Compare commits
8 Commits
2598532761
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
| b8c904bbf3 | |||
| 7348048ddd | |||
| 35c706eceb | |||
| a51c60370e | |||
| e92c6c2fef | |||
| b93f43f6fe | |||
| 28e61360ae | |||
| 6e0b7cfd62 |
@@ -18,7 +18,7 @@ RewriteRule ^\.well-known/.+ - [END]
|
||||
Command-line (Linux):
|
||||
|
||||
* Move script to user home directory on the server: `scp ./* username@ip:port:~`
|
||||
* Login to server: `ssh user@ip -p port`
|
||||
* Log in to server: `ssh user@ip -p port`
|
||||
* Make script executable: `chmod +x $HOME/acme-cpanel.sh`
|
||||
* Run script (ex. `$HOME/acme-cpanel.sh -s multisites`)
|
||||
* Follow prompts to enter credentials, issue certificates, and deploy them
|
||||
@@ -34,15 +34,15 @@ cPanel:
|
||||
|
||||
## Usage
|
||||
|
||||
### `./acme-cpanel.sh [OPTIONS] [FILES...]`
|
||||
#### `./acme-cpanel.sh [OPTIONS] [FILES...]`
|
||||
|
||||
#### Options
|
||||
|
||||
```text
|
||||
--method, -m webroot,dns
|
||||
--method, -m dns,webroot
|
||||
Choose the authentication method (default: dns)
|
||||
--email, -e EMAIL
|
||||
E-mail not be notified of certificate renewal failures
|
||||
E-mail to be notified of certificate renewal failures
|
||||
--group-by-file, -g
|
||||
Issue multidomain certificates for all domains with the same webroot, grouped by input file
|
||||
The first domain in each file will be used to determine the shared webroot
|
||||
|
||||
154
acme-cpanel.sh
154
acme-cpanel.sh
@@ -5,29 +5,13 @@
|
||||
# See README.md for more details
|
||||
#
|
||||
# Copyright 2020 Bryan Roessler <bryanroessler@gmail.com>
|
||||
#
|
||||
# USAGE
|
||||
# ./acme-cpanel.sh [OPTIONS] [FILES...]
|
||||
#
|
||||
# EXAMPLES
|
||||
# TESTING: ./acme-cpanel-webroot.sh --debug -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website
|
||||
# PRODUCTION: ./acme-cpanel-webroot.sh --force -e me@gmail.com multisites/flatwhitedesign.pw multisites/greengingermultisite.website
|
||||
#
|
||||
# TESTING: ./acme-cpanel-webroot.sh --debug -s multisites
|
||||
# PRODUCTION: ./acme-cpanel-webroot.sh --force -s multisites
|
||||
#
|
||||
# FILES is a list of files containing first-level DOMAIN names (see domains.txt) on newlines
|
||||
# Certificates will automatically be issued and deployed for DOMAIN and www.DOMAIN using the webroot method
|
||||
#
|
||||
# NOTE: The webroot method does NOT support wildcard domains, Let's Encrypt requires wildcard domains to
|
||||
# use DNS challenges, which the CPANEL uapi does not support (use dns_cpaneldns plugin instead)
|
||||
|
||||
source functions.sh
|
||||
|
||||
unset SITES_DIR USEREMAIL DOMAIN_FILES DOMAIN_GROUPS DEPLOY_CMD_PREFIX ISSUE_CMD_PREFIX DEBUG GROUP
|
||||
|
||||
DEBUG="true" # quote this line to stop DEBUG mode and issue certificates for real, or use --force in user options
|
||||
METHOD="dns" # set the default method
|
||||
CONF="$HOME/.acme.sh/account.conf"
|
||||
ACME_SH="$HOME/.acme.sh/acme.sh"
|
||||
|
||||
parse_input() {
|
||||
|
||||
@@ -43,10 +27,6 @@ parse_input() {
|
||||
shift
|
||||
METHOD="${1,,}"
|
||||
;;
|
||||
--email|-e)
|
||||
shift
|
||||
USEREMAIL="$1"
|
||||
;;
|
||||
--force|-f)
|
||||
unset DEBUG
|
||||
;;
|
||||
@@ -88,22 +68,52 @@ parse_input() {
|
||||
}
|
||||
|
||||
|
||||
get_acme() {
|
||||
curl https://get.acme.sh | sh
|
||||
source "$HOME/.bashrc"
|
||||
"$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade
|
||||
interactive_dns() {
|
||||
if [[ -f "$CONF" ]] && grep -q "CPANELDNS_AUTH_PASSWORD" "$CONF"; then
|
||||
echo "cPanel credentials already present, skipping configuration..."
|
||||
echo "To rerun the configuration, first run 'rm $CONF'"
|
||||
else
|
||||
read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID
|
||||
echo
|
||||
export CPANELDNS_AUTH_ID
|
||||
read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD
|
||||
echo
|
||||
export CPANELDNS_AUTH_PASSWORD
|
||||
read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API
|
||||
echo
|
||||
export CPANELDNS_API
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
update_email() { [[ -v USEREMAIL ]] && "$HOME/.acme.sh/acme.sh" --update-account --accountemail "${USEREMAIL}"; }
|
||||
get_acme() {
|
||||
curl https://get.acme.sh | sh
|
||||
# shellcheck disable=SC1090
|
||||
source "$HOME/.bashrc"
|
||||
"$ACME_SH" --upgrade --auto-upgrade
|
||||
[[ "$METHOD" == "dns" ]] && \
|
||||
curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh
|
||||
}
|
||||
|
||||
|
||||
update_email() {
|
||||
if [[ ! -v USEREMAIL ]]; then
|
||||
if [[ -f "$CONF" ]] && line=$(grep -q "ACCOUNT_EMAIL" "$CONF"); then
|
||||
echo "Reusing existing contact e-mail: ${line#ACCOUNT_EMAIL=}"
|
||||
return 0
|
||||
fi
|
||||
read -rp 'Enter your contact e-mail (in case of renewal failures): ' USEREMAIL
|
||||
fi
|
||||
"$ACME_SH" --update-account --accountemail "${USEREMAIL}"
|
||||
}
|
||||
|
||||
|
||||
command_prefixes() {
|
||||
declare -ag ISSUE_CMD_PREFIX DEPLOY_CMD_PREFIX
|
||||
ISSUE_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--issue")
|
||||
ISSUE_CMD_PREFIX=("$ACME_SH" "--issue")
|
||||
[[ "$METHOD" == "dns" ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--dns" "dns_cpaneldns")
|
||||
[[ -v DEBUG ]] && ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--staging") || ISSUE_CMD_PREFIX=("${ISSUE_CMD_PREFIX[@]}" "--force")
|
||||
DEPLOY_CMD_PREFIX=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
|
||||
DEPLOY_CMD_PREFIX=("$ACME_SH" "--deploy" "--deploy-hook" "cpanel_uapi")
|
||||
}
|
||||
|
||||
|
||||
@@ -145,56 +155,56 @@ load_domains() {
|
||||
|
||||
issue_and_deploy_certs() {
|
||||
|
||||
local domain_root domain domain_group
|
||||
local -a issue_cmd=()
|
||||
local -a deploy_cmd=()
|
||||
local group_root domain_root domain domain_group
|
||||
|
||||
if [[ -v GROUP ]]; then
|
||||
for domain_group in "${DOMAIN_GROUPS[@]}"; do
|
||||
unset i
|
||||
for domain in $domain_group; do # we want to split on whitespace
|
||||
[[ "$domain" == "" ]] && continue
|
||||
# Get the webroot from the first domain
|
||||
if [[ ! -v i ]]; then
|
||||
local i="set"
|
||||
domain_root=$(get_webroot "$domain")
|
||||
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-w" "$domain_root")
|
||||
for domain_group in "${DOMAIN_GROUPS[@]}"; do
|
||||
local -a issue_cmd=("${ISSUE_CMD_PREFIX[@]}")
|
||||
local -a deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}")
|
||||
local i="set"
|
||||
# Issue certificates
|
||||
for domain in $domain_group; do # we want to split on whitespace
|
||||
[[ "$domain" == "" ]] && continue
|
||||
if [[ -v GROUP ]]; then
|
||||
if [[ "$METHOD" == "webroot" && -v i ]]; then
|
||||
group_root=$(get_webroot "$domain")
|
||||
issue_cmd+=("-w" "$group_root")
|
||||
unset i
|
||||
fi
|
||||
# Append domains to issue command that we will call after the loop
|
||||
issue_cmd+=("-d" "$domain" "-d" "www.$domain")
|
||||
done
|
||||
|
||||
# Issue certificate for entire domain group
|
||||
echo "Running:" "${issue_cmd[@]}"
|
||||
if ! "${issue_cmd[@]}"; then
|
||||
echo "Failed to issue certificate"
|
||||
# Deploy certificates one by one
|
||||
for domain in $domain_group; do
|
||||
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-w" "$domain_root" "-d" "$domain")
|
||||
echo "Running:" "${deploy_cmd[@]}"
|
||||
"${deploy_cmd[@]}"
|
||||
done
|
||||
done
|
||||
else
|
||||
for domain_group in "${DOMAIN_GROUPS[@]}"; do
|
||||
# Issue and deploy certificates one by one
|
||||
for domain in $domain_group; do # we want to split on whitespace
|
||||
issue_cmd=("${ISSUE_CMD_PREFIX[@]}" "-d" "$domain" "-d" "www.$domain")
|
||||
[[ "$METHOD" == "webroot" ]] && domain_root=$(get_webroot "$domain") && issue_cmd=("${issue_cmd[@]}" "-w" "$domain_root")
|
||||
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains
|
||||
[[ "$METHOD" == "webroot" ]] && deploy_cmd=("${deploy_cmd[@]}" "-w" "$domain_root")
|
||||
# Issue certificate for single domain
|
||||
else
|
||||
local -a issue_cmd=("${ISSUE_CMD_PREFIX[@]}")
|
||||
domain_root=$(get_webroot "$domain")
|
||||
issue_cmd+=("-d" "$domain" "-d" "www.$domain")
|
||||
[[ "$METHOD" == "webroot" ]] && issue_cmd+=("-w" "$domain_root")
|
||||
echo "Running:" "${issue_cmd[@]}"
|
||||
if ! "${issue_cmd[@]}"; then
|
||||
echo "Failed to issue certificate for $domain"
|
||||
echo "Failed to issue certificate for domain: $domain"
|
||||
err=1
|
||||
fi
|
||||
echo "Running:" "${deploy_cmd[@]}"
|
||||
if ! "${deploy_cmd[@]}"; then
|
||||
echo "Failed to deploy certificate for $domain"
|
||||
err=1
|
||||
fi
|
||||
done
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
# Issue certificate for group of domains
|
||||
if [[ -v GROUP ]]; then
|
||||
echo "Running:" "${issue_cmd[@]}"
|
||||
if ! "${issue_cmd[@]}"; then
|
||||
echo "Failed to issue certificate for domain group: $domain_group"
|
||||
err=1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Deploy certificates one domain at a time
|
||||
for domain in $domain_group; do
|
||||
deploy_cmd=("${DEPLOY_CMD_PREFIX[@]}" "-d" "$domain") # I think we only need to deploy to the domain, not subdomains (e.g. www.)
|
||||
echo "Running:" "${deploy_cmd[@]}"
|
||||
if ! "${deploy_cmd[@]}"; then
|
||||
echo "Failed to deploy certificate for $domain"
|
||||
err=1
|
||||
fi
|
||||
done
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
@@ -204,6 +214,8 @@ main() {
|
||||
update_email
|
||||
command_prefixes
|
||||
load_domains
|
||||
[[ "$METHOD" == "dns" ]] && interactive_dns
|
||||
sanity_check
|
||||
issue_and_deploy_certs
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user