-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsslhelper.sh
101 lines (85 loc) · 2.71 KB
/
sslhelper.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
#!/bin/bash -e
echo
echo "=== azadrah.org ==="
echo "=== https://github.com/azadrahorg ==="
echo "=== SSL Certificate Helper ==="
echo
sleep 3
function exit_badly {
echo "$1"
exit 1
}
error() {
echo -e " \n $red Something Bad Happen $none \n "
}
DISTRO="$(awk -F= '/^NAME/{print tolower($2)}' /etc/os-release|awk 'gsub(/[" ]/,x) + 1')"
DISTROVER="$(awk -F= '/^VERSION_ID/{print tolower($2)}' /etc/os-release|awk 'gsub(/[" ]/,x) + 1')"
valid_os()
{
case "$DISTRO" in
"debiangnu/linux"|"ubuntu"|"centosstream")
return 0;;
*)
echo "OS $DISTRO is not supported"
return 1;;
esac
}
if ! valid_os "$DISTRO"; then
echo "Bye."
exit 1
else
[[ $(id -u) -eq 0 ]] || exit_badly "Please re-run as root (e.g. sudo ./path/to/this/script)"
fi
echo
echo "=== Update System ==="
echo
sleep 1
if [[ $DISTRO == "ubuntu" ]] || [[ $DISTRO == "debiangnu/linux" ]]; then
apt-get -o Acquire::ForceIPv4=true update
apt-get -o Acquire::ForceIPv4=true install -y software-properties-common
add-apt-repository --yes universe
add-apt-repository --yes restricted
add-apt-repository --yes multiverse
apt-get -o Acquire::ForceIPv4=true upgrade
apt-get -o Acquire::ForceIPv4=true install -y moreutils dnsutils tmux screen nano wget curl socat
else
dnf -y upgrade --refresh
dnf -y install epel-release
dnf -y install bind-utils tmux screen nano wget curl socat
fi
echo
echo "=== Install acme.sh ==="
echo
sleep 1
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --upgrade
source ~/.bashrc
source ~/.bashrc
echo
echo "=== Get Certificate ==="
echo
sleep 1
ETH0ORSIMILAR=$(ip route get 1.1.1.1 | grep -oP ' dev \K\S+')
IP=$(dig -4 +short myip.opendns.com @resolver1.opendns.com)
echo "Network interface: ${ETH0ORSIMILAR}"
echo "External IP: ${IP}"
echo
echo "** Note: this hostname must already resolve to this machine, to enable Let's Encrypt certificate setup **"
read -r -p "Hostname for Certificate: " SSLHOST
read -r -p "Email for Certificate: " SSLEMAIL
SSLHOSTIP=$(dig -4 +short "${SSLHOST}")
[[ -n "$SSLHOSTIP" ]] || exit_badly "Cannot resolve SSL hostname: aborting"
if [[ "${IP}" != "${SSLHOSTIP}" ]]; then
echo "Warning: ${SSLHOST} resolves to ${SSLHOSTIP}, not ${IP}"
echo "Either you're behind NAT, or something is wrong (e.g. hostname points to wrong IP, CloudFlare proxying shenanigans, ...)"
read -r -p "Press [Return] to continue anyway, or Ctrl-C to abort"
fi
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --register-account -m ${SSLEMAIL}
~/.acme.sh/acme.sh --issue -d ${SSLHOST} --standalone
~/.acme.sh/acme.sh --installcert -d ${SSLHOST} --key-file /root/private.key --fullchain-file /root/cert.crt
echo "Certificate Installed at /root/*"
echo
echo "=== Finished ==="
echo
sleep 1