nis_https_setup.sh
#!/bin/bash
echo setting up your domain
echo "domain => $1"
echo " email => $2"
echo "are you really? (y/n)"
read input
if [ -z $1 ] || [ -z $2 ]; then
echo "pass me: {domain} {email}"
exit 1
elif [ $input = 'yes' ] || [ $input = 'y' ]; then
echo "ok! the process will start!"
else
echo bye!
exit 1
fi
# preparing
mkdir -p /etc/dehydrated
mkdir -p /var/lib/dehydrated
# accept terms
dehydrated --register --accept-terms
# setup dehydrated
echo "$1" > /etc/dehydrated/domains.txt
cat << __EOD__ > /etc/dehydrated/config
BASEDIR=/var/lib/dehydrated
WELLKNOWN="\${BASEDIR}/acme-challenges"
DOMAINS_TXT="/etc/dehydrated/domains.txt"
CONTACT_EMAIL="$2"
__EOD__
cat << "__EOD__" > /etc/dehydrated/hook.sh
#!/bin/bash
function deploy_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
echo "Please add the following record to the DNS zone:"
echo "_acme-challenge.$DOMAIN IN TXT \"$TOKEN_VALUE\""
echo dig "_acme-challenge.$DOMAIN" txt @8.8.8.8
echo "Press enter when installed!"
read
}
function clean_challenge {
local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
}
function deploy_cert {
local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" CHAINFILE="${4}"
}
function invalid_challenge {
local DOMAIN="${1}" RESPONSE="${2}"
}
HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|startup_hook|exit_hook)$ ]]; then
"$HANDLER" "$@"
fi
__EOD__
chmod +x /etc/dehydrated/hook.sh
# setup stunnel
cat << __EOD__ > /etc/stunnel/stunnel.conf
[nis]
accept = 7891
connect = 127.0.0.1:7890
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem
[websocket]
accept = 7779
connect = 127.0.0.1:7778
cert = /var/lib/dehydrated/certs/$1/fullchain.pem
key = /var/lib/dehydrated/certs/$1/privkey.pem
__EOD__
sed -i.bak 's/ENABLED=0/ENABLED=1/' /etc/default/stunnel4
dehydrated --cron --challenge dns-01 --domain "$1" --hook /etc/dehydrated/hook.sh
systemctl restart stunnel4
echo "Done! You need to reboot the machine. Bye!"