Last active
December 19, 2016 07:01
-
-
Save wokamoto/219e1e8d6ccadb5fb2744b9bf751b494 to your computer and use it in GitHub Desktop.
[AWS] Let's Encrypt で更新した証明書を自動的にアップロードして ELB の SSL 証明書を入れ替える ref: http://qiita.com/wokamoto/items/5231923cb49081ff7d87
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letsencrypt renew --renew-hook '/root/bin/upload-cert.sh' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
letsencrypt renew --renew-hook '/root/bin/upload-cert.sh' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
set -eux | |
_domain='example.com' | |
_elb_name='{ELB_NAME_HERE}' | |
_elb_port='443' | |
_cert_path="/${_domain}/" | |
_date=$(date +%Y%m%d-%H%M%S) | |
_cert_name="${_domain}-${_date}" | |
# 新しいSSL証明書をアップロード | |
cd /etc/letsencrypt/live/${_domain}/ | |
aws iam upload-server-certificate \ | |
--server-certificate-name ${_cert_name} \ | |
--certificate-body file://cert.pem \ | |
--private-key file://privkey.pem \ | |
--certificate-chain file://chain.pem \ | |
--path ${_cert_path} | |
# 新しいSSL証明書を ELB(classic) のリスナーにセット | |
sleep 60 | |
_cert_arn=$(aws iam get-server-certificate --server-certificate-name ${_cert_name} | jq -r '.ServerCertificate.ServerCertificateMetadata.Arn') | |
aws elb set-load-balancer-listener-ssl-certificate \ | |
--load-balancer-name ${_elb_name} \ | |
--load-balancer-port ${_elb_port} \ | |
--ssl-certificate-id ${_cert_arn} | |
# 古いSSL証明書を削除 | |
_certs=$(aws iam list-server-certificates --path-prefix ${_cert_path} | jq -r '.ServerCertificateMetadataList[].ServerCertificateName') | |
for _cert in ${_certs}; do | |
if [ "${_cert_name}" != "${_cert}" ]; then | |
aws iam delete-server-certificate --server-certificate-name ${_cert} | |
fi | |
done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment