Last active
January 9, 2019 15:48
-
-
Save dptole/5360ad013582a19fc198eea84a054b32 to your computer and use it in GitHub Desktop.
Generate your free certificate with Let's Encrypt! https://letsencrypt.org/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Created at 2018-10-15 | |
| # CHECKUPS | |
| echo "LAST CHANCE TO BACK UP YOUR OLD CERTIFICATES!" | |
| echo "" | |
| read | |
| echo "THE DESIGNATED DOMAIN MUST BE ACCESSIBLE FROM THE INTERNET FOR OWNERSHIP VERIFICATION!" | |
| echo "" | |
| read | |
| # IF THE COMMAND certbot DOESNT EXIST | |
| if ! ( which certbot &> /dev/null ) | |
| then | |
| echo "THE COMMAND certbot DOES NOT EXIST" | |
| echo "https://certbot.eff.org/" | |
| exit 1 | |
| fi | |
| # SETUP | |
| localdir="$(dirname "$0")" | |
| # DOMAIN TO WHICH THE CERTIFICATE WILL BE ISSUED | |
| # THIS DOMAIN MUST BE ACCESSIBLE FROM THE INTERNET | |
| # BECAUSE LETSENCRYPT WILL SEND A REQUEST TO VERIFY OWNERSHIP | |
| domain="YOUR-DOMAIN" # EDIT | |
| # SHELLSCRIPT COMMAND TO RESTART THE SERVER | |
| RESTART_SERVER_COMMAND="echo SOMEHOW_RESTART_THE_SERVER" # EDIT | |
| # APPLICATION ROOT FOLDER | |
| server_root_folder="APPLICATION ROOT FOLDER" # EDIT | |
| # CERTIFICATES FOLDER | |
| server_cert_path="$server_root_folder/RELATIVE PATH" # EDIT | |
| # SERVER PATH WHERE FILES ARE SERVED | |
| server_root_path="$server_root_folder/RELATIVE PATH" # EDIT | |
| # NEW CERTIFICATES FILES | |
| server_fullchain="$server_cert_path/RELATIVE PATH" # EDIT | |
| server_cert="$server_cert_path/RELATIVE PATH" # EDIT | |
| server_privkey="$server_cert_path/RELATIVE PATH" # EDIT | |
| # DO NOT EDIT | |
| letsencrypt_root_dir="$localdir/letsconfig" | |
| letsencrypt_workdir="$letsencrypt_root_dir/workdir" | |
| letsencrypt_configdir="$letsencrypt_root_dir/configdir" | |
| letsencrypt_logsdir="$letsencrypt_root_dir/logsdir" | |
| letsencrypt_challenge_path="$server_root_path/.well-known/acme-challenge/" | |
| letsencrypt_fullchain="$letsencrypt_configdir/archive/$domain/fullchain1.pem" | |
| letsencrypt_cert="$letsencrypt_configdir/archive/$domain/cert1.pem" | |
| letsencrypt_privkey="$letsencrypt_configdir/archive/$domain/privkey1.pem" | |
| # CREATE THE LETSENCRYPT FOLDER IF THEY DONT EXIST | |
| echo "SETTING UP LETSENCRYPT CONFIG FOLDERS..." | |
| sleep 1 | |
| test -d "$letsencrypt_workdir" && mkdir -p "$letsencrypt_workdir" | |
| test -d "$letsencrypt_configdir" && mkdir -p "$letsencrypt_configdir" | |
| test -d "$letsencrypt_logsdir" && mkdir -p "$letsencrypt_logsdir" | |
| # CREATE THE FOLDER /.well-known/acme-challenge/ IN THE SERVER ROOT FOLDER WHERE FILES ARE SERVED | |
| echo "SETTING UP LETSENCRYPT CHALLENGE FOLDER..." | |
| sleep 1 | |
| test -d "$letsencrypt_challenge_path" && mkdir -p "$letsencrypt_challenge_path" | |
| # CHECK IF THE CERTIFICATE NEEDS TO BE UPDATED | |
| letsencrypt_fullchain_mtime_old=0 | |
| if test -e "$letsencrypt_privkey" | |
| then | |
| letsencrypt_fullchain_mtime_old="$(stat -c %Y "$letsencrypt_privkey")" | |
| fi | |
| # GENERATE THE CERTIFICATE | |
| echo "GENERATING THE CERTIFICATE..." | |
| sleep 1 | |
| certbot certonly \ | |
| -n \ | |
| --register-unsafely-without-email \ | |
| --webroot \ | |
| --agree-tos \ | |
| -w "$server_root_path" \ | |
| --work-dir "$letsencrypt_workdir" \ | |
| --logs-dir "$letsencrypt_logsdir" \ | |
| --config-dir "$letsencrypt_configdir" \ | |
| -d "$domain" | |
| # CHECK FOR NON-ZERO ERROR CODE | |
| if [ "$?" != "0" ] | |
| then | |
| echo "ERROR GENERATING THE CERTIFICATE" | |
| exit 2 | |
| fi | |
| # CHECK IF THE CERTIFICATE NEEDS TO BE UPDATED | |
| letsencrypt_fullchain_mtime_new=1 | |
| if test -e "$letsencrypt_privkey" | |
| then | |
| letsencrypt_fullchain_mtime_new="$(stat -c %Y "$letsencrypt_privkey")" | |
| fi | |
| # CHECK IF THE CERTIFICATE NEEDS TO BE UPDATED | |
| if [ "$letsencrypt_fullchain_mtime_old" == "$letsencrypt_fullchain_mtime_new" ] | |
| then | |
| echo "CERTIFICATE NOT YET DUE FOR RENEWAL" | |
| exit 3 | |
| fi | |
| # INSTALL THE NEW CERTIFICATES | |
| echo "INSTALLING CERTIFICATES..." | |
| sleep 1 | |
| cp "$letsencrypt_fullchain" "$server_fullchain" | |
| cp "$letsencrypt_cert" "$server_cert" | |
| cp "$letsencrypt_privkey" "$server_privkey" | |
| # SOMEHOW RESTART THE SERVER | |
| echo "RESTARTING SERVER..." | |
| sleep 1 | |
| $RESTART_SERVER_COMMAND | |
| exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment