Last active
May 6, 2020 18:45
-
-
Save JamesTheAwesomeDude/5635dc91b621165dfaec281214be7bbc to your computer and use it in GitHub Desktop.
Namecheap cron script to "automatically" renew Let's Encrypt / ACME-compatible certs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
# cd ~/ssl;ln -vs csrs/*.csr www.csr | |
#cron: 0 0 1 * * "${HOME}/ssl/ncACMEutil.sh" renew www.csr | |
#CONFIG | |
cpanellogin=1234567#get this from the "Products" page | |
cd "${HOME}/ssl" | |
account_key="lec.key" | |
account_contact="mailto:webmaster@example.org" | |
webroot="${HOME}/public_html"#TODO: support different webroots per-domain | |
#Upgrade TODO: | |
# - acme.sh (as soon as I can figure out how to get it NOT to | |
# write a bunch of config files that ion_remember_asking for) | |
# - certbot (the ultimate goal.....if I can figure out how to | |
# get it onto Namecheap's web hosts AND run config-less) | |
#TODO | |
#req_new_opts="-sha256" | |
#gencsr(){ | |
# dom0="${1}";shift | |
# for domA in "${@}"; do | |
# | |
# done | |
# openssl req -new ${req_new_opts} -subj "/CN=${1}" -reqexts SAN\ | |
# -config <(printf "[SAN]\nsubjectAltName=DNS:yoursite.com,DNS:www.yoursite.com" | cat /etc/ssl/openssl.cnf) > domain.csr | |
#} | |
# | |
#issue(){ | |
# "Issuing new certificate" | |
# domains="${1}";shift | |
#} | |
renew(){ | |
echo "It's time to renew your certificate!" | |
csr="${1}";shift | |
echo "Renewing CSR: ${csr}" | |
openssl req -in "${csr}" -noout -text\ | |
| grep -E '(Subject:|Subject Alternative Name|DNS:)' | |
{ ("${HOME}/bin/acme_tiny.py" 2>&1\ | |
--account-key "${account_key}"\ | |
--contact "${account_contact}"\ | |
--csr "${csr}"\ | |
--acme-dir "${webroot}/.well-known/acme-challenge/"\ | |
"${@}" 2>&3 3>&- && ( | |
echo "You're going to want to upload the following into:" | |
echo "https://ap.www.namecheap.com/domains/hosting/package/cpanellogin/${cpanellogin}?pluginName=Website_SSL" | |
echo "" | |
) | |
) | perl -0777 -pe ''\ | |
3>&- ; | |
} 3>&1 | |
} | |
case "${1}" in | |
renew) | |
shift | |
renew "${@}" | |
;; | |
*) | |
exit 1 | |
esac |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment