Last active
December 28, 2021 16:50
-
-
Save yugaego/67a792b1e2b468efcf7d2433a60dd6f5 to your computer and use it in GitHub Desktop.
Manage Let's Encrypt Certificate using Certbot with SSL Virtual Hosts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Setup custom SSL virtual host with Lets Encrypt certificate | |
| # In /etc/httpd/conf.d/ssl.conf add line 'IncludeOptional conf.d/ssl/*.host' | |
| searchDir=../path/to/dir/with/domain/names/to/setup | |
| hostsDir=/etc/httpd/conf.d/ssl | |
| documentRoot=../path/to/www/dir | |
| certNotificationsEmail=some@email.dev | |
| dbConfig=../path/to/db/config.file | |
| tableName=dbTableNameToUpdate | |
| restartServer=0 | |
| printf "\n"; | |
| echo "$(date +'%d/%m/%Y %H:%M:%S:%3N')"; | |
| if [ "$(whoami)" != 'root' ]; then | |
| echo "You have to execute this script as root user" | |
| exit 1; | |
| fi | |
| function createDomain() { | |
| if [ "$1" != "" ]; then | |
| file=$1 | |
| else | |
| echo "Domain name must be passed in the first argument, f.i. path/to/sub.domain.tld" | |
| exit 1; | |
| fi | |
| domainName="$(basename "$file")" | |
| appId=$(head -n 1 "$file") | |
| echo "App ID: $appId" | |
| echo "Request Lets Encrypt certificate" | |
| certbot certonly --agree-tos -n -a webroot -w "$documentRoot" -d "$domainName" -m "$certNotificationsEmail" | |
| echo "Create new VirtualHost" | |
| echo "<VirtualHost *:443> | |
| ServerName $domainName | |
| SSLEngine on | |
| SSLCertificateFile /etc/letsencrypt/live/$domainName/cert.pem | |
| SSLCertificateKeyFile /etc/letsencrypt/live/$domainName/privkey.pem | |
| SSLCACertificateFile /etc/letsencrypt/live/$domainName/chain.pem | |
| </VirtualHost>" > "$hostsDir"/"$domainName".host | |
| if ! echo -e "$hostsDir"/"$domainName".host; then | |
| echo "SSL virtual host wasn't created!" | |
| return 1; | |
| else | |
| echo "SSL virtual host created!" | |
| fi | |
| echo "Perform httpd configuration test" | |
| configTestResult=$(/sbin/service httpd configtest 2>&1) | |
| if [ "$configTestResult" != "Syntax OK" ]; then | |
| echo "Httpd configuration test returned the error: $configTestResult"; | |
| echo "Exiting"; | |
| exit 1; | |
| fi | |
| echo "Update database saved domain name" | |
| dbhost=$(grep -oP "'DB_HOST'.+?'\K[^']+" "$dbConfig") | |
| dbname=$(grep -oP "'DB_NAME'.+?'\K[^']+" "$dbConfig") | |
| dbuser=$(grep -oP "'DB_USER'.+?'\K[^']+" "$dbConfig") | |
| dbpwd=$(grep -oP "'DB_PWD'.+?'\K[^']+" "$dbConfig") | |
| mysql --user="$dbuser" --password="$dbpwd" --host="$dbhost" << EOF | |
| USE $dbname; | |
| UPDATE $tableName SET domain="$domainName" WHERE id=$appId; | |
| EOF | |
| echo "======================================" | |
| echo "Database is updated" | |
| echo "======================================" | |
| echo "Remove request file" | |
| rm -v "$file" | |
| return 0 | |
| } | |
| for domainRequest in "$searchDir"/* | |
| do | |
| if [ -f "$domainRequest" ]; then | |
| createDomain "$domainRequest" | |
| restartServer=1 | |
| fi | |
| done | |
| if [ "$restartServer" -eq 1 ]; then | |
| echo "======================================" | |
| echo "Restarting httpd..." | |
| echo "======================================" | |
| /sbin/service httpd graceful | |
| fi | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Remove custom SSL virtual host with Lets Encrypt certificate related files | |
| searchDir=../www/data/cert-remove | |
| hostsDir=/etc/httpd/conf.d/ssl | |
| certsDir=/etc/letsencrypt | |
| restartServer=0 | |
| printf "\n"; | |
| echo "$(date +'%d/%m/%Y %H:%M:%S:%3N')"; | |
| if [ "$(whoami)" != 'root' ]; then | |
| echo "You have to execute this script as root user" | |
| exit 1; | |
| fi | |
| function removeDomain() { | |
| if [ "$1" != "" ]; then | |
| file=$1 | |
| else | |
| echo "Domain name must be passed in the first argument, f.i. path/to/sub.domain.tld" | |
| exit 1; | |
| fi | |
| domainName="$(basename "$file")" | |
| appId=$(head -n 1 "$file") | |
| echo "App ID: $appId" | |
| echo "Remove SSL virtual host"; | |
| rm "$hostsDir"/"$domainName".host | |
| echo "Remove Lets Encrypt certificates"; | |
| echo "Remove live files"; | |
| rm -r "$certsDir"/live/"$domainName" | |
| echo "Remove archive files"; | |
| rm -r "$certsDir"/archive/"$domainName" | |
| echo "Remove renewal file"; | |
| rm "$certsDir"/renewal/"$domainName".conf | |
| echo "Remove request file" | |
| rm -v "$file" | |
| return 0 | |
| } | |
| for removalRequest in "$searchDir"/* | |
| do | |
| if [ -f "$removalRequest" ]; then | |
| removeDomain "$removalRequest" | |
| restartServer=1 | |
| fi | |
| done | |
| if [ "$restartServer" -eq 1 ]; then | |
| echo "======================================" | |
| echo "Restarting httpd..." | |
| echo "======================================" | |
| /sbin/service httpd graceful | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment