Last active
May 25, 2016 13:07
-
-
Save jpitoniak/feb98f293b4263b9a9a9b47dbc5a8cfe to your computer and use it in GitHub Desktop.
A quick script for obtianing and automatically renewing Let's Encrypt certificates
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Quick Let's Encrypt Certificate Autoinstaller | |
# | |
# Quick script to install a Let's Encrypt certificate on a bunch of domains | |
# and schedule automatic renewals with at | |
# | |
# Assumes that: | |
# 1. The "certbot-auto" client is available (https://github.com/certbot/certbot, https://certbot.eff.org/) | |
# 2. All of the domains can handle the /.well-known/acme-challenge request | |
# 3. The all virtual hosts are already configured to use the cert (the request is made with "certonly") | |
# 4. at is available on the system | |
# Configuration: | |
# Domain list (comma separated, be sure to add both www and non-www variants if you want both to work) | |
DOMAINS="domain1.com,www.domain1.com,domain2.com" | |
# Email Address | |
EMAIL="admin@domain1.com" | |
# Autorenew period | |
RENEW_IN="60 days" | |
# ACME Client Path | |
ACME_CLIENT="/usr/local/bin/certbot-auto" | |
# Let's Encrypt Command | |
CMD="$ACME_CLIENT -t --renew-by-default --agree-tos --webroot -w /etc/letsencrypt/webroot | |
--server https://acme-v01.api.letsencrypt.org/directory" | |
### END OF CONFIG ### | |
# Make the certificate request | |
$CMD -m $EMAIL -d $DOMAINS certonly | |
# Check if it worked | |
if [[ $? -ne 0 ]] | |
then | |
# Something weny wrong | |
echo "The ACME client returned an error status. Aborting." | |
exit 143 | |
fi | |
# Looks like it worked, set autorenewal with at | |
echo $0 $* | at "now + $RENEW_IN" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment