Created
October 28, 2022 12:41
-
-
Save barryo/bb21f3a9b40f6499668561fc8b3de4cf to your computer and use it in GitHub Desktop.
Script to issue/renew LetsEncrypt SSL certs and hook into SaltStack for deployment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# !/usr/bin/env bash | |
## | |
## Copyright (C) 2022 Island Bridge Networks Limited. All Rights Reserved. | |
## | |
## Based on work by @sparkeh | |
## | |
# Acme location | |
ACME="/usr/local/acme.sh/acme.sh" | |
# Add the cert name, we'll take care of the wildcard automatically. | |
CERTS="example.com example.org" | |
# Path to salt state directory | |
SALT_CERT_REPO="/srv/salt/ssl-acme/acme" | |
# Connection to pdns api | |
PDNS_URL="http://192.0.2.34:8081" | |
PDNS_TOKEN="soopersecret==" | |
oper="" | |
speccert=$CERTS | |
salt=1 | |
while getopts "o:c:nh" opt; do | |
case $opt in | |
o) oper=$OPTARG | |
;; | |
c) speccert=$OPTARG | |
;; | |
n) salt=0 | |
;; | |
h) | |
echo "$0 -o <operation: renew, renewf, issue> -c <if specified, only this cert> -n [skip salt]"; | |
exit 0; | |
;; | |
*) | |
echo "$0 -o <operation: renew, renewf, issue> -c <if specified, only this cert> -n [skip salt]"; | |
exit 1; | |
;; | |
esac | |
done | |
if [[ $oper = "renew" ]]; then | |
OPER="--renew" | |
elif [[ $oper = "renewf" ]]; then | |
OPER="--renew --force" | |
elif [[ $oper = "issue" ]]; then | |
OPER="--issue" | |
else | |
echo "Operation must be one of renew renewf or issue" | |
exit | |
fi | |
export PDNS_Url=$PDNS_URL | |
export PDNS_Token=$PDNS_TOKEN | |
export PDNS_ServerId="localhost" | |
export PDNS_Ttl=60 | |
for CERT in $speccert; do | |
$ACME $OPER --server letsencrypt --dns dns_pdns -d $CERT -d \*.$CERT \ | |
--cert-file $SALT_CERT_REPO/$CERT.crt \ | |
--key-file $SALT_CERT_REPO/$CERT.key \ | |
--fullchain-file $SALT_CERT_REPO/$CERT.full.crt | |
done | |
if [[ $salt = "1" ]]; then | |
/usr/bin/salt 'xxx' state.apply ssl-acme | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment