+ 5_https.sh

2025-10-28 14:41:19 -05:00
parent 3dc77944e6
commit 882963c178
1 changed files with 35 additions and 0 deletions
--- a/scr/5_https.sh
+++ b/scr/5_https.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# install ssl cert for a specific domain / frode klevstul / oct 2025
+#
+# documentation
+#   list of supported providers: https://github.com/acmesh-official/acme.sh/wiki/dnsapi
+#       digitalocean  = dns_dgon
+#       hetzner       = dns_hetzner
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+if [ "$EUID" -ne 0 ]
+  then echo "error: run as 'root'"
+  exit
+fi
+
+this_file_name=`basename "$0"`
+
+if [ $# -ne 3 ]; then
+    echo usage: ${this_file_name} [TOKEN] [DNS_PROVIDER] [BARE_DOMAIN]
+    exit 1
+fi
+
+token=$1
+dns_provider=$2
+domain=$3
+
+# it's easier setting values for both digitalocean and hetzner, even though one value will become redundant.
+# an alternative would be checking the dns_provider input value and doing an export accordingly.
+export DO_API_KEY="${token}"
+export HETZNER_Token="${token}"
+
+/root/.acme.sh/acme.sh --debug 2 --issue --dns ${dns_provider} -d ${domain} -d *.${domain} --keylength ec-384
+mkdir -p /etc/nginx/acme.sh/${domain}
+/root/.acme.sh/acme.sh --debug 2 --install-cert -d ${domain} --ecc --cert-file /etc/nginx/acme.sh/${domain}/cert.pem --key-file /etc/nginx/acme.sh/${domain}/key.pem --fullchain-file /etc/nginx/acme.sh/${domain}/fullchain.pem --reloadcmd "systemctl reload nginx.service"