网站首页学无止境LINUX
Let's Encrypt HTTPS证书一键创建shell分享
发布时间:2017-06-25 17:05:06编辑:songlin阅读(195)
- #!/bin/bash
- # 执行时需要的参数
- # -d [必填] 域名
- # -c [选填] openssl.cnf的路径 默认为/etc/pki/tls/openssl.cnf 如不是请根据自己服务器的地址填写-c参数
- # -p [选填] 此项为验证域名时使用 用于存放验证域名是生成的临时文件 默认为脚本当前文件下的sslCsrVerify目录,可自定义;验证域名的Nginx/Apache配置可在 https://wangsonglin.cn/study/nginx/c97.html 这边博文中查看
- # ./create_ssl.sh -d wangsonglin.cn -c /etc/pki/tls/openssl.cnf -p /data/ssl/sslCsrVerify
- path='sslCsrVerify'
- domain=''
- opensslcnf='/etc/pki/tls/openssl.cnf'
- PWD=`pwd`
- while getopts "d:c:p:" opt; do
- case $opt in
- d)
- domain=$OPTARG
- ;;
- c)
- opensslcnf=$OPTARG
- ;;
- p)
- Path=$OPTARG
- ;;
- \?)
- echo "Invalid option: -$OPTARG"
- ;;
- esac
- done
- if [ "${domain}" == "" ];then
- echo "error: domain is empty. please add -d param."
- exit;
- fi
- if [ "${Path}" == "" ];then
- csrVerifyPath="${PWD}/${path}/"
- else
- csrVerifyPath=${Path}
- fi
- openssl genrsa 4096 > account.key
- openssl genrsa 4096 > ${domain}.key
- openssl req -new -sha256 -key ${domain}.key -subj "/" -reqexts SAN -config <(cat ${opensslcnf} <(printf "[SAN]\nsubjectAltName=DNS:${domain}")) > ${domain}.csr
- wget -O - https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py > acme_tiny.py
- mkdir -p ${csrVerifyPath}
- chmod 755 ${csrVerifyPath}
- read -p " Notice : Configure the configuration file before you perform the next step.\n Please select your web soft:Apache/Nginx; Enter 1 or 2 " webSoftTmp
- if [ "$webSoftTmp" == "2" ];then
- Soft='Nginx';
- echo "you select Nginx ;
- Copy the following string to your Nginx 80 port configuration file AND reload Nginx
- ##---------------------- START -----------------------------
- location ^~ /.well-known/acme-challenge/ {
- alias ${csrVerifyPath};
- try_files \$uri =404;
- }
- ##---------------------- END -----------------------------
- ";
- elif [ "$webSoftTmp" == "1" ];then
- Soft='Apache';
- echo "you select Apache
- Copy the following string to your Apache 80 port configuration file AND restart Apache
- ##---------------------- START -----------------------------
- <IfModule alias_module>
- scriptAlias /.well-known/acme-challenge \"${csrVerifyPath}\"
- <Directory \"${csrVerifyPath}\">
- Options Indexes FollowSymLinks
- AllowOverride None
- Order allow,deny
- Allow from all
- </Directory>
- </IfModule>
- ##---------------------- END -----------------------------
- "
- fi
- read -p " Notice : If the configuration file configuration is complete, we proceed to the next step: to validate the domain name and press any key to continue : ";
- echo "${Soft} Configure complete ! verify domain start !";
- python acme_tiny.py --account-key ./account.key --csr ./${domain}.csr --acme-dir ${csrVerifyPath} > ./signed.crt
- wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > intermediate.pem
- cat signed.crt intermediate.pem > chained.pem
- wget -O - https://letsencrypt.org/certs/isrgrootx1.pem > root.pem
- cat intermediate.pem root.pem > full_chained.pem
- echo " create SSL certificate finish.;";
- echo " ##------------ START ----------------";
- if [ "$Soft" == 'Nginx' ];then
- echo "
- ssl on;
- ssl_certificate ${PWD}/chained.pem;
- ssl_certificate_key ${PWD}/${domain}.key;
- ";
- else
- echo "
- SSLEngine on
- SSLCertificateFile ${PWD}/chained.pem
- SSLCertificateKeyFile ${PWD}/${domain}.key
- ";
- fi
- echo " ##------------ END ----------------
- ";
- echo " Copy the above string to your ${Soft}'s 443 port configuration file to complete the HTTPS certificate for Let's Encrypt. ";
- echo " complete!!!! ";
- chmod +x create_ssl.sh
上篇文章已经讲解过了Let's Encrypt HTTPS证书的创建过程(主要借鉴与https://imququ.com博文,略作修改与注释)。不知各位使用的时候,是否也和我一样,需要一遍又一遍的去复制、改阐述、粘贴,感觉有点麻烦。先本人做一个简单的shell脚本无需粘贴复制去执行直接在脚本的后面家上参数就好。代码如下
脚本执行需可执行权限
注意:执行本脚本之前需先更改Nginx/Apache配置文件负责域名验证出错。配置 可在https://wangsonglin.cn/study/nginx/c97.html 这边博文中查看
2017/07/17 日更新不需要实现配置 Nginx/Apache的配置文件文件,改在程序执行时根据提示配置(程序执行是会生成配置 直接复制黏贴就可以)
PS:感谢小崔(博客)的提示
shell下载地址:https://d.wangsonglin.cn/2017/06/25/create_ssl.zip
因能力有限,脚本比较简陋(我感觉是这样)。大神请指教,喷喷们请飞过。
本文为博主原创,转载请指明出处:https://wangsonglin.cn