diff --git a/renew_cert.sh b/renew_cert.sh index 4dc957d..361225e 100755 --- a/renew_cert.sh +++ b/renew_cert.sh @@ -4,7 +4,7 @@ path="$( cd "$(dirname "$0")" ; pwd -P )" ############# # variables -acme_dir=/var/www/.well-known/acme-challenge/ +acme_dir=/srv/certs/acme-challenge/.well-known/acme-challenge opt_folder=$path/opt le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem account_key=$opt_folder/account.key @@ -15,6 +15,7 @@ openssl_conf=$opt_folder/openssl.conf ############# # script + # check if needed files are provided if [ $# -eq 0 ]; then echo "No arguments provided." @@ -22,27 +23,30 @@ if [ $# -eq 0 ]; then exit 1 fi -if [ ! -d $acme_dir ]; then +if [ ! -d "$acme_dir" ]; then echo "acme directory ($acme_dir) doesn't exists!" exit 1 fi -if [ ! -f $account_key ]; then +if [ ! -f "$account_key" ]; then echo "Account Key doesn't exists!" exit 1 fi -if [ ! -f $acme_tiny ]; then +if [ ! -f "$acme_tiny" ]; then echo "Python script acme_tiny.py is missing" exit 1 fi -if [ ! -f $le_cert ]; then +if [ ! -f "$le_cert" ]; then echo "LetsEncrypt cert doesn't exists!" echo "Downloading root cert..." wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert fi +acme_dir=${acme_dir%/} +opt_folder=${opt_folder%/} + # check if python is installed command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed. Aborting."; exit 1; } @@ -50,20 +54,20 @@ counter=0 for arg in "$@" do - arg=$path/$arg + arg="$path/${arg%/}" - if [ ! -d $arg ]; then + if [ ! -d "$arg" ]; then echo "Folder $arg doesn't exists!" continue fi - if [ ! -f $arg/domain.conf ]; then + if [ ! -f "$arg/domain.conf" ]; then echo "Configuration file doen't exists!" continue fi # load configuration variables - source $arg/domain.conf + source "$arg/domain.conf" # check domain.conf variables @@ -79,34 +83,27 @@ do # domain key - key=$arg/$NAME.key + key="$arg/$NAME.key" - if [ ! -f $key ]; then - echo "Domain key doesn't exists." - echo "Generating..." - openssl genrsa 4096 > $key + if [ ! -f "$key" ]; then + echo "Domain key doesn't exists. Generating..." + openssl genrsa 4096 > "$key" fi # domain csr - csr=$arg/$NAME.csr + csr="$arg/$NAME.csr" - if [ ! -f $csr ]; then - echo "Domain csr file doesn't exists." - echo "Generating..." + if [ ! -f "$csr" ]; then + echo "Domain csr file doesn't exists. Generating..." if [ ${#DOMAINS[@]} -eq 1 ]; then # single domain - openssl req -new -sha256 -key $key -subj "/CN=$DOMAINS" > $csr + openssl req -new -sha256 -key "$key" -subj "/CN=$DOMAINS" > "$csr" else # multi domain # expand domain array with ",DNS:" - if [ ! -f $opensll_conf ]; then - echo "Error: openssl.conf file is missing." - exit 1 - fi read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; ) san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS" - echo "san_string: $san_string" - openssl req -new -sha256 -key $key -subj "/" -reqexts SAN -config <(cat $openssl_conf <(printf "$san_string")) > $csr + openssl req -new -sha256 -key "$key" -subj "/" -reqexts SAN -config <(cat "$openssl_conf" <(printf "$san_string")) > "$csr" fi fi @@ -116,7 +113,7 @@ do fi # get certificate - python $path/$acme_tiny --account-key $account_key --csr $csr --acme-dir $acme_dir > $path/$arg/tmp.crt + python "$path/$acme_tiny" --account-key "$account_key" --csr "$csr" --acme-dir "$acme_dir" > "$arg/tmp.crt" if [ $? != 0 ]; then rm -rf $arg/tmp.crt @@ -124,10 +121,10 @@ do continue fi - mv -f $arg/tmp.crt $path/$arg/$NAME.crt + mv -f "$arg/tmp.crt" "$path/$arg/$NAME.crt" # append letsencrypt cert - cat $arg/$NAME.crt $le_cert > $arg/$NAME.pem + cat "$arg/$NAME.crt" "$le_cert" > "$arg/$NAME.pem" echo "Certificate for \"$name\" successfully created!" counter=$((counter+1))