-
Notifications
You must be signed in to change notification settings - Fork 5
/
letsencrypt-install
124 lines (100 loc) · 3.14 KB
/
letsencrypt-install
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/usr/bin/env bash
##
## letsencrypt-install
##
## This script installs the latest certificate into the live directory.
##
## Source: https://flippingbinary.com
##
## Copyright 2017 Jonathan Musselwhite
##
## Permission is hereby granted, free of charge, to any person obtaining a copy
## of this software and associated documentation files (the "Software"), to
## deal in the Software without restriction, including without limitation the
## rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
## sell copies of the Software, and to permit persons to whom the Software is
## furnished to do so, subject to the following conditions:
##
## The above copyright notice and this permission notice shall be included in
## all copies or substantial portions of the Software.
##
## THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
## IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
## FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
## AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
## LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
## OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
## THE SOFTWARE.
##
###
###### CHECK SETTINGS ######
MAIN_DIR=/etc/ssl/letsencrypt
###### CHECK SETTINGS ######
[ -f /etc/default/letsencrypt-tlsa ] && . /etc/default/letsencrypt-tlsa
if [ "$#" -lt 1 ]
then
echo "Usage: $0 domain" >&2
echo " domain MUST be the first listed domain" >&2
echo " additional arguments (such as alternate domains) are ignored" >&2
exit 1
fi
COMMON_NAME="$1"
ARCHIVE_DIR=${MAIN_DIR}/archive/${COMMON_NAME}
LIVE_DIR=${MAIN_DIR}/live/${COMMON_NAME}
PRIVKEY_DIR=${MAIN_DIR}/keys/${COMMON_NAME}
# Make sure the directory exists to prevent simple problems
mkdir -p ${LIVE_DIR}
# Install cert file
unset -v latest
for file in "${ARCHIVE_DIR}"/cert-*.pem; do
[[ $file -nt $latest ]] && latest=$file
done
if [ ! -f "${latest}" ]
then
echo "Error: cert file does not exist!"
exit 1
fi
ln -sf ${latest} ${LIVE_DIR}/cert.pem
# Install fullchain file
unset -v latest
for file in "${ARCHIVE_DIR}"/fullchain-*.pem; do
[[ $file -nt $latest ]] && latest=$file
done
if [ ! -f "${latest}" ]
then
echo "Error: fullchain file does not exist!"
exit 1
fi
ln -sf ${latest} ${LIVE_DIR}/fullchain.pem
# Install chain file
unset -v latest
for file in "${ARCHIVE_DIR}"/chain-*.pem; do
[[ $file -nt $latest ]] && latest=$file
done
if [ ! -f "${latest}" ]
then
echo "Error: chain file does not exist!"
exit 1
fi
ln -sf ${latest} ${LIVE_DIR}/chain.pem
# Install private key
unset -v latest
for file in "${PRIVKEY_DIR}"/privkey-*.pem; do
[[ $file -nt $latest ]] && latest=$file
done
if [ ! -f "${latest}" ]
then
echo "Error: privkey does not exist!"
exit 1
fi
ln -sf ${latest} ${LIVE_DIR}/privkey.pem
# Reload the services which use certificates
if [ "$RELOAD_APACHE" = true ] ; then
/usr/sbin/service apache2 reload
fi
if [ "$RELOAD_NGINX" = true ] ; then
/usr/sbin/service nginx reload
fi
if [ "$RELOAD_DOVECOT" = true ] ; then
/usr/sbin/service/dovecot reload
fi