Created
December 27, 2016 17:13
-
-
Save pmlandwehr/17cdf13658f81269346d27789a66ca60 to your computer and use it in GitHub Desktop.
Script for setting up HTTPS on NFSN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ "$#" -le 0]]; then | |
echo Usage: ./letsencrypt_nfsh.sh domain [domain 2] [domain 3]... | |
exit 0 | |
fi | |
wget https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem -O intermediate.pem | |
wget https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py -O acme_tiny.py | |
for dir in /home/public/.well-known/ /home/public/.well-known/acme-challenge/; do | |
if [ ! -d $dir ]; then | |
mkdir $dir | |
fi | |
done | |
while [[ $# -gt 0 ]]; do | |
val="$1" | |
echo Making $val key directory... | |
if [ ! -d $val ]; then | |
mkdir $val | |
fi | |
echo Making account keys for $val... | |
if [ ! -f $val/acct.key ]; then | |
openssl genrsa -out $val/acct.key 4096 | |
fi | |
if [ ! -f $val/acct.pub ]; then | |
openssl rsa -in $val/acct.key -pubout -out $val/acct.pub | |
fi | |
echo Making signing requests for $val... | |
if [ ! -f $val/domain.key ]; then | |
openssl genrsa -out $val/domain.key 4096 | |
fi | |
if [ ! -f $val/domain.csr ]; then | |
openssl req -new -sha256 -key $val/domain.key -subj "/" \ | |
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf \ | |
<(printf "[SAN]\nsubjectAltName=DNS:$val")) \ | |
> $val/domain.csr | |
fi | |
echo Certifying $val with letsencrypt.org... | |
python acme_tiny.py \ | |
--account-key $val/acct.key \ | |
--csr $val/domain.csr \ | |
--acme-dir /home/public/.well-known/acme-challenge/ \ | |
> $val/domain.crt | |
echo Registering certs with NearlyFreeSpeech... | |
cat $val/domain.key $val/domain.crt intermediate.pem | \ | |
nfsn -i set-tls | |
shift | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment