Browse Source

create new version 15.01.25:18.35

Vixfree 2 months ago
parent
commit
0012caecd5
2 changed files with 332 additions and 0 deletions
  1. 22 0
      avto4certbot.dev/avto4certbot.conf
  2. 310 0
      avto4certbot.dev/avto4certbot.sh

+ 22 - 0
avto4certbot.dev/avto4certbot.conf

@@ -0,0 +1,22 @@
1
+## config file
2
+## domains - follow the format! domains email port...
3
+domains=( 
4
+ "mydomen.ru admin@mydomen.ru 80"
5
+ "mydomen2.ru admin@mydomen.ru 80"
6
+ );
7
+
8
+## - nginx sites
9
+sites_nginx="/etc/nginx/sites-enabled";
10
+
11
+## - apache2 sites
12
+sites_apache="/etc/apache2/sites-enabled";
13
+
14
+# create new cert or update
15
+path_ssl="/etc/ssl";
16
+path_cert="/etc/letsencrypt/live";
17
+
18
+## temp directory for create request
19
+tmp_dir="/tmp/certbot";
20
+
21
+## log file
22
+log_file="/var/log/syslog";

+ 310 - 0
avto4certbot.dev/avto4certbot.sh

@@ -0,0 +1,310 @@
1
+#!/bin/bash
2
+#
3
+# author: Koshuba V.O.
4
+# license: GPL 2.0
5
+# create 2022
6
+#
7
+version="0.5.0";
8
+sname="avto4certbot";
9
+
10
+# script path
11
+path_script=$( cd -- $( dirname -- "${BASH_SOURCE[0]}" ) &> /dev/null && pwd );
12
+source "$path_script/avto4certbot.conf";
13
+
14
+##--@S static values
15
+# depends
16
+pkgdep=("curl" "certbot" "letsencrypt") # packages
17
+get_tools=("curl" "certbot" "letsencrypt")
18
+
19
+# - options
20
+cmd=$1;
21
+
22
+# - for LAMP server
23
+opt=$2;
24
+
25
+#--@F Get info area
26
+function getInfo() {
27
+if [ $opt = "apache" ];then
28
+  find $sites_apache/* -maxdepth 0 -type l -printf '%f\n' 2>$tmp_dir/active_sites.inf;
29
+fi
30
+if [ $opt = "nginx" ];then
31
+  find $sites_nginx/* -maxdepth 0 -type l -printf '%f\n' 2>$tmp_dir/active_sites.inf;
32
+fi
33
+}
34
+
35
+#--@F Check the program dependency
36
+function checkDep() {
37
+    # - msg debug
38
+    echo "check depends..."
39
+    if [ ! "$lang" ]; then
40
+        lang="C.UTF-8"
41
+    fi
42
+    for ((itools = 0; itools != ${#get_tools[@]}; itools++)); do
43
+        checktool=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
44
+        if [[ $checktool = "" ]]; then
45
+            sudo apt install ${pkgdep[$itools]}
46
+        fi
47
+        checktool=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
48
+        if [[ $checktool != "" ]]; then
49
+            eval get_${get_tools[$itools]}=$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')
50
+            list_tools[${#list_tools[@]}]="$(whereis -b ${get_tools[$itools]} | awk '/^'${get_tools[$itools]}':/{print $2}')"
51
+        else
52
+            ## lang messages if yes then lang else us...
53
+            reports=()
54
+            reports[${#reports[@]}]="Sorry, there are no required packages to work, please install:${pkgdep[@]}"
55
+            makeErr
56
+            exit
57
+        fi
58
+    done
59
+}
60
+
61
+##--@F make all errors
62
+function makeErr() {
63
+for ((rpt_index=0; rpt_index != ${#reports[@]}; rpt_index++))
64
+    do
65
+    echo  "$rdate $sname: ${reports[$rpt_index]}">>$log;
66
+    echo   "${reports[$rpt_index]}";
67
+    done
68
+ exit 0;
69
+}
70
+
71
+function createCert() {
72
+#
73
+for ((dmn=0; dmn != ${#domains[@]}; dmn++))
74
+    do
75
+eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
76
+    if [ "$cmd" == "--create" ];
77
+        then
78
+            certbot -m "${dreg[1]}";
79
+        else
80
+            certbot --update-registration -m "${dreg[1]}";
81
+    fi
82
+##
83
+## example manual: certbot certonly --webroot --webroot-path /tmp/letsencrypt -d mydomen.ru
84
+certbot certonly --webroot --webroot-path $www_root -d ${dreg[0]}
85
+done
86
+}
87
+
88
+function renew() {
89
+certbot renew;
90
+valtrue=0;
91
+rdate=$(date +%Y-%m-%d);
92
+rtime=$(date +%H:%M);
93
+for ((dmn=0; dmn != ${#domains[@]}; dmn++))
