-
Notifications
You must be signed in to change notification settings - Fork 0
/
install_cert.sh
executable file
·39 lines (35 loc) · 1.45 KB
/
install_cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
function create_cert {
chown -R root:101 /etc/nginx/certs/ && chmod -R 770 /etc/nginx/certs/
local -a params_issue_arr
local -a params_install_arr
params_issue_arr+=(-w /usr/share/nginx/html/ -d "$VIRTUAL_HOST")
params_install_arr+=(-d $VIRTUAL_HOST \
--key-file /etc/nginx/certs/ssl_certificate.key \
--fullchain-file /etc/nginx/certs/ssl_certificate.crt \
--ca-file /etc/nginx/certs/chain.pem)
[[ "${1:-}" == "--force-renew" ]] && params_issue_arr+=(--force)
if [[ ! -z $STAGING ]]
then
params_issue_arr+=(--staging)
params_install_arr+=(--staging)
else
params_issue_arr+=(--server letsencrypt)
fi
cd /etc/nginx/certs/
if [[ "${1:-}" == "--force-renew" ]]
then
acme.sh --issue "${params_issue_arr[@]}" && \
acme.sh --install-cert "${params_install_arr[@]}"
fi
if [[ ! -f /etc/nginx/certs/ssl_certificate.key || ! -f /etc/nginx/certs/ssl_certificate.crt ]]
then
rm /etc/nginx/conf.d/ssl.conf # nginx will not start otherwise, as ssl.conf mentions these two files. Maybe we use replace with a different ssl-dev.conf instead.
acme.sh --register-account -m $ACME_EMAIL
acme.sh --issue "${params_issue_arr[@]}" && \
acme.sh --install-cert "${params_install_arr[@]}"
if [[ $? -eq 0 ]]
then
cat /fwacme/ssl.conf > "/etc/nginx/conf.d/ssl.conf"
fi
fi
}