From c7eb44ae5ff427ec9bf91665ba7e98179eb0c4ac Mon Sep 17 00:00:00 2001 From: bryan Date: Sat, 1 Aug 2020 20:44:22 -0400 Subject: [PATCH] Combine scripts --- README.md | 43 ++++----- acme-cpanel-dns.sh | 87 ------------------ acme-cpanel-webroot.sh | 201 ----------------------------------------- 3 files changed, 18 insertions(+), 313 deletions(-) delete mode 100755 acme-cpanel-dns.sh delete mode 100755 acme-cpanel-webroot.sh diff --git a/README.md b/README.md index 23873d0..687ec33 100755 --- a/README.md +++ b/README.md @@ -1,16 +1,12 @@ # WIP -This project contains two files: +`acme-cpanel.sh` reads in a list of domains from one or more files. These files may only contain domains and empty lines (see `domains.txt` for example format). -`acme-cpanel-webroot.sh` (for webroot challenges) - -`acme-cpanel-dns.sh` (for dns challenges, legacy script) - -Both of these scripts read in a list of domains from one or more files. These files may only contain domains and empty lines (see `domains.txt`). +"*www.*" subdomains will be added automatically (do not add them to the domains file list). ## Notes -`acme-cpanel-webroot.sh` may require the following additions to .htaccess so that challenges are not automatically redirected to https: +The `--method webroot` may require the following additions to .htaccess so that challenges are not automatically redirected to https: ```text RewriteCond %{REQUEST_FILENAME} !-f @@ -23,32 +19,33 @@ Command-line (Linux): * Move script to user home directory on the server: `scp ./* username@ip:port:~` * Login to server: `ssh user@ip -p port` -* Make script executable: `chmod +x $HOME/acme-cpanel-webroot.s` -* Run script (ex. `$HOME/acme-cpanel-webroot.sh -s multisites`) +* Make script executable: `chmod +x $HOME/acme-cpanel.sh` +* Run script (ex. `$HOME/acme-cpanel.sh -s multisites`) * Follow prompts to enter credentials, issue certificates, and deploy them * Double-check that the acme cron job is enabled: `crontab -l` cPanel: * Use File Manager to upload files to the home directory (/home/username/) -* You may need to make file executable in Terminal: `chmod +x $HOME/acme-cpanel-webroot.sh` -* Use Terminal to run the script (ex. `$HOME/acme-cpanel-webroot.sh -s multisites`) +* You may need to make file executable in Terminal: `chmod +x $HOME/acme-cpanel.sh` +* Use Terminal to run the script (ex. `$HOME/acme-cpanel.sh -s multisites`) * Follow prompts to enter credentials, issue certificates, and deploy them * Use Cron Jobs app to double-check that the acme cron job is present ## Usage -### `./acme-cpanel-webroot.sh [OPTIONS] [FILES...]` +### `./acme-cpanel.sh [OPTIONS] [FILES...]` #### Options ```text +--method, -m webroot,dns + Choose the authentication method (default: dns) --email, -e EMAIL E-mail not be notified of certificate renewal failures ---keep-grouping, -k - Issue multidomain certificates based on grouping by input file +--group-by-file, -g + Issue multidomain certificates for all domains with the same webroot, grouped by input file The first domain in each file will be used to determine the shared webroot - Default: issue certificates by independent domain --sites-dir, -s DIR Load domain list files from this directory --force, -f @@ -59,18 +56,14 @@ cPanel: #### Examples -`./acme-cpanel-webroot.sh --force` +`./acme-cpanel.sh --force` -Load sites from domains.txt, issue and deploy certificates +Load sites from domains.txt, issue and deploy certificates using the webroot method -`./acme-cpanel-webroot.sh --force -s multisites` +`./acme-cpanel.sh --method dns --force -s multisites` -Load sites from multisites directory, issue and deploy certificates +Load sites from multisites directory, issue and deploy certificates using the dns method -`./acme-cpanel-webroot.sh --force -k multisites/flatwhitedesign.pw multisites/greengingerdesign.pw` +`./acme-cpanel.sh --force -g multisites/flatwhitedesign.pw multisites/greengingerdesign.pw` -Load sites from multisites directory, issue and deploy multidomain certificates based on the grouping in the file. - -### `./acme_cpanel_dns.sh` - -This is a legacy script that takes no arguments. By default it will read all domain lists in a top-level "multisites" directory. \ No newline at end of file +Load sites from multisites directory, issue and deploy multidomain certificates with same webroot based on the grouping in the file using the webroot method diff --git a/acme-cpanel-dns.sh b/acme-cpanel-dns.sh deleted file mode 100755 index d62d9e4..0000000 --- a/acme-cpanel-dns.sh +++ /dev/null @@ -1,87 +0,0 @@ -#!/usr/bin/env bash -# This program will install and configure acme, request SSL certificates from Let's Encrypt, and enable them using the cPanel API - -# Comment the following line to skip issuing a test certificate -test="true" - -unset err - -get_acme() { - curl https://get.acme.sh | sh - curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh - "$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade -} - - -run_config() { - if [[ -f "$HOME/.acme.sh/account.conf" ]]; then - if grep -q "CPANELDNS_AUTH_PASSWORD" "$HOME/.acme.sh/account.conf"; then - echo "cPanel credentials already present, skipping configuration..." - echo "To rerun the configuration, first run 'rm \$HOME/.acme.sh/account.conf'" - return 0 - else - # Set contact e-mail for ACME failure - read -rp 'Enter the e-mail address to contact in case of acme failure: ' EMAIL - echo - "$HOME/.acme.sh/acme.sh" --update-account --accountemail "$EMAIL" - # Read in Namecheap API variables from user for acme - read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID - echo - export CPANELDNS_AUTH_ID - read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD - echo - export CPANELDNS_AUTH_PASSWORD - read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API - echo - export CPANELDNS_API - fi - else - touch "$HOME/.acme.sh/account.conf" - run_config - fi -} - - -# Issue certificates -issue_cert() { - local multisite_file - for multisite_file in ./multisites/*; do - echo "Attempting to issue certificates for ${multisite_file##*/} and its multisites..." - unset sites issue_cmd deploy_cmd - declare -al sites issue_cmd deploy_cmd - readarray -t sites < "${multisite_file}" - issue_cmd=("$HOME/.acme.sh/acme.sh" "--issue" "--dns" "dns_cpaneldns") - deploy_cmd=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi") - for site in "${sites[@]}"; do - [[ "$site" != "" ]] && issue_cmd+=("-d" "$site") - done - # if test enabled, issue test certificate first - if [[ "${test:-x}" == "true" ]]; then - "${issue_cmd[@]}" --staging - read -rp -n 1 "Was the certificate correctly issued without errors? [y/N]: " - echo - [[ ! "$REPLY" =~ ^[Yy]$ ]] && err=1 && return 1 - fi - echo "Running:" "${issue_cmd[@]}" - if "${issue_cmd[@]}" --force; then - echo "Running:" "${deploy_cmd[@]}" - ! "${deploy_cmd[@]}" && \ - echo "Could not deploy" && \ - err=1 - else - echo "Could not issue" - err=1 - fi - done -} - - -main() { - get_acme - run_config - issue_cert -} - -main "$@" - -exit "${err:-0}" diff --git a/acme-cpanel-webroot.sh b/acme-cpanel-webroot.sh deleted file mode 100755 index 9eb4cf9..0000000 --- a/acme-cpanel-webroot.sh +++ /dev/null @@ -1,201 +0,0 @@ -#!/usr/bin/env bash -# This script uses acme.sh to issue and deploy SSL certificates from Let's Encrypt for a list of domains using the webroot method -# See README for more details -# -# Copyright 2020 Bryan Roessler -# -# USAGE -# ./acme-cpanel-webroot.sh [OPTIONS] [FILES...] -# -# EXAMPLES -# TESTING: ./acme-cpanel-webroot.sh --debug -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website -# PRODUCTION: ./acme-cpanel-webroot.sh --force -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website -# -# TESTING: ./acme-cpanel-webroot.sh --debug -s multisites -# PRODUCTION: ./acme-cpanel-webroot.sh --force -s multisites -# -# FILES is a list of files containing first-level DOMAIN names (see domains.txt) on newlines -# Certificates will automatically be issued and deployed for DOMAIN and www.DOMAIN using the webroot method -# -# NOTE: The webroot method does NOT support wildcard domains, Let's Encrypt requires wildcard domains to -# use DNS challenges, which the CPANEL uapi does not support (use dns_cpaneldns plugin instead) - -unset SITES_DIR USEREMAIL DOMAIN_FILES DOMAIN_GROUPS DEPLOY_CMD_PREFIX ISSUE_CMD_PREFIX DEBUG GROUP - -DEBUG="true" # quote this line to stop DEBUG mode and issue certificates for real, or use --force in user options - -parse_input() { - - local input - declare -g USEREMAIL - declare -ag DOMAIN_FILES - - if input=$(getopt -o +e:fks:d -l email:,force,keep-grouping,sites-dir:,debug -- "$@"); then - eval set -- "$input" - while true; do - case "$1" in - --email|-e) - shift - USEREMAIL="$1" - ;; - --force|-f) - unset DEBUG - ;; - --keep-grouping|-k) - GROUP="true" - ;; - --sites-dir|-s) - shift - SITES_DIR="$1" - ;; - --debug|-d) - DEBUG="true" - ;; - --) - shift - break - ;; - esac - shift - done - else - echo "Incorrect options provided" - exit 1 - fi - - # Load domain files from remaining arguments - if [[ $# -lt 1 ]]; then - [[ -v SITES_DIR && -d "$SITES_DIR" ]] && return 0 - if [[ -f "domains.txt" ]]; then - echo "You have not supplied any domain files, using domains.txt by default" - DOMAIN_FILES=("domains.txt") - else - echo "You must specify a domain list or use domains.txt by default" - exit 1 - fi - else - DOMAIN_FILES=("$@") - fi -} - - -get_acme() { - curl https://get.acme.sh | sh - source "$HOME/.bashrc" - "$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade -} - - -update_email() { [[ -v USEREMAIL ]] && "$HOME/.acme.sh/acme.sh" --update-account --accountemail "${USEREMAIL}"; } - - -command_prefixes() { - declare -ag ISSUE_CMD_PREFIX DEPLOY_CMD_PREFIX - ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue" "--force") - [[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue" "--staging") - DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi") - [[ -v DEBUG ]] && DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi") -} - - -# Either create a single array of all domains (DOMAINS) to issue one-by-one or create an array of array names to issue for a single webroot -load_domains() { - local domain_file - declare -ag DOMAIN_GROUPS=() - - if [[ -v SITES_DIR ]]; then - for domain_file in "$SITES_DIR"/*; do - DOMAIN_GROUPS+=("$(<"$domain_file")") - done - fi - - for domain_file in "${DOMAIN_FILES[@]}"; do - # Load list of domains as space-delimited strings in elements of the DOMAINS array - # We can keep these separate or combine them later - DOMAIN_GROUPS+=("$(<"$domain_file")") - done -} - - -get_webroot() { - local webroot - if ! webroot=$(uapi DomainInfo single_domain_data domain="$1" | grep documentroot); then - echo "UAPI call failed" >&2 - fi - if [[ ! -v webroot || "$webroot" == "" ]]; then - if [[ -v DEBUG ]]; then - webroot="/tmp" # set missing webroot in DEBUG mode for testing - else - echo "Could not find $1's webroot" >&2 - exit 1 - fi - fi - echo "$webroot" -} - - -issue_and_deploy_certs() { - - local domain_root domain domain_group - local -a issue_cmd=() - local -a deploy_cmd=() - - if [[ -v GROUP ]]; then - for domain_group in "${DOMAIN_GROUPS[@]}"; do - unset i - for domain in $domain_group; do # we want to split on whitespace - [[ "$domain" == "" ]] && continue - # Get the webroot from the first domain - if [[ ! -v i ]]; then - local i="set" - domain_root=$(get_webroot "$domain") - issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-w" "$domain_root") - fi - issue_cmd+=("-d" "$domain" "-d" "www.$domain") - done - - # Issue certificate for entire domain group - echo "Running:" "${issue_cmd[@]}" - "${issue_cmd[@]}" - # Deploy certificates one by one - for domain in $domain_group; do - deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain") - echo "Running:" "${deploy_cmd[@]}" - "${deploy_cmd[@]}" - done - done - else - for domain_group in "${DOMAIN_GROUPS[@]}"; do - # Issue and deploy certificates one by one - for domain in $domain_group; do # we want to split on whitespace - domain_root=$(get_webroot "$domain") - issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain" "-d" "www.$domain") - deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains - echo "Running:" "${issue_cmd[@]}" - if ! "${issue_cmd[@]}"; then - echo "Certificate issue failed for $domain" - exit_err=1 - fi - echo "Running:" "${deploy_cmd[@]}" - if ! "${deploy_cmd[@]}"; then - echo "Certificate deployment failed for $domain" - exit_err=1 - fi - done - done - fi -} - - -main() { - parse_input "$@" - get_acme - update_email - command_prefixes - load_domains - issue_and_deploy_certs -} - - -main "$@" -exit "${exit_err:-0}" \ No newline at end of file