Skip to content

Instantly share code, notes, and snippets.

@centminmod

centminmod/output.sh Secret

Created August 18, 2016 03:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save centminmod/889f8d32fbbd93f13611d855435af9a2 to your computer and use it in GitHub Desktop.
Save centminmod/889f8d32fbbd93f13611d855435af9a2 to your computer and use it in GitHub Desktop.
Download ZIP
acme3.domain.com test for acmetool.sh for centminmod.com
Raw
output.sh
./acmetool.sh webroot-issue acme3.domain1.com /home/nginx/domains/acme3.domain1.com/customwebroot
-------------------------------------------------
acmetool.sh is in beta testing phase
please read & provide bug reports &
feedback for this tool via the forums
https://community.centminmod.com/posts/34492/
-------------------------------------------------
continue [y/n] ? y
-----------------------------------------------------
updating acme.sh client...
-----------------------------------------------------
[Thu Aug 18 03:50:34 UTC 2016] Installing to /root/.acme.sh
[Thu Aug 18 03:50:34 UTC 2016] Installed to /root/.acme.sh/acme.sh
[Thu Aug 18 03:50:35 UTC 2016] OK, Close and reopen your terminal to start using acme.sh
[Thu Aug 18 03:50:35 UTC 2016] Installing cron job
0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
[Thu Aug 18 03:50:35 UTC 2016] Good, bash is installed, change the shebang to use bash as prefered.
[Thu Aug 18 03:50:35 UTC 2016] OK
https://github.com/Neilpang/acme.sh
v2.4.1
-----------------------------------------------------
acme.sh updated
-----------------------------------------------------
acme3.domain1.com nginx vhost + pureftp virtual ftp user setup
/usr/bin/nv -d acme3.domain1.com -s y -u ***
---------------------------------------------------------------
Nginx Vhost Setup...
---------------------------------------------------------------
FTP password auto generated: ***
Password:
Enter it again:
---------------------------------------------------------------
SSL Vhost Setup...
---------------------------------------------------------------
---------------------------------------------------------------
Generating self signed SSL certificate...
CSR file can also be used to be submitted for paid SSL certificates
If using for paid SSL certificates be sure to keep both private key and CSR safe
creating CSR File: acme3.domain1.com.csr
creating private key: acme3.domain1.com.key
creating self-signed SSL certificate: acme3.domain1.com.crt
Generating a 2048 bit RSA private key
........................+++
................................................+++
writing new private key to 'acme3.domain1.com.key'
-----
No value provided for Subject Attribute C, skipped
No value provided for Subject Attribute ST, skipped
No value provided for Subject Attribute L, skipped
Signature ok
subject=/O=acme3.domain1.com/OU=acme3.domain1.com/CN=acme3.domain1.com
Getting Private key
---------------------------------------------------------------
Generating dhparam.pem file - can take a few minutes...
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....++*++*
dhparam file generation time: 19.968457962
-------------------------------------------------------------
/usr/local/src/centminmod/tools/autoprotect.sh
generated nginx include file: /usr/local/nginx/conf/autoprotect/acme3.domain1.com/autoprotect-acme3.domain1.com.conf
autoprotect.sh run completed...
Restarting nginx (via systemctl): [ OK ]
Restarting nginx (via systemctl): [ OK ]
systemctl restart pure-ftpd.service
-------------------------------------------------------------
FTP hostname : IPDDR
FTP port : 21
FTP mode : FTP (explicit SSL)
FTP Passive (PASV) : ensure is checked/enabled
FTP username created for acme3.domain1.com : ***
FTP password created for acme3.domain1.com : ***
-------------------------------------------------------------
vhost for acme3.domain1.com created successfully
domain: http://acme3.domain1.com
vhost conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
vhost ssl for acme3.domain1.com created successfully
domain: https://acme3.domain1.com
vhost ssl conf file for acme3.domain1.com created: /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
/usr/local/nginx/conf/ssl_include.conf created
Self-signed SSL Certificate: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.crt
SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.key
SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.csr
Backup SSL Private Key: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.key
Backup SSL CSR File: /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-backup.csr
upload files to /home/nginx/domains/acme3.domain1.com/public
vhost log files directory is /home/nginx/domains/acme3.domain1.com/log
-------------------------------------------------------------
Current vhost listing at: /usr/local/nginx/conf/conf.d/
Aug 1 19:22 2.1K acme2.domain1.com.conf
Aug 1 19:22 2.2K acme.domain1.com.conf
Aug 1 19:22 4.4K acme2.domain1.com.ssl.conf
Aug 1 19:22 845 ssl.conf
Aug 1 19:22 1.1K demodomain.com.conf
Aug 1 19:22 4.4K acme.domain1.com.ssl.conf
Aug 1 19:22 1.9K virtual.conf
Aug 13 14:22 2.1K acme1.domain1.com.conf
Aug 13 14:22 4.0K acme1.domain1.com.ssl.conf
Aug 18 03:51 2.1K acme3.domain1.com.conf
Aug 18 03:51 4.0K acme3.domain1.com.ssl.conf
-------------------------------------------------------------
Current vhost ssl files listing at: /usr/local/nginx/conf/ssl/acme3.domain1.com
Aug 18 03:50 1.7K acme3.domain1.com.key
Aug 18 03:50 989 acme3.domain1.com.csr
Aug 18 03:50 1.2K acme3.domain1.com.crt
Aug 18 03:50 1.7K acme3.domain1.com-backup.key
Aug 18 03:50 989 acme3.domain1.com-backup.csr
Aug 18 03:50 45 hpkp-info-primary-pin.txt
Aug 18 03:50 45 hpkp-info-secondary-pin.txt
Aug 18 03:51 424 dhparam.pem
-------------------------------------------------------------
Commands to remove acme3.domain1.com
pure-pw userdel ***
rm -rf /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
rm -rf /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.crt
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.key
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com.csr
rm -rf /usr/local/nginx/conf/ssl/acme3.domain1.com
rm -rf /home/nginx/domains/acme3.domain1.com
service nginx restart
-------------------------------------------------------------
vhost for acme3.domain1.com setup successfully
acme3.domain1.com setup info log saved at:
/root/centminlogs/centminmod_180816-035035_nginx_addvhost_nv.log
-------------------------------------------------------------
adjusting /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
change web root:
from:
to: /home/nginx/domains/acme3.domain1.com/customwebroot
root /home/nginx/domains/acme3.domain1.com/customwebroot;
adjusting /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
change web root:
from:
to: /home/nginx/domains/acme3.domain1.com/customwebroot
root /home/nginx/domains/acme3.domain1.com/customwebroot;
grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.conf
root /home/nginx/domains/acme3.domain1.com/customwebroot;
grep 'root' /usr/local/nginx/conf/conf.d/acme3.domain1.com.ssl.conf
root /home/nginx/domains/acme3.domain1.com/customwebroot;
-----------------------------------------------------------
issue & install letsencrypt ssl certificate for acme3.domain1.com
-----------------------------------------------------------
/root/.acme.sh/acme.sh --staging --issue -d acme3.domain1.com -w /home/nginx/domains/acme3.domain1.com/customwebroot -k ec-256 --useragent centminmod-centos7-acmesh-webroot
[Thu Aug 18 03:51:26 UTC 2016] Using stage api:https://acme-staging.api.letsencrypt.org
[Thu Aug 18 03:51:29 UTC 2016] Registering account
[Thu Aug 18 03:51:35 UTC 2016] Already registered
[Thu Aug 18 03:51:35 UTC 2016] Creating domain key
[Thu Aug 18 03:51:35 UTC 2016] Use length 256
[Thu Aug 18 03:51:35 UTC 2016] Using ec name: prime256v1
[Thu Aug 18 03:51:35 UTC 2016] Single domain='acme3.domain1.com'
[Thu Aug 18 03:51:35 UTC 2016] Verify each domain
[Thu Aug 18 03:51:35 UTC 2016] Getting webroot for domain='acme3.domain1.com'
[Thu Aug 18 03:51:35 UTC 2016] Getting token for domain='acme3.domain1.com'
[Thu Aug 18 03:51:41 UTC 2016] Verifying:acme3.domain1.com
[Thu Aug 18 03:51:53 UTC 2016] Success
[Thu Aug 18 03:51:53 UTC 2016] Verify finished, start to sign.
