diff options
| author | Jakob Odersky <jakob@odersky.com> | 2017-12-26 14:07:01 +0100 |
|---|---|---|
| committer | Jakob Odersky <jakob@odersky.com> | 2017-12-26 14:07:01 +0100 |
| commit | 8d78b86e684290ee7296bf7b8d526db3148dbd10 (patch) | |
| tree | ac3bdb8a084c4b60b185a3d33b9d222d2c8ef113 /nginx-letsencrypt | |
| parent | 10cca27a5732584d42b0c9356e3b5a0524966f29 (diff) | |
| download | nginx-letsencrypt-8d78b86e684290ee7296bf7b8d526db3148dbd10.tar.gz nginx-letsencrypt-8d78b86e684290ee7296bf7b8d526db3148dbd10.tar.bz2 nginx-letsencrypt-8d78b86e684290ee7296bf7b8d526db3148dbd10.zip | |
Clean up debian configuration files
Diffstat (limited to 'nginx-letsencrypt')
| -rwxr-xr-x | nginx-letsencrypt | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/nginx-letsencrypt b/nginx-letsencrypt new file mode 100755 index 0000000..5db460a --- /dev/null +++ b/nginx-letsencrypt @@ -0,0 +1,30 @@ +#!/bin/sh +# Obtain or renew certificates from letsencrypt, to be used with nginx +# webroot verification. +# +# Domains to be certified are defined in /etc/nginx/domains. +# +# The pre-hook is used to remove snakeoil certificates that are +# required to bootstrap nginx configurations (nginx fails to start +# without ssl certificates). The hook is required because certbot does +# not overwrite foreign certificates, as described in this issue +# https://github.com/certbot/certbot/issues/3396 +set -o exiterr +set -o unset + +email="jakob@odersky.com" + +extra_flags="" +if [ "$1" = --test ]; then + extra_flags="--test-cert" +fi + +certbot certonly $extra_flags \ + --noninteractive \ + --agree-tos \ + --email "$email" \ + --cert-name nginx \ + --webroot --webroot-path /var/www/letsencrypt \ + --pre-hook "sh -c '(openssl x509 -in /etc/letsencrypt/live/nginx/fullchain.pem -noout -text) | grep --quiet letsencrypt || rm -r /etc/letsencrypt/live/nginx'" \ + --post-hook "systemctl reload nginx" \ + -d "$(grep "^[^#;]" /etc/nginx/letsencryptdomains | paste --delimiter=, --serial)" |