nis_https_setup.sh

12/1/2017 - 2:32 AM
#!/bin/bash
echo setting up your domain
echo "domain => $1"
echo " email => $2"
echo "are you really? (y/n)"
read input

if [ -z $1 ] || [ -z $2 ]; then
  echo "pass me: {domain} {email}"
  exit 1
elif [ $input = 'yes' ] || [ $input = 'y' ]; then
  echo "ok! the process will start!"
else
  echo bye!
  exit 1
fi

# preparing
mkdir -p /etc/dehydrated
mkdir -p /var/lib/dehydrated

# accept terms
dehydrated --register --accept-terms

# setup dehydrated
echo "$1" > /etc/dehydrated/domains.txt

cat << __EOD__ > /etc/dehydrated/config
BASEDIR=/var/lib/dehydrated
WELLKNOWN="\${BASEDIR}/acme-challenges"
DOMAINS_TXT="/etc/dehydrated/domains.txt"
CONTACT_EMAIL="$2"
__EOD__

cat << "__EOD__" > /etc/dehydrated/hook.sh
#!/bin/bash
function deploy_challenge {
  local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
  echo "Please add the following record to the DNS zone:"
  echo "_acme-challenge.$DOMAIN IN TXT \"$TOKEN_VALUE\""
  echo dig "_acme-challenge.$DOMAIN" txt @8.8.8.8
  echo "Press enter when installed!"
  read
}
function clean_challenge {
  local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
}
function deploy_cert {
  local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
}
function invalid_challenge {
  local DOMAIN="${1}" RESPONSE="${2}"
}
HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|startup_hook|exit_hook)$ ]]; then
  "$HANDLER" "$@"
fi
__EOD__
chmod +x /etc/dehydrated/hook.sh

# setup stunnel
cat << __EOD__ > /etc/stunnel/stunnel.conf
[nis]
accept = 7891
connect = 127.0.0.1:7890
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem

[websocket]
accept = 7779
connect = 127.0.0.1:7778
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem
__EOD__

sed -i.bak 's/ENABLED=0/ENABLED=1/' /etc/default/stunnel4

dehydrated --cron --challenge dns-01 --domain "$1" --hook /etc/dehydrated/hook.sh
systemctl restart stunnel4

echo "Done! You need to reboot the machine. Bye!"
Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

nis_https_setup.sh
