-
Notifications
You must be signed in to change notification settings - Fork 2
/
letsEncrypt
40 lines (29 loc) · 1.73 KB
/
letsEncrypt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
#!/bin/bash
#### ! Only once ! Setup dependancies ####
# Setup some dependancies for the certbot-auto executable
# [command] $ sudo apt-get install python-pip python-dev build-essential libffi-dev
# [command] $ sudo pip install virtualenv
# Download the certbot from eff.org
wget https://dl.eff.org/certbot-auto
# Make the script executable
chmod a+x certbot-auto
# Create a folder holding all the .ssl related files
mkdir .ssl
#### ! Only once ! Generate a server private key, and domain signing request ####
# Generate a Server Private key (ONLY ONCE, Backup your key !!)
# [command] $ openssl genrsa 4096 > .ssl/server.key
# Create a backup of your key !
# [command] $ cp .ssl/server.key <backup>/server.key.backup
# Secure via SSL the domain: mydomain.com using Let's Encrypt
# - Generate certificate signing request for domain (? only once ?)
# [command] $ openssl req -new -sha256 -key .ssl/server.key -subj "/" -reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf "[SAN]\nsubjectAltName=DNS:mydomain.com,DNS:www.mydomain.com")) > .ssl/mydomain.nl.csr
#### Each time when a certificate is to be renewed ####
# - Run the script in stand-alone mode, and request certificate for mydomain.com
~/downloads/certbot-auto certonly --no-bootstrap --csr .ssl/mydomain.com.csr --standalone --email [email protected] --agree-tos
# - Copy the received certificate to the correct location and use the name: mydomain.com.crt
cp 0000_cert.pem .ssl/mydomain.com.crt
# - Copy the received certificate chain to the correct location and use the name: mydomain.com.chain
cp 0000_chain.pem .ssl/mydomain.com.chain
# - Create folder, and move all the received files (cert, chain and parent) to a safe location for backup
mkdir .ssl/mydomain.com/
mv *.pem .ssl/mydomain.com/