
	##get acme_tiny
	[ -d "./acme-tiny" ] && echo "Directory acme_tiny exists." \|\| mkdir ./acme-tiny;
	##curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py
	#curl https://raw.githubusercontent.com/deanet/acme-tiny/46b792aff37c0a18b86b7cf262e143ea1f230374/acme_tiny.py > acme-tiny/acme_tiny.py
	curl https://raw.githubusercontent.com/deanet/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py



	echo -n "Enter DN or FQDN: "
	read domain
	echo -n "Enter Full Path www: "
	read fullpath


	echo "$domain";
	echo "$fullpath";

	rm -rf $domain;
	echo "mkdir working directory..."
	mkdir $domain
	workdir="`pwd`/$domain/"

	echo "generate account key for $domain .."
	openssl genrsa 4096 > $workdir/${domain}_account.key

	echo "generate domain private key....";
	openssl genrsa 4096 > $workdir/${domain}.key

	echo "generate csr..";

	openssl req -new -sha256 -key $workdir/${domain}.key -subj "/CN=$domain" > $workdir/${domain}.csr

	#openssl req -new -sha256 -key $workdir/${domain}.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain,DNS:www.$domain")) > $workdir/${domain}.csr

	echo "create directory acmi at ${fullpath}.."
	mkdir -p $fullpath/.well-known/acme-challenge
	echo "create file verification at $fullpath/.well-known/acme-challenge/.."

	echo "Get a signed certificate.."
	python acme-tiny/acme_tiny.py --account-key $workdir/${domain}_account.key --csr $workdir/${domain}.csr --acme-dir $fullpath/.well-known/acme-challenge/ > $workdir/signed.crt

	wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > $workdir/intermediate.pem
	cat $workdir/signed.crt $workdir/intermediate.pem > $workdir/chained.crt

	echo "File $domain/chained.crt = Signed + Intermediate Cert";
	echo "File $domain/signed.crt = Signed Cert";
	echo "File $domain/${domain}.key = Private key";