Skip to content

Instantly share code, notes, and snippets.

@44uk 44uk/nis_https_setup.sh
Last active Oct 16, 2018

Embed
What would you like to do?
nis_https_setup.sh
#!/bin/bash
echo setting up your domain
echo "domain => $1"
echo " email => $2"
echo "are you really? (y/n)"
read input
if [ -z $1 ] || [ -z $2 ]; then
echo "pass me: {domain} {email}"
exit 1
elif [ $input = 'yes' ] || [ $input = 'y' ]; then
echo "ok! the process will start!"
else
echo bye!
exit 1
fi
# preparing
mkdir -p /etc/dehydrated
mkdir -p /var/lib/dehydrated/acme-challenges
# accept terms
dehydrated --register --accept-terms
# setup dehydrated
echo "$1" > /etc/dehydrated/domains.txt
cat << __EOD__ > /etc/dehydrated/config
BASEDIR=/var/lib/dehydrated
WELLKNOWN="\${BASEDIR}/acme-challenges"
DOMAINS_TXT="/etc/dehydrated/domains.txt"
CONTACT_EMAIL="$2"
__EOD__
cat << "__EOD__" > /etc/dehydrated/hook.sh
#!/bin/bash
function deploy_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo "Please add the following record to the DNS zone:"
echo "_acme-challenge.$DOMAIN IN TXT \"$TOKEN_VALUE\""
echo dig "_acme-challenge.$DOMAIN" txt @8.8.8.8
echo "Press enter when installed!"
read
}
function clean_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
}
function deploy_cert {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
}
function invalid_challenge {
local DOMAIN="${1}" RESPONSE="${2}"
}
function exit_hook {
local DOMAIN="${1}" RESPONSE="${2}"
}
function unchanged_cert {
local DOMAIN="${1}" RESPONSE="${2}"
}
function startup_hook {
# This hook is called before the cron command to do some initial tasks
# (e.g. starting a webserver).
:
}
function exit_hook {
# This hook is called at the end of the cron command and can be used to
# do some final (cleanup or other) tasks.
:
}
HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|startup_hook|exit_hook)$ ]]; then
"$HANDLER" "$@"
fi
__EOD__
chmod +x /etc/dehydrated/hook.sh
# setup stunnel
cat << __EOD__ > /etc/stunnel/stunnel.conf
[nis]
accept = 7891
connect = 127.0.0.1:7890
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem
[websocket]
accept = 7779
connect = 127.0.0.1:7778
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem
__EOD__
sed -i.bak 's/ENABLED=0/ENABLED=1/' /etc/default/stunnel4
dehydrated --cron --challenge dns-01 --domain "$1" --hook /etc/dehydrated/hook.sh
systemctl restart stunnel4
echo "Done! You need to reboot the machine. Bye!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.