94
+    do
95
+    eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
96
+     keydate=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$6'});
97
+     keytime=$(ls -l --time-style=long-iso $path_cert/${dreg[0]}/cert.pem |awk {'print$7'});
98
+     if [[ "$keydate" = "$rdate" ]] && [[ "$keytime" = "$rtime" ]]; then
99
+         ((valtrue++));
100
+		if [ -d $path_cert/${dreg[0]} ]; then
101
+		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
102
+		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
103
+    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
104
+    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
105
+#
106
+    		cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
107
+    		cd $path_ssl/certs
108
+    		chmod 600 ${dreg[0]}.pem
109
+    		ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
110
+    		cd $path_ssl
111
+    		echo "$(date) - $sname: update cert for  ${domains[$dmn]}">> $log;
112
+		fi
113
+      fi
114
+done
115
+if [ $valtrue != 0 ];then
116
+     :>/etc/ssl/crt-list.txt
117
+        for ((icrt=0; icrt != ${#domains[@]}; icrt++))
118
+         do
119
+          echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
120
+        done
121
+fi
122
+}
123
+
124
+
125
+function toSSL() {
126
+if [ -d $path_cert ];
127
+    then
128
+        for ((dmn=0; dmn != ${#domains[@]}; dmn++))
129
+            do
130
+                eval local dreg="(" $(echo -e ${domains[$dmn]}) ")";
131
+                ((valtrue++));
132
+		if [ -d $path_cert/${dreg[0]} ]; then
133
+		cat $path_cert/${dreg[0]}/privkey.pem > $path_ssl/private/privkey_${dreg[0]}.pem;
134
+		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/fullchain_${dreg[0]}.pem;
135
+    		cat $path_cert/${dreg[0]}/fullchain.pem > $path_ssl/private/${dreg[0]}.pem;
136
+    		cat $path_cert/${dreg[0]}/privkey.pem >> $path_ssl/private/${dreg[0]}.pem;
137
+#
138
+                cp -f $path_ssl/private/${dreg[0]}.pem $path_ssl/certs/${dreg[0]}.pem
139
+                cd $path_ssl/certs
140
+                chmod 600 ${dreg[0]}.pem
141
+                ln -sf ${dreg[0]}.pem `openssl x509 -noout -hash < ${dreg[0]}.pem`.0
142
+                cd $path_ssl
143
+                echo "$(date) - $sname: update certlist for  ${domains[$dmn]}">> $log;
144
+		fi
145
+        done
146
+        if [ $valtrue != 0 ]; then
147
+                echo >/etc/ssl/crt-list.txt
148
+            for ((icrt=0; icrt != ${#domains[@]}; icrt++))
149
+                do
150
+                eval local dcrt="(" $(echo -e ${domains[$icrt]}) ")";
151
+                echo "$path_ssl/private/${dcrt[0]}.pem">>/etc/ssl/crt-list.txt
152
+            done
153
+        fi
154
+    else
155
+        echo "Ошибка - отсутствует $path_cert!"
156
+	echo "$(date) - $sname: Ошибка - отсутствует $path_cert!">> $log;
157
+fi
158
+}
159
+
160
+function downSite(){
161
+sudo systemctl stop nginx.service;
162
+eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
163
+
164
+if [ ${#list_www[@]} != 0 ]; then
165
+for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
166
+    do
167
+      rm $nginx_enable/${list_www[dwx]};
168
+done
169
+fi
170
+}
171
+
172
+function upSite(){
173
+sudo systemctl stop nginx.service;
174
+eval cert_bot="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
175
+for ((cr=0; cr != ${#cert_bot[@]}; cr++))
176
+    do
177
+      rm $nginx_enable/${cert_bot[cr]};
178
+done
179
+for ((dnm=0; dnm != ${#domains[@]}; dnm++))
180
+    do
181
+eval local dcert="(" $(echo -e ${domains[$dnm]}) ")";
182
+    sitename="${dcert[0]}";
183
+    siteport="${dcert[2]}";
184
+    createConf;
185
+done
186
+sudo systemctl start nginx.service;
187
+}
188
+
189
+function restoreSite() {
190
+sudo systemctl stop nginx.service;
191
