initial commit

2018-02-15 23:06:10 +01:00 · 2018-02-15 23:06:10 +01:00 · f3a6e0c9c8
commit f3a6e0c9c8
2 changed files with 139 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1 @@
+# acme-tiny renewal script
--- a/renew_cert.sh
+++ b/renew_cert.sh
@ -0,0 +1,138 @@
+#!/bin/bash
+
+path="$( cd "$(dirname "$0")" ; pwd -P )"
+
+#############
+# variables
+acme_dir=/var/www/.well-known/acme-challenge/
+opt_folder=$path/opt
+le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem
+account_key=$opt_folder/account.key
+acme_tiny=$opt_folder/acme_tiny.py
+openssl_conf=$opt_folder/openssl.conf
+
+
+#############
+# script
+
+
+# check if needed files are provided
+if [ $# -eq 0 ]; then
+  echo "No arguments provided."
+  echo "Usage: $0 [folder]"
+  exit 1
+fi
+
+if [ ! -d $acme_dir ]; then
+  echo "acme directory ($acme_dir) doesn't exists!"
+  exit 1
+fi
+
+if [ ! -f $account_key ]; then
+  echo "Account Key doesn't exists!" 
+  exit 1
+fi
+
+if [ ! -f $acme_tiny ]; then
+  echo "Python script acme_tiny.py is missing"
+  exit 1
+fi
+
+if [ ! -f $le_cert ]; then
+  echo "LetsEncrypt cert doesn't exists!" 
+  echo "Downloading root cert..."
+  wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert
+fi
+
+# check if python is installed
+command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed.  Aborting."; exit 1; }
+
+counter=0
+
+for arg in "$@"
+do
+  arg=$path/$arg
+
+  if [ ! -d $arg ]; then
+    echo "Folder $arg doesn't exists!"
+    continue
+  fi
+
+  if [ ! -f $arg/domain.conf ]; then
+    echo "Configuration file doen't exists!"
+    continue
+  fi
+
+  # load configuration variables
+  source $arg/domain.conf
+
+
+  # check domain.conf variables
+  if [ -z "$NAME" ]; then
+    echo "No name given for domain \"$arg\"".
+    continue
+  fi
+
+  if [ ${#DOMAINS[@]} -eq 0 ]; then
+    echo "No domains given for \"$name\"."
+    continue
+  fi
+
+
+  # domain key 
+  key=$arg/$NAME.key
+
+  if [ ! -f $key ]; then
+    echo "Domain key doesn't exists."
+    echo "Generating..."
+    openssl genrsa 4096 > $key
+  fi 
+
+  # domain csr
+  csr=$arg/$NAME.csr
+
+  if [ ! -f $csr ]; then
+    echo "Domain csr file doesn't exists."
+    echo "Generating..."
+    if [ ${#DOMAINS[@]} -eq 1 ]; then
+      # single domain
+      openssl req -new -sha256 -key $key -subj "/CN=$DOMAINS" > $csr
+    else
+      # multi domain
+      # expand domain array with ",DNS:"
+      if [ ! -f $opensll_conf ]; then
+        echo "Error: openssl.conf file is missing."
+	exit 1
+      fi
+      read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
+      san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
+      echo "san_string: $san_string"
+      openssl req -new -sha256 -key $key -subj "/" -reqexts SAN -config <(cat $openssl_conf <(printf "$san_string")) > $csr
+    fi
+  fi
+
+  if [ $? != 0 ]; then
+    echo "Creating csr/key files FAILED for \"$NAME\"!"
+    continue
+  fi
+
+  # get certificate
+  python $path/$acme_tiny --account-key $account_key --csr $csr --acme-dir $acme_dir > $path/$arg/tmp.crt
+
+  if [ $? != 0 ]; then
+    rm -rf $arg/tmp.crt
+    echo "Getting certificate for \"$NAME\" FAILED!"
+    continue
+  fi
+
+  mv -f $arg/tmp.crt $path/$arg/$NAME.crt
+
+  # append letsencrypt cert
+  cat $arg/$NAME.crt $le_cert > $arg/$NAME.pem
+
+  echo "Certificate for \"$name\" successfully created!"
+  counter=$((counter+1))
+
+done
+
+echo "$counter new certificates created!"