bryan/acme-namecheap
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: bryan:1f063f25014bb3eb4219b414fe1dd0d404807701
Branches Tags
bryan:master
...
compare: bryan:25985327612e67341e7ac740fd75d913b619aadf
Branches Tags
bryan:master

2 Commits
1f063f2501 ... 2598532761

Author SHA1 Message Date
bryan
2598532761 Add it for real 2020-08-01 20:44:52 -04:00
bryan
c7eb44ae5f Combine scripts 2020-08-01 20:44:22 -04:00
3 changed files with 63 additions and 146 deletions
Expand all files Collapse all files

43
README.md
View File

@@ -1,16 +1,12 @@
# WIP
This project contains two files:
`acme-cpanel.sh` reads in a list of domains from one or more files. These files may only contain domains and empty lines (see `domains.txt` for example format).
`acme-cpanel-webroot.sh` (for webroot challenges)
`acme-cpanel-dns.sh` (for dns challenges, legacy script)
Both of these scripts read in a list of domains from one or more files. These files may only contain domains and empty lines (see `domains.txt`).
"*www.*" subdomains will be added automatically (do not add them to the domains file list).
## Notes
`acme-cpanel-webroot.sh` may require the following additions to .htaccess so that challenges are not automatically redirected to https:
The `--method webroot` may require the following additions to .htaccess so that challenges are not automatically redirected to https:
```text
RewriteCond %{REQUEST_FILENAME} !-f
@@ -23,32 +19,33 @@ Command-line (Linux):
* Move script to user home directory on the server: `scp ./* username@ip:port:~`
* Login to server: `ssh user@ip -p port`
* Make script executable: `chmod +x $HOME/acme-cpanel-webroot.s`
* Run script (ex. `$HOME/acme-cpanel-webroot.sh -s multisites`)
* Make script executable: `chmod +x $HOME/acme-cpanel.sh`
* Run script (ex. `$HOME/acme-cpanel.sh -s multisites`)
* Follow prompts to enter credentials, issue certificates, and deploy them
* Double-check that the acme cron job is enabled: `crontab -l`
cPanel:
* Use File Manager to upload files to the home directory (/home/username/)
* You may need to make file executable in Terminal: `chmod +x $HOME/acme-cpanel-webroot.sh`
* Use Terminal to run the script (ex. `$HOME/acme-cpanel-webroot.sh -s multisites`)
* You may need to make file executable in Terminal: `chmod +x $HOME/acme-cpanel.sh`
* Use Terminal to run the script (ex. `$HOME/acme-cpanel.sh -s multisites`)
* Follow prompts to enter credentials, issue certificates, and deploy them
* Use Cron Jobs app to double-check that the acme cron job is present
## Usage
### `./acme-cpanel-webroot.sh [OPTIONS] [FILES...]`
### `./acme-cpanel.sh [OPTIONS] [FILES...]`
#### Options
```text
--method, -m webroot,dns
Choose the authentication method (default: dns)
--email, -e EMAIL
E-mail not be notified of certificate renewal failures
--keep-grouping, -k
Issue multidomain certificates based on grouping by input file
--group-by-file, -g
Issue multidomain certificates for all domains with the same webroot, grouped by input file
The first domain in each file will be used to determine the shared webroot
Default: issue certificates by independent domain
--sites-dir, -s DIR
Load domain list files from this directory
--force, -f
@@ -59,18 +56,14 @@ cPanel:
#### Examples
`./acme-cpanel-webroot.sh --force`
`./acme-cpanel.sh --force`
Load sites from domains.txt, issue and deploy certificates
Load sites from domains.txt, issue and deploy certificates using the webroot method
`./acme-cpanel-webroot.sh --force -s multisites`
`./acme-cpanel.sh --method dns --force -s multisites`
Load sites from multisites directory, issue and deploy certificates
Load sites from multisites directory, issue and deploy certificates using the dns method
`./acme-cpanel-webroot.sh --force -k multisites/flatwhitedesign.pw multisites/greengingerdesign.pw`
`./acme-cpanel.sh --force -g multisites/flatwhitedesign.pw multisites/greengingerdesign.pw`
Load sites from multisites directory, issue and deploy multidomain certificates based on the grouping in the file.
### `./acme_cpanel_dns.sh`
This is a legacy script that takes no arguments. By default it will read all domain lists in a top-level "multisites" directory.
Load sites from multisites directory, issue and deploy multidomain certificates with same webroot based on the grouping in the file using the webroot method

