mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-25 07:07:46 +01:00
Code Issues Projects Releases Packages Wiki Activity

#1334 added cert-issue to lentsencrypt script

Browse source
This commit is contained in:
rootzoll 2020-07-14 14:16:39 +02:00
parent 12e395f219
commit 9200db6ff8
1 changed files with 77 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

77
home.admin/config.scripts/bonus.letsencrypt.sh
View file

@ -4,6 +4,7 @@
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
echo "config script to install or remove the Let's Encrypt Client (ACME.SH)" echo "config script to install or remove the Let's Encrypt Client (ACME.SH)"
echo "bonus.letsencrypt.sh [on|off]" echo "bonus.letsencrypt.sh [on|off]"
echo "bonus.letsencrypt.sh issue-cert DNSSERVICE FULLDOMAINNAME APITOKEN ip|tor|ip&tor"
exit 1 exit 1
fi fi
@ -138,6 +139,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "" echo ""
fi fi
# make sure storage directory exist
sudo mkdir -p /mnt/hdd/app-data/letsencrypt/certs 2>/dev/null
sudo chown -R admin:admin /mnt/hdd/app-data/letsencrypt
sudo chmod -R 733 /mnt/hdd/app-data/letsencrypt
acme_install "${address}" acme_install "${address}"
echo "" echo ""
@ -145,6 +151,77 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "*** Let's Encrypt Client 'acme.sh' appears to be installed already ***" echo "*** Let's Encrypt Client 'acme.sh' appears to be installed already ***"
fi fi
###################
# ISSUE-CERT
###################
elif [ "$1" = "issue-cert" ]; then
# get and check parameters
dnsservice=$2
FQDN=$3
apitoken=$4
options=$4
if [ ${#dnsservice} -eq 0 ] || [ ${#FQDN} -eq 0 ] || [ ${#apitoken} -eq 0 ]; then
echo "error='invalid parameters'"
exit 1
fi
if [ ${#options} -eq 0 ]; then
options="ip&tor"
fi
# prepare values and exports based on dnsservice
if [ "${dnsservice}" == "duckdns" ]; then
echo "# preparing DUCKDNS"
dnsservice="dns_duckdns"
export DuckDNS_Token="${token}"
else
echo "error='not supported dnsservice'"
exit 1
fi
# create certicicates
echo "# creating certs"
/home/admin/.acme.sh/acme.sh --home "/home/admin/.acme.sh" --config-home "/mnt/hdd/app-data/letsencrypt" --cert-home "/mnt/hdd/app-data/letsencrypt/certs" --issue --dns ${dnsservice} -d ${FQDN} --keylength ec-256 1>&2
# replace certs for clearnet
if [ "${options}" == "ip" ] || [ "${options}" == "ip&tor" ]; then
echo "# replacing IP certs"
sudo rm /mnt/hdd/app-data/nginx/tls.cert
sudo rm /mnt/hdd/app-data/nginx/tls.key
sudo ln -s /mnt/hdd/app-data/letsencrypt/certs/${FQDN}_ecc/fullchain.cer /mnt/hdd/app-data/nginx/tls.cert
sudo ln -s /mnt/hdd/app-data/letsencrypt/certs/${FQDN}_ecc/${FQDN}.key /mnt/hdd/app-data/nginx/tls.key
fi
# repleace certs for tor
if [ "${options}" == "tor" ] || [ "${options}" == "ip&tor" ]; then
echo "# replacing TOR certs"
sudo rm /mnt/hdd/app-data/nginx/tor_tls.cert
sudo rm /mnt/hdd/app-data/nginx/tor_tls.key
sudo ln -s /mnt/hdd/app-data/letsencrypt/certs/${FQDN}_ecc/fullchain.cer /mnt/hdd/app-data/nginx/tor_tls.cert
sudo ln -s /mnt/hdd/app-data/letsencrypt/certs/${FQDN}_ecc/${FQDN}.key /mnt/hdd/app-data/nginx/tor_tls.key
fi
# todo maybe allow certs for single servies later
if [ "${options}" != "tor" ] && [ "${options}" != "ip" ] && [ "${options}" != "ip&tor" ]; then
echo "error='option not supported yet'"
exit 1
fi
# test nginx config
syntaxOK=$(sudo nginx -t 2>&1 | grep -c "syntax is ok")
testOK=$(sudo nginx -t 2>&1 | grep -c "test is successful")
if [ ${syntaxOK} -eq 0 ] || [ ${testOK} -eq 0 ]; then
echo "# to check details on nginx config use: sudo nginx -t"
echo "error='nginx config failed'"
exit 1
fi
# restart nginx
echo "# restarting nginx"
sudo systemctl restart nginx 2>&1
################### ###################
# OFF # OFF
################### ###################