free
/
freedombone
关注 1
点赞 0
派生 0
代码 工单 0 合并请求 0 版本发布 0 百科 动态
浏览代码

Preparing for letsencrypt

Bob Mottram 9 年前
父节点
e48d8ab9ea
当前提交
178f9becd1
共有 1 个文件被更改,包括 7 次插入1 次删除
合并视图 显示文件统计
  1. 7
    1
      src/freedombone-addcert

+ 7
- 1
src/freedombone-addcert 查看文件

45 
 DH_KEYLENGTH=2048
 45 
 DH_KEYLENGTH=2048
46 
 INSTALL_DIR=/root/build
 46 
 INSTALL_DIR=/root/build
47 
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
 47 
 LETSENCRYPT_SERVER='https://acme-v01.api.letsencrypt.org/directory'
48 
+LETSENCRYPT_REPO='https://github.com/letsencrypt/letsencrypt'
48
49
49 
 function show_help {
 50 
 function show_help {
50 
     echo ''
 51 
     echo ''
155
156
156 
     # obtain the repo
 157 
     # obtain the repo
157 
     if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
 158 
     if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
158 
-        git clone https://github.com/letsencrypt/letsencrypt
159 
+        git clone $LETSENCRYPT_REPO
159 
         if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
 160 
         if [ ! -d ${INSTALL_DIR}/letsencrypt ]; then
160 
             exit 76283
 161 
             exit 76283
161 
         fi
 162 
         fi
165 
         git pull
 166 
         git pull
166 
     fi
 167 
     fi
167
168
169 
+    # stop the web server
170 
+    systemctl stop nginx
171 
+
168 
     cd ${INSTALL_DIR}/letsencrypt
 172 
     cd ${INSTALL_DIR}/letsencrypt
169 
     # TODO this requires user interaction - is there a non-interactive mode?
 173 
     # TODO this requires user interaction - is there a non-interactive mode?
170 
     ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
 174 
     ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
171 
     if [ ! "$?" = "0" ]; then
 175 
     if [ ! "$?" = "0" ]; then
172 
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
 176 
         echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
177 
+        systemctl start nginx
173 
         exit 63216
 178 
         exit 63216
174 
     fi
 179 
     fi
175
180
200 
     ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
 205 
     ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
201
206
202 
     cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
 207 
     cp /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/mycerts/${LETSENCRYPT_HOSTNAME}.pem
208 
+    systemctl start nginx
203 
 else
 209 
 else
204 
     CERTFILE=$HOSTNAME
 210 
     CERTFILE=$HOSTNAME
205 
     if [[ $ORGANISATION == "Freedombone-CA" ]]; then
 211 
     if [[ $ORGANISATION == "Freedombone-CA" ]]; then