-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy pathcertbot.sh
50 lines (37 loc) · 1.34 KB
/
certbot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/bin/bash
# Create first dns A records for domain hosts hello.example.com and www.hello.example.com
# Domain host
DOMAIN=example.com
# Letsencrypt notifications email
# Certbot mode --standalone or --webroot
STANDALONE=true
# Don't delete below
# Revoke
if [ -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
sudo certbot revoke --noninteractive --cert-path /etc/letsencrypt/live/${DOMAIN}/fullchain.pem
fi
# Delete old
if [ "$DOMAIN" ]; then
sudo certbot delete --noninteractive --cert-name ${DOMAIN}
fi
# Create new tls cert www and non-www with webroot plugin
if [ "${STANDALONE}" = "true" ]; then
# Stop server
sudo service nginx stop
# Standalone
sudo certbot certonly --standalone --noninteractive --agree-tos --preferred-challenges=http --email ${ALERT_EMAIL} --expand -d ${DOMAIN} -d www.${DOMAIN}
# Start server
sudo service nginx start
else
# Start server
sudo service nginx start
# Webroot
sudo certbot certonly --noninteractive --agree-tos --preferred-challenges=http --email ${ALERT_EMAIL} --expand --webroot --webroot-path /var/www/${DOMAIN} -d ${DOMAIN} -d www.${DOMAIN}
# Restart nginx server
sudo service nginx restart
fi
# After hook
if [ -d "/etc/letsencrypt/renewal" ]; then
echo "renew_hook = sudo systemctl restart nginx" > /etc/letsencrypt/renewal/${DOMAIN}.conf
fi