Self-Signed wildcard certificate generator

selfcert.sh

#!/bin/bash

# Create the openssl.cnf file
cat > openssl.cnf << EOF
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req

[req_distinguished_name]
commonName = Common Name (e.g. server FQDN or YOUR name)
commonName_max = 64

[v3_req]
subjectAltName = @alt_names

[alt_names]
EOF

# Add the domains to the openssl.cnf file
i=1
for domain in "$@"
do
    echo "DNS.${i} = ${domain}" >> openssl.cnf
    echo "DNS.${i} = *.${domain}" >> openssl.cnf
    i=$((i+1))
done

# Iterate over all arguments
for domain in "$@"
do
    # Check if the openssl.cnf file contains any SANs
    if ! grep -q "DNS" openssl.cnf; then
        echo "No domains specified. Skipping..."
        continue
    fi

    # Create the directory structure
    mkdir -p /etc/letsencrypt/live/$domain

    # Generate a private key
    openssl genrsa -out /etc/letsencrypt/live/$domain/privkey.pem 2048

    # Create a CSR with the additional domains
    openssl req -new -key /etc/letsencrypt/live/$domain/privkey.pem -out /etc/letsencrypt/live/$domain/cert.csr -config openssl.cnf

    # Generate a self-signed certificate
    openssl x509 -req -days 365 -in /etc/letsencrypt/live/$domain/cert.csr -signkey /etc/letsencrypt/live/$domain/privkey.pem -out /etc/letsencrypt/live/$domain/cert.pem -extensions v3_req -extfile openssl.cnf

    # Create a fullchain.pem file
    cp /etc/letsencrypt/live/$domain/cert.pem /etc/letsencrypt/live/$domain/fullchain.pem

    # Create a chain.pem file
    touch /etc/letsencrypt/live/$domain/chain.pem
done