87
acme-cpanel-dns.sh
View File

@@ -1,87 +0,0 @@
#!/usr/bin/env bash
# This program will install and configure acme, request SSL certificates from Let's Encrypt, and enable them using the cPanel API
# Comment the following line to skip issuing a test certificate
test="true"
unset err
get_acme() {
curl https://get.acme.sh | sh
curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh
"$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade
}
run_config() {
if [[ -f "$HOME/.acme.sh/account.conf" ]]; then
if grep -q "CPANELDNS_AUTH_PASSWORD" "$HOME/.acme.sh/account.conf"; then
echo "cPanel credentials already present, skipping configuration..."
echo "To rerun the configuration, first run 'rm \$HOME/.acme.sh/account.conf'"
return 0
else
# Set contact e-mail for ACME failure
read -rp 'Enter the e-mail address to contact in case of acme failure: ' EMAIL
echo
"$HOME/.acme.sh/acme.sh" --update-account --accountemail "$EMAIL"
# Read in Namecheap API variables from user for acme
read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID
echo
export CPANELDNS_AUTH_ID
read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD
echo
export CPANELDNS_AUTH_PASSWORD
read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API
echo
export CPANELDNS_API
fi
else
touch "$HOME/.acme.sh/account.conf"
run_config
fi
}
# Issue certificates
issue_cert() {
local multisite_file
for multisite_file in ./multisites/*; do
echo "Attempting to issue certificates for ${multisite_file##*/} and its multisites..."
unset sites issue_cmd deploy_cmd
declare -al sites issue_cmd deploy_cmd
readarray -t sites < "${multisite_file}"
issue_cmd=("$HOME/.acme.sh/acme.sh" "--issue" "--dns" "dns_cpaneldns")
deploy_cmd=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
for site in "${sites[@]}"; do
[[ "$site" != "" ]] && issue_cmd+=("-d" "$site")
done
# if test enabled, issue test certificate first
if [[ "${test:-x}" == "true" ]]; then
"${issue_cmd[@]}" --staging
read -rp -n 1 "Was the certificate correctly issued without errors? [y/N]: "
echo
[[ ! "$REPLY" =~ ^[Yy]$ ]] && err=1 && return 1
fi
echo "Running:" "${issue_cmd[@]}"
if "${issue_cmd[@]}" --force; then
echo "Running:" "${deploy_cmd[@]}"
! "${deploy_cmd[@]}" && \
echo "Could not deploy" && \
err=1
else
echo "Could not issue"
err=1
fi
done
}
main() {
get_acme
run_config
issue_cert
}
main "$@"
exit "${err:-0}"

