Preparing for letsencrypt

This commit is contained in:
Bob Mottram 2015-12-05 14:02:15 +00:00
parent e48d8ab9ea
commit 178f9becd1
1 changed files with 7 additions and 1 deletions

View File

@ -45,6 +45,7 @@ NODH=
DH_KEYLENGTH=2048 DH_KEYLENGTH=2048
INSTALL_DIR=/root/build INSTALL_DIR=/root/build
LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory' LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
LETSENCRYPT_REPO='https://github.com/letsencrypt/letsencrypt'
function show_help { function show_help {
echo '' echo ''
@ -155,7 +156,7 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
# obtain the repo # obtain the repo
if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
git clone https://github.com/letsencrypt/letsencrypt git clone $LETSENCRYPT_REPO
if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
exit 76283 exit 76283
fi fi
@ -165,11 +166,15 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
git pull git pull
fi fi
# stop the web server
systemctl stop nginx
cd ${INSTALL_DIR}/letsencrypt cd ${INSTALL_DIR}/letsencrypt
# TODO this requires user interaction - is there a non-interactive mode? # TODO this requires user interaction - is there a non-interactive mode?
./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
if [ ! "$?" = "0" ]; then if [ ! "$?" = "0" ]; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME" echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
systemctl start nginx
exit 63216 exit 63216
fi fi
@ -200,6 +205,7 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
systemctl start nginx
else else
CERTFILE=$HOSTNAME CERTFILE=$HOSTNAME
if [[ $ORGANISATION == "Freedombone-CA" ]]; then if [[ $ORGANISATION == "Freedombone-CA" ]]; then