+eval list_www="(" $(find $nginx_enable/* -maxdepth 0 -type l -printf '%f\n' 2>/dev/null) ")";
192
+
193
+if [ ${#list_www[@]} != 0 ]; then
194
+for ((dwx=0; dwx != ${#list_www[@]}; dwx++))
195
+    do
196
+      rm $nginx_enable/${list_www[dwx]};
197
+done
198
+fi
199
+for ((dwx=0; dwx != ${#enable_www[@]}; dwx++))
200
+    do
201
+	ln -s $nginx_available/${enable_www[dwx]} $nginx_enable/${enable_www[dwx]};
202
+done
203
+sudo systemctl start nginx.service;
204
+}
205
+
206
+function createConf(){
207
+if [ ! -d $path_tmp ];
208
+  then
209
+    mkdir -p $path_tmp;
210
+fi
211
+
212
+if [ ! -d $www_root ];
213
+  then
214
+    mkdir -p $www_root/.well-known/acme-challenge;
215
+chown -R www-data:www-data $www_root;
216
+fi
217
+    echo >$path_tmp/$sitename.conf;
218
+    echo -e 'server { listen      0.0.0.0:'"$siteport"';' >>$path_tmp/$sitename.conf;
219
+    echo -e '\n' >>$path_tmp/$sitename.conf;
220
+    echo -e 'server_name '"$sitename"';' >>$path_tmp/$sitename.conf;
221
+    echo -e '\n' >>$path_tmp/$sitename.conf;
222
+    echo -e 'location /.well-known/acme-challenge {' >>$path_tmp/$sitename.conf;
223
+    echo -e '    allow all;' >>$path_tmp/$sitename.conf;
224
+    echo -e '    autoindex off;' >>$path_tmp/$sitename.conf;
225
+    echo -e '    default_type "text/plain";' >>$path_tmp/$sitename.conf;
226
+    echo -e '    root '"$www_root"';' >>$path_tmp/$sitename.conf;
227
+    echo -e '}' >>$path_tmp/$sitename.conf;
228
+    echo -e '\n' >>$path_tmp/$sitename.conf;
229
+    echo -e 'location = /.well-known {' >>$path_tmp/$sitename.conf;
230
+    echo -e '    return 404;' >>$path_tmp/$sitename.conf;
231
+    echo -e '}' >>$path_tmp/$sitename.conf;
232
+    echo -e '\n' >>$path_tmp/$sitename.conf;
233
+    echo -e 'error_page 404 /404.html;' >>$path_tmp/$sitename.conf;
234
+    echo -e 'error_page 500 502 503 504 /50x.html;' >>$path_tmp/$sitename.conf;
235
+    echo -e '\n' >>$path_tmp/$sitename.conf;
236
+    echo -e 'error_log /var/log/nginx/err-certbot.log;' >>$path_tmp/$sitename.conf;
237
+    echo -e 'access_log /var/log/nginx/access-certbot.log;' >>$path_tmp/$sitename.conf;
238
+    echo -e '}' >>$path_tmp/$sitename.conf;
239
+ln -s $path_tmp/$sitename.conf $nginx_enable/$sitename.conf
240
+}
241
+
242
+function restartService(){
243
+for ((scn=0; scn != ${#set_service[@]}; scn++))
244
+    do
245
+/etc/init.d/${set_service[$scn]} restart;
246
+# systemctl restart ${set_services[$scn]};
247
+done
248
+}
249
+
250
+case "$cmd" in
251
+
252
+## create cert
253
+"--create" | "--create" )
254
+
255
+downSite;
256
+upSite;
257
+createCert;
258
+toSSL;
259
+downSite;
260
+if [ "$opt" == "srv" ]; then
261
+restartService;
262
+else
263
+restoreSite;
264
+fi
265
+
266
+;;
267
+
268
+## update cert
269
+"--update" | "--update" )
270
+
271
+downSite;
272
+upSite;
273
+renew;
274
+downSite;
275
+if [[ "$opt" == "srv" ]] && [[ $valtrue != 0 ]]; then
276
+ restartService;
277
+else
278
+ restoreSite;
279
+fi
280
+
281
+;;
282
+
283
+## update cert
284
+"--test" | "--test" )
285
+getInfo;
286
+
287
+;;
288
+
289
+## update cert force
290
+"--flist" | "--flist" )
291
+toSSL;
292
+if [ "$opt" == "srv" ]; then
293
+restartService;
294
+fi
295
+
296
+;;
297
+
298
+## start defaults
299
+
300
+* )
301
+checkDep;
302
+echo "$sname:$version"
303
+echo "please input pameters: avto4certbot.sh --create [apache & nginx]| --update [apache & nginx] | --flist [apache & nginx]";
304
+echo "avto4certbot.sh --create; create new certificate or --create [apache & nginx]; create new certificate " 
305
+echo "avto4certbot.sh --update; update certificates or --update [apache & nginx]; update [apache & nginx];"
306
+echo "avto4certbot.sh --flist; update certificates from ssl or --flist [apache & nginx]; rescan list certificates;"
307
+;;
308
+esac
309
+
310
+exit