[Thu Aug 18 03:52:00 UTC 2016] Cert success.
-----BEGIN CERTIFICATE-----
MIIEIjCCAwqgAwIBAgITAPpj24sLhHf1bFpstZ/vM3kHLTANBgkqhkiG9w0BAQsF
ADAiMSAwHgYDVQQDDBdGYWtlIExFIEludGVybWVkaWF0ZSBYMTAeFw0xNjA4MTgw
MjUyMDBaFw0xNjExMTYwMjUyMDBaMB8xHTAbBgNVBAMTFGFjbWUzLmNlbnRtaW5t
b2QuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6ohDC8gIO21qPOwEwKpp
U19MzjaIqffw1/ssssssssssssssssssssddBgNVHSUEFjAUBggrBgEFBQcDAQYI
KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUOcYxRj3whiriFsDbk29O
lGvgavQwHwYDVR0jBBgwFoAUwMwDRrlYIMxccnDz4S7LIKb1aDoweAYIKwYBBQUH
AQEEbDBqMDMGCCsGAQUFBzABhidodHRwOi8vb2NzcC5zdGctaW50LXgxLmxldHNl
bmNyeXB0Lm9yZy8wMwYIKwYBBQUHMAKGJ2h0dHA6Ly9jZXJ0LnN0Zy1pbnQteDEu
bGV0c2VuY3J5cHQub3JnLzAfBgNVHREEGDAWghRhY21lMy5jZW50bWlubW9kLmNv
bTCB/gYDVR0gBIH2MIHzMAgGBmeBDAECATCB5gYLKwYBBAGC3xMBAQEwgdYwJgYI
KwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIGrBggrBgEFBQcC
AjCBngyBm1RoaXMgQ2VydGlmaWNhdGUgbWF5IG9ubHkgYmUgcmVsaWVkIHVwb24g
YnkgUmVseWluZyBQYXJ0aWVzIGFuZCBvbmx5IGluIGFjY29yZGFuY2Ugd2l0aCB0
aGUgQ2VydGlmaWNhdGUgUG9saWN5IGZvdW5kIGF0IGh0dHBzOi8vbGV0c2VuY3J5
cHQub3JnL3JlcG9zaXRvcnkvMA0GCSqGSIb3DQEBCwUAA4IBAQA5FizBSptl8KBQ
lgXuVTH20qAgue3KCNEJ8vPWAlu1/9huAVeu+FSwXo0oHlBUlYMjd3Ikvw9FLAbe
deGYqLqa8Je3eW8LQB/CrdN8IZ/XJhuJaR9Py5PaqZgD/vDaxmHXEjrBpvtJPJCU
Ve8dy5uPvHmLkEIKNZm/3o6ox7xtM13SvgqrlUdPnKH3vmJOf5/Azy7TDtj7rco4
45c7XU/m6lL1cIbXZNHHgzUyT98NjIDSfkea9ol+18qB5xxO9lr3JDKgmzBHv7AX
WwD1WN6xsiUR13yjR9Ier7gj9E9YvA6O+d709o2Nwu1Ha6euVueCVFaJ8gcR26Om
R5Gz+EtX
-----END CERTIFICATE-----
[Thu Aug 18 03:52:00 UTC 2016] Your cert is in /root/.acme.sh/acme3.domain1.com_ecc/acme3.domain1.com.cer
[Thu Aug 18 03:52:01 UTC 2016] The intermediate CA cert is in /root/.acme.sh/acme3.domain1.com_ecc/ca.cer
[Thu Aug 18 03:52:01 UTC 2016] And the full chain certs is there: /root/.acme.sh/acme3.domain1.com_ecc/fullchain.cer
ssl_certificate /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer;
ssl_certificate_key /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key;
#ssl_trusted_certificate /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer;
-----------------------------------------------------------
install cert
-----------------------------------------------------------
/root/.acme.sh/acme.sh --installcert -d acme3.domain1.com --certpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --keypath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key --capath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer --reloadCmd /usr/bin/ngxreload --fullchainpath /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key --ecc
[Thu Aug 18 03:52:01 UTC 2016] Installing cert to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
[Thu Aug 18 03:52:01 UTC 2016] Installing CA to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
