Created
August 21, 2017 23:52
-
-
Save rbrisita/fdb57b844681f0744d5d9d31daf557e2 to your computer and use it in GitHub Desktop.
Automatically register, authenticate, and install SSL certificates on Ubuntu with Nginx using Certbot.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| echo -e "\n*****\n* Generating Diffie-Hellman parameters for better security.\n*****\n" | |
| # Add Diffie-Hellman parameters. | |
| # Create secure Diffie-Hellman parameters. | |
| sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048 | |
| NGINX_CONF="/etc/nginx/sites-available/default" | |
| # Get last occurrence of parentheses that closes the code block. | |
| LAST_OCCURANCE=$(grep --line-number } "$NGINX_CONF" | cut --delimiter=: --fields=1 | tail --lines=2 | head --lines=1) | |
| # Add new parameters to server block | |
| SECURE_DH_PEM="ssl_dhparam /etc/ssl/certs/dhparam.pem;" | |
| sudo sed --in-place "$LAST_OCCURANCE s%\(}\)%\1\n\n $SECURE_DH_PEM%" "$NGINX_CONF" | |
| # Restart Nginx | |
| sudo systemctl reload nginx | |
| # Ask for valid email. | |
| # -e - Input coming from terminal. | |
| # -p - Prompt for input. | |
| read -ep "Enter valid email for account retrieval: " EMAIL | |
| HOST_NAME=$(hostname) | |
| # Install Certbot Let's Encrypt client for certificates on Nginx. | |
| sudo add-apt-repository -y ppa:certbot/certbot | |
| sudo apt-get update | |
| sudo apt-get -y install python-certbot-nginx | |
| # Auto configure: Authenticate and install certificate. | |
| sudo certbot --nginx \ | |
| --domain ${HOST_NAME}.eastus.cloudapp.azure.com \ | |
| --email ${EMAIL} \ | |
| --agree-tos \ | |
| --no-eff-email \ | |
| --non-interactive \ | |
| --redirect \ | |
| --test-cert |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment