|
@@ -0,0 +1,80 @@
|
|
1
|
+#!/bin/bash
|
|
2
|
+
|
|
3
|
+if ! [ -x "$(command -v docker-compose)" ]; then
|
|
4
|
+ echo 'Error: docker-compose is not installed.' >&2
|
|
5
|
+ exit 1
|
|
6
|
+fi
|
|
7
|
+
|
|
8
|
+domains=(example.org www.example.org)
|
|
9
|
+rsa_key_size=4096
|
|
10
|
+data_path="./data/certbot"
|
|
11
|
+email="" # Adding a valid address is strongly recommended
|
|
12
|
+staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
|
|
13
|
+
|
|
14
|
+if [ -d "$data_path" ]; then
|
|
15
|
+ read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
|
|
16
|
+ if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
|
|
17
|
+ exit
|
|
18
|
+ fi
|
|
19
|
+fi
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
|
|
23
|
+ echo "### Downloading recommended TLS parameters ..."
|
|
24
|
+ mkdir -p "$data_path/conf"
|
|
25
|
+ curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
|
|
26
|
+ curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
|
|
27
|
+ echo
|
|
28
|
+fi
|
|
29
|
+
|
|
30
|
+echo "### Creating dummy certificate for $domains ..."
|
|
31
|
+path="/etc/letsencrypt/live/$domains"
|
|
32
|
+mkdir -p "$data_path/conf/live/$domains"
|
|
33
|
+docker-compose run --rm --entrypoint "\
|
|
34
|
+ openssl req -x509 -nodes -newkey rsa:1024 -days 1\
|
|
35
|
+ -keyout '$path/privkey.pem' \
|
|
36
|
+ -out '$path/fullchain.pem' \
|
|
37
|
+ -subj '/CN=localhost'" certbot
|
|
38
|
+echo
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+echo "### Starting nginx ..."
|
|
42
|
+docker-compose up --force-recreate -d nginx
|
|
43
|
+echo
|
|
44
|
+
|
|
45
|
+echo "### Deleting dummy certificate for $domains ..."
|
|
46
|
+docker-compose run --rm --entrypoint "\
|
|
47
|
+ rm -Rf /etc/letsencrypt/live/$domains && \
|
|
48
|
+ rm -Rf /etc/letsencrypt/archive/$domains && \
|
|
49
|
+ rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
|
|
50
|
+echo
|
|
51
|
+
|
|
52
|
+
|
|
53
|
+echo "### Requesting Let's Encrypt certificate for $domains ..."
|
|
54
|
+#Join $domains to -d args
|
|
55
|
+domain_args=""
|
|
56
|
+for domain in "${domains[@]}"; do
|
|
57
|
+ domain_args="$domain_args -d $domain"
|
|
58
|
+done
|
|
59
|
+
|
|
60
|
+# Select appropriate email arg
|
|
61
|
+case "$email" in
|
|
62
|
+ "") email_arg="--register-unsafely-without-email" ;;
|
|
63
|
+ *) email_arg="--email $email" ;;
|
|
64
|
+esac
|
|
65
|
+
|
|
66
|
+# Enable staging mode if needed
|
|
67
|
+if [ $staging != "0" ]; then staging_arg="--staging"; fi
|
|
68
|
+
|
|
69
|
+docker-compose run --rm --entrypoint "\
|
|
70
|
+ certbot certonly --webroot -w /var/www/certbot \
|
|
71
|
+ $staging_arg \
|
|
72
|
+ $email_arg \
|
|
73
|
+ $domain_args \
|
|
74
|
+ --rsa-key-size $rsa_key_size \
|
|
75
|
+ --agree-tos \
|
|
76
|
+ --force-renewal" certbot
|
|
77
|
+echo
|
|
78
|
+
|
|
79
|
+echo "### Reloading nginx ..."
|
|
80
|
+docker-compose exec nginx nginx -s reload
|