79
acme-cpanel-webroot.sh → acme-cpanel.sh
View File

@@ -1,11 +1,13 @@
#!/usr/bin/env bash
# This script uses acme.sh to issue and deploy SSL certificates from Let's Encrypt for a list of domains using the webroot method
# See README for more details
# This script uses acme.sh to issue and deploy SSL certificates from Let's Encrypt for a list of domains
# using the webroot or dns methods
#
# See README.md for more details
#
# Copyright 2020 Bryan Roessler <bryanroessler@gmail.com>
#
# USAGE
# ./acme-cpanel-webroot.sh [OPTIONS] [FILES...]
# ./acme-cpanel.sh [OPTIONS] [FILES...]
#
# EXAMPLES
# TESTING: ./acme-cpanel-webroot.sh --debug -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website
@@ -20,9 +22,12 @@
# NOTE: The webroot method does NOT support wildcard domains, Let's Encrypt requires wildcard domains to
# use DNS challenges, which the CPANEL uapi does not support (use dns_cpaneldns plugin instead)
source functions.sh
unset SITES_DIR USEREMAIL DOMAIN_FILES DOMAIN_GROUPS DEPLOY_CMD_PREFIX ISSUE_CMD_PREFIX DEBUG GROUP
DEBUG="true" # quote this line to stop DEBUG mode and issue certificates for real, or use --force in user options
METHOD="dns" # set the default method
parse_input() {
@@ -30,10 +35,14 @@ parse_input() {
declare -g USEREMAIL
declare -ag DOMAIN_FILES
if input=$(getopt -o +e:fks:d -l email:,force,keep-grouping,sites-dir:,debug -- "$@"); then
if input=$(getopt -o +m:e:fgs:d -l method:,email:,force,group-by-file,sites-dir:,debug -- "$@"); then
eval set -- "$input"
while true; do
case "$1" in
--method|-m)
shift
METHOD="${1,,}"
;;
--email|-e)
shift
USEREMAIL="$1"
@@ -41,7 +50,7 @@ parse_input() {
--force|-f)
unset DEBUG
;;
--keep-grouping|-k)
--group-by-file|-g)
GROUP="true"
;;
--sites-dir|-s)
@@ -91,10 +100,27 @@ update_email() { [[ -v USEREMAIL ]] && "$HOME/.acme.sh/acme.sh" --update-account
command_prefixes() {
declare -ag ISSUE_CMD_PREFIX DEPLOY_CMD_PREFIX
ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue" "--force")
[[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue" "--staging")
ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue")
[[ "$METHOD" == "dns" ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--dns" "dns_cpaneldns")
[[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--staging") || ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--force")
DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
[[ -v DEBUG ]] && DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
}
get_webroot() {
local webroot
if ! webroot=$(uapi DomainInfo single_domain_data domain="$1" | grep documentroot); then
echo "UAPI call failed" >&2
fi
if [[ ! -v webroot || "$webroot" == "" ]]; then
if [[ -v DEBUG ]]; then
webroot="/tmp" # set missing webroot in DEBUG mode for testing
else
echo "Could not find $1's webroot" >&2
exit 1
fi
fi
echo "$webroot"
}
@@ -117,23 +143,6 @@ load_domains() {
}
get_webroot() {
local webroot
if ! webroot=$(uapi DomainInfo single_domain_data domain="$1" | grep documentroot); then
echo "UAPI call failed" >&2
fi
if [[ ! -v webroot || "$webroot" == "" ]]; then
if [[ -v DEBUG ]]; then
webroot="/tmp" # set missing webroot in DEBUG mode for testing
else
echo "Could not find $1's webroot" >&2
exit 1
fi
fi
echo "$webroot"
}
issue_and_deploy_certs() {
local domain_root domain domain_group
@@ -156,7 +165,8 @@ issue_and_deploy_certs() {
# Issue certificate for entire domain group
echo "Running:" "${issue_cmd[@]}"
"${issue_cmd[@]}"
if ! "${issue_cmd[@]}"; then
echo "Failed to issue certificate"
# Deploy certificates one by one
for domain in $domain_group; do
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain")
@@ -168,18 +178,19 @@ issue_and_deploy_certs() {
for domain_group in "${DOMAIN_GROUPS[@]}"; do
# Issue and deploy certificates one by one
for domain in $domain_group; do # we want to split on whitespace
domain_root=$(get_webroot "$domain")
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain" "-d" "www.$domain")
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-d" "$domain" "-d" "www.$domain")
[[ "$METHOD" == "webroot" ]] && domain_root=$(get_webroot "$domain") && issue_cmd=("${issue_cmd[@]}" "-w" "$domain_root")
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains
[[ "$METHOD" == "webroot" ]] && deploy_cmd=("${deploy_cmd[@]}" "-w" "$domain_root")
echo "Running:" "${issue_cmd[@]}"
if ! "${issue_cmd[@]}"; then
echo "Certificate issue failed for $domain"
exit_err=1
echo "Failed to issue certificate for $domain"
err=1
fi
echo "Running:" "${deploy_cmd[@]}"
if ! "${deploy_cmd[@]}"; then
echo "Certificate deployment failed for $domain"
exit_err=1
echo "Failed to deploy certificate for $domain"
err=1
fi
done
done
@@ -198,4 +209,4 @@ main() {
main "$@"
exit "${exit_err:-0}"
exit "${err:-0}"