Last active
June 13, 2016 01:50
-
-
Save stevenmirabito/b6ed33da24d3fd39ce82 to your computer and use it in GitHub Desktop.
Let's Encrypt Setup Utility designed for use on a server running VestaCP (https://vestacp.com/) but can be easily modified for use in other environments.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Let's Encrypt Setup Utility | |
| # Author: Steven Mirabito <[email protected]> | |
| letsencrypt_path=/bin/letsencrypt | |
| webroot_template='/home/USER/web/DOMAIN/public_html' | |
| proxy_webroot_template='/home/USER/web/DOMAIN/public_html/static' | |
| cert_path_template='/home/USER/conf/web/ssl.DOMAIN' | |
| account_email='[email protected]' | |
| function getDomainInfo { | |
| while true; do | |
| read -p "Domain name: " input_domain | |
| if [ -z "$input_domain" ]; then | |
| echo "Please enter a valid domain name."; | |
| else | |
| break; | |
| fi | |
| done | |
| while true; do | |
| read -p "Username associated with this domain: " input_user | |
| if [ -z "$input_user" ]; then | |
| echo "Please enter a valid username."; | |
| else | |
| break; | |
| fi | |
| done | |
| } | |
| case "${1:-generate}" in | |
| generate) | |
| getDomainInfo | |
| while true; do | |
| read -p "Is this site configured for a proxy pass? [y/n] " input_proxy | |
| case $input_proxy in | |
| [Yy]* ) webroot_tpl=$proxy_webroot_template; break;; | |
| [Nn]* ) webroot_tpl=$webroot_template; break;; | |
| * ) echo "Please answer yes or no.";; | |
| esac | |
| done | |
| webroot=${webroot_tpl/USER/$input_user} | |
| webroot=${webroot/DOMAIN/$input_domain} | |
| echo "Requesting certificate..." | |
| le_result=`${letsencrypt_path} certonly --webroot --webroot-path "${webroot}" --email "${account_email}" --domain "${input_domain}" --agree-tos --renew-by-default` | |
| echo "$le_result" >> "lesu.log" | |
| if [[ $le_result == *"Congratulations!"* ]]; then | |
| echo "Successfully saved certificate files to /etc/letsencrypt/live/${input_domain}" | |
| echo "See lesu.log for more detailed information." | |
| else | |
| echo "Failed to issue certificate. See lesu.log for details." | |
| fi | |
| ;; | |
| link) | |
| getDomainInfo | |
| srv_path=${cert_path_template/USER/$input_user} | |
| srv_path=${srv_path/DOMAIN/$input_domain} | |
| srv_ca="${srv_path}.ca" | |
| srv_crt="${srv_path}.crt" | |
| srv_key="${srv_path}.key" | |
| srv_chain="${srv_path}.pem" | |
| le_ca="/etc/letsencrypt/live/${input_domain}/chain.pem" | |
| le_crt="/etc/letsencrypt/live/${input_domain}/cert.pem" | |
| le_key="/etc/letsencrypt/live/${input_domain}/privkey.pem" | |
| le_chain="/etc/letsencrypt/live/${input_domain}/fullchain.pem" | |
| if [ ! -f "$srv_ca" ] || [ ! -f "$srv_crt" ] || [ ! -f "$srv_key" ] || [ ! -f "$srv_chain" ]; then | |
| echo "Could not find all required server files. Please ensure you've enabled SSL" | |
| echo "by copy-and-pasting the certificates into your control panel, then try again." | |
| exit 1 | |
| fi | |
| if [ ! -f "$le_ca" ] || [ ! -f "$le_crt" ] || [ ! -f "$le_key" ] || [ ! -f "$le_chain" ]; then | |
| echo "Could not find all required Let's Encrypt files. Please ensure that you've" | |
| echo "requested a certificate for this domain with Let's Encrypt, then try again." | |
| exit 1 | |
| fi | |
| echo "Linking certificate files..." | |
| rm -f $srv_ca $srv_crt $srv_key $srv_chain | |
| ln -s $le_ca $srv_ca | |
| ln -s $le_crt $srv_crt | |
| ln -s $le_key $srv_key | |
| ln -s $le_chain $srv_chain | |
| echo "Done!" | |
| ;; | |
| *) | |
| echo "Usage: $0 [generate|link]" | |
| esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment