88 lines
2.9 KiB
Bash
88 lines
2.9 KiB
Bash
#!/usr/bin/env bash
|
|
# This program will install and configure acme, request SSL certificates from Let's Encrypt, and enable them using the cPanel API
|
|
|
|
# Comment the following line to skip issuing a test certificate
|
|
test="true"
|
|
|
|
unset err
|
|
|
|
get_acme() {
|
|
curl https://get.acme.sh | sh
|
|
curl -o "$HOME/.acme.sh/dnsapi/dns_cpaneldns.sh" https://raw.githubusercontent.com/cryobry/dns_cpaneldns/master/dns_cpaneldns.sh
|
|
"$HOME/.acme.sh/acme.sh" --upgrade --auto-upgrade
|
|
}
|
|
|
|
|
|
run_config() {
|
|
if [[ -f "$HOME/.acme.sh/account.conf" ]]; then
|
|
if grep -q "CPANELDNS_AUTH_PASSWORD" "$HOME/.acme.sh/account.conf"; then
|
|
echo "cPanel credentials already present, skipping configuration..."
|
|
echo "To rerun the configuration, first run 'rm \$HOME/.acme.sh/account.conf'"
|
|
return 0
|
|
else
|
|
# Set contact e-mail for ACME failure
|
|
read -rp 'Enter the e-mail address to contact in case of acme failure: ' EMAIL
|
|
echo
|
|
"$HOME/.acme.sh/acme.sh" --update-account --accountemail "$EMAIL"
|
|
# Read in Namecheap API variables from user for acme
|
|
read -rp 'Enter your cPanel username: ' CPANELDNS_AUTH_ID
|
|
echo
|
|
export CPANELDNS_AUTH_ID
|
|
read -rp 'Enter your cPanel password: ' CPANELDNS_AUTH_PASSWORD
|
|
echo
|
|
export CPANELDNS_AUTH_PASSWORD
|
|
read -rp 'Enter your cPanel address and port number (example: "https://www.example.com:2083/"): ' CPANELDNS_API
|
|
echo
|
|
export CPANELDNS_API
|
|
fi
|
|
else
|
|
touch "$HOME/.acme.sh/account.conf"
|
|
run_config
|
|
fi
|
|
}
|
|
|
|
|
|
# Issue certificates
|
|
issue_cert() {
|
|
local multisite_file
|
|
for multisite_file in ./multisites/*; do
|
|
echo "Attempting to issue certificates for ${multisite_file##*/} and its multisites..."
|
|
unset sites issue_cmd deploy_cmd
|
|
declare -al sites issue_cmd deploy_cmd
|
|
readarray -t sites < "${multisite_file}"
|
|
issue_cmd=("$HOME/.acme.sh/acme.sh" "--issue" "--dns" "dns_cpaneldns")
|
|
deploy_cmd=("$HOME/.acme.sh/acme.sh" "--deploy" "--deploy-hook" "cpanel_uapi")
|
|
for site in "${sites[@]}"; do
|
|
[[ "$site" != "" ]] && issue_cmd+=("-d" "$site")
|
|
done
|
|
# if test enabled, issue test certificate first
|
|
if [[ "${test:-x}" == "true" ]]; then
|
|
"${issue_cmd[@]}" --staging
|
|
read -rp -n 1 "Was the certificate correctly issued without errors? [y/N]: "
|
|
echo
|
|
[[ ! "$REPLY" =~ ^[Yy]$ ]] && err=1 && return 1
|
|
fi
|
|
echo "Running:" "${issue_cmd[@]}"
|
|
if "${issue_cmd[@]}" --force; then
|
|
echo "Running:" "${deploy_cmd[@]}"
|
|
! "${deploy_cmd[@]}" && \
|
|
echo "Could not deploy" && \
|
|
err=1
|
|
else
|
|
echo "Could not issue"
|
|
err=1
|
|
fi
|
|
done
|
|
}
|
|
|
|
|
|
main() {
|
|
get_acme
|
|
run_config
|
|
issue_cert
|
|
}
|
|
|
|
main "$@"
|
|
|
|
exit "${err:-0}"
|