Skip to content

Instantly share code, notes, and snippets.

@pmlandwehr

pmlandwehr/letsencrypt_nfsn.sh

Created December 27, 2016 17:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save pmlandwehr/17cdf13658f81269346d27789a66ca60 to your computer and use it in GitHub Desktop.
Save pmlandwehr/17cdf13658f81269346d27789a66ca60 to your computer and use it in GitHub Desktop.
Download ZIP
Script for setting up HTTPS on NFSN
Raw
letsencrypt_nfsn.sh
#!/bin/bash
if [ "$#" -le 0]]; then
echo Usage: ./letsencrypt_nfsh.sh domain [domain 2] [domain 3]...
exit 0
fi
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O intermediate.pem
wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py -O acme_tiny.py
for dir in /home/public/.well-known/ /home/public/.well-known/acme-challenge/; do
if [ ! -d $dir ]; then
mkdir $dir
fi
done
while [[ $# -gt 0 ]]; do
val="$1"
echo Making $val key directory...
if [ ! -d $val ]; then
mkdir $val
fi
echo Making account keys for $val...
if [ ! -f $val/acct.key ]; then
openssl genrsa -out $val/acct.key 4096
fi
if [ ! -f $val/acct.pub ]; then
openssl rsa -in $val/acct.key -pubout -out $val/acct.pub
fi
echo Making signing requests for $val...
if [ ! -f $val/domain.key ]; then
openssl genrsa -out $val/domain.key 4096
fi
if [ ! -f $val/domain.csr ]; then
openssl req -new -sha256 -key $val/domain.key -subj "/" \
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
<(printf "[SAN]\nsubjectAltName=DNS:$val")) \
> $val/domain.csr
fi
echo Certifying $val with letsencrypt.org...
python acme_tiny.py \
--account-key $val/acct.key \
--csr $val/domain.csr \
--acme-dir /home/public/.well-known/acme-challenge/ \
> $val/domain.crt
echo Registering certs with NearlyFreeSpeech...
cat $val/domain.key $val/domain.crt intermediate.pem | \
nfsn -i set-tls
shift
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment