deanet/gen-le-ssl.sh

## gen-le-ssl.sh
#!/bin/bash
##
##get acme_tiny
[ -d "./acme-tiny" ] && echo "Directory acme_tiny exists." || mkdir ./acme-tiny;
##curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py
#curl https://raw.githubusercontent.com/deanet/acme-tiny/46b792aff37c0a18b86b7cf262e143ea1f230374/acme_tiny.py > acme-tiny/acme_tiny.py
curl https://raw.githubusercontent.com/deanet/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py


echo -n "Enter DN or FQDN: "
read domain
echo -n "Enter Full Path www: "
read fullpath


echo "$domain";
echo "$fullpath";

rm -rf $domain;
echo "mkdir working directory..."
mkdir $domain
workdir="`pwd`/$domain/"

echo "generate account key for $domain .."
openssl genrsa 4096 > $workdir/${domain}_account.key

echo "generate domain private key....";
openssl genrsa 4096 > $workdir/${domain}.key

echo "generate csr..";

openssl req -new -sha256 -key $workdir/${domain}.key -subj "/CN=$domain" > $workdir/${domain}.csr

#openssl req -new -sha256 -key $workdir/${domain}.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain,DNS:www.$domain")) > $workdir/${domain}.csr

echo "create directory acmi at ${fullpath}.."
mkdir -p $fullpath/.well-known/acme-challenge
echo "create file verification at $fullpath/.well-known/acme-challenge/.."

echo "Get a signed certificate.."
python acme-tiny/acme_tiny.py --account-key $workdir/${domain}_account.key --csr $workdir/${domain}.csr --acme-dir $fullpath/.well-known/acme-challenge/ > $workdir/signed.crt

wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > $workdir/intermediate.pem
cat $workdir/signed.crt $workdir/intermediate.pem > $workdir/chained.crt

echo "File $domain/chained.crt = Signed + Intermediate Cert";
echo "File $domain/signed.crt = Signed Cert";
echo "File $domain/${domain}.key = Private key";
	#!/bin/bash
	##
	##get acme_tiny
	[ -d "./acme-tiny" ] && echo "Directory acme_tiny exists." \|\| mkdir ./acme-tiny;
	##curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py
	#curl https://raw.githubusercontent.com/deanet/acme-tiny/46b792aff37c0a18b86b7cf262e143ea1f230374/acme_tiny.py > acme-tiny/acme_tiny.py
	curl https://raw.githubusercontent.com/deanet/acme-tiny/master/acme_tiny.py > acme-tiny/acme_tiny.py



	echo -n "Enter DN or FQDN: "
	read domain
	echo -n "Enter Full Path www: "
	read fullpath


	echo "$domain";
	echo "$fullpath";

	rm -rf $domain;
	echo "mkdir working directory..."
	mkdir $domain
	workdir="`pwd`/$domain/"

	echo "generate account key for $domain .."
	openssl genrsa 4096 > $workdir/${domain}_account.key

	echo "generate domain private key....";
	openssl genrsa 4096 > $workdir/${domain}.key

	echo "generate csr..";

	openssl req -new -sha256 -key $workdir/${domain}.key -subj "/CN=$domain" > $workdir/${domain}.csr

	#openssl req -new -sha256 -key $workdir/${domain}.key -subj "/" -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:$domain,DNS:www.$domain")) > $workdir/${domain}.csr

	echo "create directory acmi at ${fullpath}.."
	mkdir -p $fullpath/.well-known/acme-challenge
	echo "create file verification at $fullpath/.well-known/acme-challenge/.."

	echo "Get a signed certificate.."
	python acme-tiny/acme_tiny.py --account-key $workdir/${domain}_account.key --csr $workdir/${domain}.csr --acme-dir $fullpath/.well-known/acme-challenge/ > $workdir/signed.crt

	wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > $workdir/intermediate.pem
	cat $workdir/signed.crt $workdir/intermediate.pem > $workdir/chained.crt

	echo "File $domain/chained.crt = Signed + Intermediate Cert";
	echo "File $domain/signed.crt = Signed Cert";
	echo "File $domain/${domain}.key = Private key";