[Thu Aug 18 03:52:01 UTC 2016] Installing key to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.key
[Thu Aug 18 03:52:01 UTC 2016] Installing full chain to:/usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-fullchain-acme-ecc.key
[Thu Aug 18 03:52:01 UTC 2016] Run Le_ReloadCmd: /usr/bin/ngxreload
Reloading nginx configuration (via systemctl): [ OK ]
[Thu Aug 18 03:52:01 UTC 2016] Reload success
letsencrypt ssl certificate setup completed
ssl certs located at: /usr/local/nginx/conf/ssl/acme3.domain1.com
openssl x509 -noout -text < /usr/local/nginx/conf/ssl/acme3.domain1.com/acme3.domain1.com-acme-ecc.cer
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:63:db:8b:0b:84:77:f5:6c:5a:6c:b5:9f:ef:33:79:07:2d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Fake LE Intermediate X1
Validity
Not Before: Aug 18 02:52:00 2016 GMT
Not After : Nov 16 02:52:00 2016 GMT
Subject: CN=acme3.domain1.com
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:ea:88:43:0b:c8:08:3b:6d:6a:3c:ec:04:c0:aa:
69:53:5f:4c:ce:36:88:a9:f7:f0:d7:ff:ff:cd:3a:
fc:7b:1a:52:99:29:ba:95:e9:f9:c9:5d:49:9d:37:
88:85:12:48:15:b1:55:84:40:f3:c4:99:db:a6:ab:
e2:a1:60:ac:77
ASN1 OID: prime256v1
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
39:C6:31:46:3D:F0:86:2A:E2:16:C0:DB:93:6F:4E:94:6B:E0:6A:F4
X509v3 Authority Key Identifier:
keyid:C0:CC:03:46:B9:58:20:CC:5C:72:70:F3:E1:2E:CB:20:A6:F5:68:3A
Authority Information Access:
OCSP - URI:http://ocsp.stg-int-x1.letsencrypt.org/
CA Issuers - URI:http://cert.stg-int-x1.letsencrypt.org/
X509v3 Subject Alternative Name:
DNS:acme3.domain1.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
Policy: 1.3.6.1.4.1.44947.1.1.1
CPS: http://cps.letsencrypt.org
User Notice:
Explicit Text: This Certificate may only be relied upon by Relying Parties and only in accordance with the Certificate Policy found at https://letsencrypt.org/repository/
Signature Algorithm: sha256WithRSAEncryption
39:16:2c:c1:4a:9b:65:f0:a0:50:96:05:ee:55:31:f6:d2:a0:
20:b9:ed:ca:08:d1:09:f2:f3:d6:02:5b:b5:ff:d8:6e:01:57:
ae:f8:54:b0:5e:8d:28:1e:50:54:95:83:23:77:72:24:bf:0f:
45:2c:06:de:75:e1:98:ff:ba:9a:f0:97:b7:79:6f:0b:40:1f:
c2:ad:d3:7c:21:9f:d7:26:1b:89:69:1f:4f:cb:93:da:a9:98:
03:fe:f0:da:c6:61:d7:12:3a:c1:a6:fb:49:3c:90:94:55:ef:
1d:cb:9b:8f:bc:79:8b:9f:42:0a:35:99:bf:de:8e:a8:c7:bc:
6d:33:5d:d2:be:0a:ab:95:47:4f:9c:a1:f7:be:62:4e:7f:9f:
c0:cf:2e:d3:0e:d8:fb:ad:ca:38:e3:97:3b:5d:4f:e6:ea:52:
f5:70:86:d7:64:d1:c7:83:35:32:4f:df:0d:8c:80:d2:7e:47:
9a:f6:89:7e:d7:ca:81:e7:1c:4e:f6:5a:f7:24:32:a0:9b:30:
47:bf:b0:17:5b:00:f5:58:de:b1:b2:25:11:d7:7c:a3:47:d2:
1e:af:b8:23:f4:4f:58:bc:0e:8e:f9:de:f4:f6:8d:8d:c2:ed:
47:6b:a7:ae:56:e7:82:54:56:89:f2:07:11:db:a3:a6:47:91:
b3:f8:4b:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment