darcyliu/apache.conf

## apache.conf
# host challenge files on Apache for your domain
<VirtualHost *:80>
	ServerAdmin webmaster@example.com
	DocumentRoot /var/www/example.domain
	ServerName example.domain

	# Add following code to your Apache VirtualHost
	Alias "/.well-known/acme-challenge" "/var/www/challenges/"
	<Directory "/var/www/challenges/">
	Header set Content-Type "application/jose+json"
	</Directory>
</VirtualHost>

## easy_letsencrypt.sh
#!/bin/bash
if [ ! -d "letsencrypt" ]; then
    mkdir letsencrypt
fi

cd letsencrypt
pwd
ls

PYVER=`python --version 2>&1 | cut -d" " -f 2 | cut -d. -f1,2 | sed 's/\.//'`

if [ $PYVER -lt 27 ] ; then
    wget https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tar.xz
    xz -d Python-2.7.9.tar.xz
    tar -xvf  Python-2.7.9.tar
    cd Python-2.7.9
    ./configure --prefix=/usr/local
    make
    make install
    python -V

    cd ..
fi

if [ ! -f "intermediate.pem" ]; then
    curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
fi

if [ ! -d "acme-tiny" ]; then
    git clone https://github.com/diafygi/acme-tiny
    #cd acme-tiny/
fi

function usage
{
    echo "usage: sh easy_letsencrypt.sh -d example.domain"
}

domain=example.domain

while [ "$1" != "" ]; do
    case $1 in
        -d )        shift
                    domain=$1
                    ;;
        * )         usage
                    exit 1
    esac
    shift
done

if [ ! -f "account.key" ]; then
    openssl genrsa 4096 > account.key
fi

domain_key=$domain'.key'
if [ ! -f "$domain_key" ]; then
    openssl genrsa 4096 > $domain_key
fi

domain_csr=$domain'.csr'
if [ ! -f "$domain_csr" ]; then
    openssl req -new -sha256 -key $domain_key -subj "/CN=$domain" > $domain_csr
    #openssl req -new -sha256 -key $domain_key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) > $domain_csr
fi

if [ ! -d "/var/www/challenges/" ]; then
    mkdir -p /var/www/challenges/
fi
domain_crt=$domain'.crt'
python acme-tiny/acme_tiny.py --account-key ./account.key --csr ./$domain_csr --acme-dir /var/www/challenges/ > ./$domain_crt

domain_pem=$domain'.pem'
cat $domain_crt intermediate.pem > $domain_pem

SSLCertificateFile=$(pwd)'/'$domain_crt
SSLCertificateKeyFile=$(pwd)'/'$domain_key
SSLCertificateChainFile=$(pwd)'/'$domain_pem

domain_ssl_conf=$domain'.ssl.conf'
rm -rf domain_ssl_conf
cat << EOF > $domain_ssl_conf
<VirtualHost *:443>
    DocumentRoot /var/www/$domain
    ServerName $domain

    # SSL Protocol support:
    # List the enable protocol levels with which clients will be able to
    # connect.  Disable SSLv2 access by default:
    SSLProtocol All -SSLv2 -SSLv3

    # SSL Cipher Suite:
    # List the ciphers that the client is permitted to negotiate.
    # See the mod_ssl documentation for a complete list.
    # SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!RC4
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

    SSLEngine On
    SSLCertificateFile $SSLCertificateFile
    SSLCertificateKeyFile $SSLCertificateKeyFile
    SSLCertificateChainFile $SSLCertificateChainFile
</VirtualHost>
EOF

cp -f $domain_ssl_conf '/etc/httpd/conf.d/'$domain_ssl_conf
service httpd restart

## ssl.conf
<VirtualHost *:443>
	DocumentRoot /var/www/example.domain
	ServerName example.domain

	# SSL Protocol support:
	# List the enable protocol levels with which clients will be able to
	# connect.  Disable SSLv2 access by default:
	SSLProtocol All -SSLv2 -SSLv3

	# SSL Cipher Suite:
	# List the ciphers that the client is permitted to negotiate.
	# See the mod_ssl documentation for a complete list.
	# SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!RC4
	SSLHonorCipherOrder on
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

	SSLEngine On
	SSLCertificateFile /root/letsencrypt/example.domain.crt
	SSLCertificateKeyFile /root/letsencrypt/example.domain.key
	SSLCertificateChainFile /root/letsencrypt/example.domain.pem
</VirtualHost>
	# host challenge files on Apache for your domain
	<VirtualHost *:80>
	ServerAdmin webmaster@example.com
	DocumentRoot /var/www/example.domain
	ServerName example.domain

	# Add following code to your Apache VirtualHost
	Alias "/.well-known/acme-challenge" "/var/www/challenges/"
	<Directory "/var/www/challenges/">
	Header set Content-Type "application/jose+json"
	</Directory>
	</VirtualHost>
	#!/bin/bash
	if [ ! -d "letsencrypt" ]; then
	mkdir letsencrypt
	fi

	cd letsencrypt
	pwd
	ls

	PYVER=`python --version 2>&1 \| cut -d" " -f 2 \| cut -d. -f1,2 \| sed 's/\.//'`

	if [ $PYVER -lt 27 ] ; then
	wget https://www.python.org/ftp/python/2.7.9/Python-2.7.9.tar.xz
	xz -d Python-2.7.9.tar.xz
	tar -xvf Python-2.7.9.tar
	cd Python-2.7.9
	./configure --prefix=/usr/local
	make
	make install
	python -V

	cd ..
	fi

	if [ ! -f "intermediate.pem" ]; then
	curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > intermediate.pem
	fi

	if [ ! -d "acme-tiny" ]; then
	git clone https://github.com/diafygi/acme-tiny
	#cd acme-tiny/
	fi

	function usage
	{
	echo "usage: sh easy_letsencrypt.sh -d example.domain"
	}

	domain=example.domain

	while [ "$1" != "" ]; do
	case $1 in
	-d ) shift
	domain=$1
	;;
	* ) usage
	exit 1
	esac
	shift
	done

	if [ ! -f "account.key" ]; then
	openssl genrsa 4096 > account.key
	fi

	domain_key=$domain'.key'
	if [ ! -f "$domain_key" ]; then
	openssl genrsa 4096 > $domain_key
	fi

	domain_csr=$domain'.csr'
	if [ ! -f "$domain_csr" ]; then
	openssl req -new -sha256 -key $domain_key -subj "/CN=$domain" > $domain_csr
	#openssl req -new -sha256 -key $domain_key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:example.com,DNS:www.example.com")) > $domain_csr
	fi

	if [ ! -d "/var/www/challenges/" ]; then
	mkdir -p /var/www/challenges/
	fi
	domain_crt=$domain'.crt'
	python acme-tiny/acme_tiny.py --account-key ./account.key --csr ./$domain_csr --acme-dir /var/www/challenges/ > ./$domain_crt

	domain_pem=$domain'.pem'
	cat $domain_crt intermediate.pem > $domain_pem

	SSLCertificateFile=$(pwd)'/'$domain_crt
	SSLCertificateKeyFile=$(pwd)'/'$domain_key
	SSLCertificateChainFile=$(pwd)'/'$domain_pem

	domain_ssl_conf=$domain'.ssl.conf'
	rm -rf domain_ssl_conf
	cat << EOF > $domain_ssl_conf
	<VirtualHost *:443>
	DocumentRoot /var/www/$domain
	ServerName $domain

	# SSL Protocol support:
	# List the enable protocol levels with which clients will be able to
	# connect. Disable SSLv2 access by default:
	SSLProtocol All -SSLv2 -SSLv3

	# SSL Cipher Suite:
	# List the ciphers that the client is permitted to negotiate.
	# See the mod_ssl documentation for a complete list.
	# SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW:!RC4
	SSLHonorCipherOrder on
	SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"

	SSLEngine On
	SSLCertificateFile $SSLCertificateFile
	SSLCertificateKeyFile $SSLCertificateKeyFile
	SSLCertificateChainFile $SSLCertificateChainFile
	</VirtualHost>
	EOF

	cp -f $domain_ssl_conf '/etc/httpd/conf.d/'$domain_ssl_conf
	service httpd restart