-
Notifications
You must be signed in to change notification settings - Fork 40
/
certify.sh
72 lines (56 loc) · 1.8 KB
/
certify.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/usr/bin/env bash
Domain='example.com'
Email=""
Staging=0
if [ ! -z "$1" ]; then
Domain="$1"
if [ ! -z "$2" ]; then
Email="$2"
fi
if [ "$2" == 1 ]; then
Staging=1
fi
fi
certbot_run() {
docker-compose run --rm --entrypoint "/bin/sh -c" certbot "$1"
}
certbot_run "\
apk update && \
apk add curl && \
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/tls_configs/options-ssl-nginx.conf > /etc/letsencrypt/options-ssl-nginx.conf && \
curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/ssl-dhparams.pem > /etc/letsencrypt/ssl-dhparams.pem"
certbot_run "\
rm -rf /etc/letsencrypt/live/$Domain && \
rm -rf /etc/letsencrypt/archive/$Domain && \
rm -rf /etc/letsencrypt/renewal/$Domain.conf
mkdir -p /etc/letsencrypt/live/$Domain && \
mkdir -p /etc/letsencrypt/archive/$Domain && \
mkdir -p /etc/letsencrypt/renewal/$Domain.conf"
certbot_run "\
openssl req -x509 -nodes -newkey rsa:1024 -days 365 \
-keyout '/etc/letsencrypt/live/$Domain/privkey.pem' \
-out '/etc/letsencrypt/live/$Domain/fullchain.pem' \
-subj '/CN=$Domain'"
if [ ! -z "$Email" ]; then
docker-compose up --force-recreate -d nginx
certbot_run "\
rm -rf /etc/letsencrypt/live/$Domain &&
rm -rf /etc/letsencrypt/archive/$Domain && \
rm -rf /etc/letsencrypt/renewal/$Domain.conf"
domain_args="-d $Domain"
email_arg="--email $Email"
staging_arg=""
if [ "$Staging" == "1" ]; then
staging_arg='--staging'
fi
certbot_run "\
certbot certonly --webroot -w /var/www/certbot \
$staging_arg \
$email_arg \
$domain_args \
--rsa-key-size 4096 \
--agree-tos \
--force-renewal"
fi
docker-compose up -d --no-recreate
docker-compose exec nginx nginx -s reload