nginx-certbot/scripts/run_certbot.sh

60 lines
1.6 KiB
Bash
Raw Normal View History

2016-09-21 23:35:19 +00:00
echo "Running certbot for domains $DOMAINS"
get_certificate() {
# Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list)
# The certificate will be named after the first domain in the list
# To work, the following variables must be set:
# - CERT_DOMAINS : comma separated list of domains
# - EMAIL
# - CONCAT
# - args
local d=${CERT_DOMAINS//,*/} # read first domain
echo "Getting certificate for $CERT_DOMAINS"
certbot certonly --agree-tos --renew-by-default -n \
--text --server https://acme-v01.api.letsencrypt.org/directory \
--email $EMAIL -d $CERT_DOMAINS $args
ec=$?
echo "certbot exit code $ec"
if [ $ec -eq 0 ]
then
if $CONCAT
then
# concat the full chain with the private key (e.g. for haproxy)
cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
else
# keep full chain and private key in separate files (e.g. for nginx and apache)
cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem
cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key
fi
echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs"
else
echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details."
fi
}
2016-09-21 23:35:19 +00:00
args=""
if [ $WEBROOT ]
then
args=" --webroot -w $WEBROOT"
else
args=" --standalone --standalone-supported-challenges http-01"
2016-09-21 23:35:19 +00:00
fi
2016-09-22 00:55:28 +00:00
if $DEBUG
then
args=$args" --debug"
fi
if $SEPARATE
2016-09-21 23:35:19 +00:00
then
2016-09-22 00:55:28 +00:00
for d in $DOMAINS
do
CERT_DOMAINS=$d
get_certificate
2016-09-22 00:55:28 +00:00
done
2016-09-21 23:35:19 +00:00
else
CERT_DOMAINS=${DOMAINS// /,}
get_certificate
2016-09-21 23:35:19 +00:00
fi