commit f3a6e0c9c88f788dd1b97eb719b8be0421be4577 Author: hoellen Date: Thu Feb 15 23:06:10 2018 +0100 initial commit diff --git a/README.md b/README.md new file mode 100644 index 0000000..f9a68e9 --- /dev/null +++ b/README.md @@ -0,0 +1 @@ +# acme-tiny renewal script diff --git a/renew_cert.sh b/renew_cert.sh new file mode 100755 index 0000000..1397d73 --- /dev/null +++ b/renew_cert.sh @@ -0,0 +1,138 @@ +#!/bin/bash + +path="$( cd "$(dirname "$0")" ; pwd -P )" + +############# +# variables +acme_dir=/var/www/.well-known/acme-challenge/ +opt_folder=$path/opt +le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem +account_key=$opt_folder/account.key +acme_tiny=$opt_folder/acme_tiny.py +openssl_conf=$opt_folder/openssl.conf + + +############# +# script + + +# check if needed files are provided +if [ $# -eq 0 ]; then + echo "No arguments provided." + echo "Usage: $0 [folder]" + exit 1 +fi + +if [ ! -d $acme_dir ]; then + echo "acme directory ($acme_dir) doesn't exists!" + exit 1 +fi + +if [ ! -f $account_key ]; then + echo "Account Key doesn't exists!" + exit 1 +fi + +if [ ! -f $acme_tiny ]; then + echo "Python script acme_tiny.py is missing" + exit 1 +fi + +if [ ! -f $le_cert ]; then + echo "LetsEncrypt cert doesn't exists!" + echo "Downloading root cert..." + wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert +fi + +# check if python is installed +command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed. Aborting."; exit 1; } + +counter=0 + +for arg in "$@" +do + arg=$path/$arg + + if [ ! -d $arg ]; then + echo "Folder $arg doesn't exists!" + continue + fi + + if [ ! -f $arg/domain.conf ]; then + echo "Configuration file doen't exists!" + continue + fi + + # load configuration variables + source $arg/domain.conf + + + # check domain.conf variables + if [ -z "$NAME" ]; then + echo "No name given for domain \"$arg\"". + continue + fi + + if [ ${#DOMAINS[@]} -eq 0 ]; then + echo "No domains given for \"$name\"." + continue + fi + + + # domain key + key=$arg/$NAME.key + + if [ ! -f $key ]; then + echo "Domain key doesn't exists." + echo "Generating..." + openssl genrsa 4096 > $key + fi + + # domain csr + csr=$arg/$NAME.csr + + if [ ! -f $csr ]; then + echo "Domain csr file doesn't exists." + echo "Generating..." + if [ ${#DOMAINS[@]} -eq 1 ]; then + # single domain + openssl req -new -sha256 -key $key -subj "/CN=$DOMAINS" > $csr + else + # multi domain + # expand domain array with ",DNS:" + if [ ! -f $opensll_conf ]; then + echo "Error: openssl.conf file is missing." + exit 1 + fi + read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; ) + san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS" + echo "san_string: $san_string" + openssl req -new -sha256 -key $key -subj "/" -reqexts SAN -config <(cat $openssl_conf <(printf "$san_string")) > $csr + fi + fi + + if [ $? != 0 ]; then + echo "Creating csr/key files FAILED for \"$NAME\"!" + continue + fi + + # get certificate + python $path/$acme_tiny --account-key $account_key --csr $csr --acme-dir $acme_dir > $path/$arg/tmp.crt + + if [ $? != 0 ]; then + rm -rf $arg/tmp.crt + echo "Getting certificate for \"$NAME\" FAILED!" + continue + fi + + mv -f $arg/tmp.crt $path/$arg/$NAME.crt + + # append letsencrypt cert + cat $arg/$NAME.crt $le_cert > $arg/$NAME.pem + + echo "Certificate for \"$name\" successfully created!" + counter=$((counter+1)) + +done + +echo "$counter new certificates created!"