-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcertificate.sh
More file actions
executable file
·45 lines (33 loc) · 1.92 KB
/
certificate.sh
File metadata and controls
executable file
·45 lines (33 loc) · 1.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
#!/bin/bash
# Set IP address and domain
ip_address="91.134.137.25"
domain="audacious-unicorn.com"
email="webmaster@${domain}"
# -- NOT SUPPORTED BY CERTBOT --
# Generate self-signed certificate for IP address
echo "Generating self-signed certificate for IP address: ${ip_address}"
# Create directory structure for IP certificate
sudo mkdir -p /etc/letsencrypt/live/${ip_address}
sudo mkdir -p /etc/letsencrypt/archive/${ip_address}
# Generate private key
sudo openssl genrsa -out /etc/letsencrypt/live/${ip_address}/privkey.pem 2048
# Generate self-signed certificate with IP address in SAN
sudo openssl req -new -x509 -key /etc/letsencrypt/live/${ip_address}/privkey.pem \
-out /etc/letsencrypt/live/${ip_address}/fullchain.pem \
-days 365 \
-subj "/CN=${ip_address}/emailAddress=${email}" \
-addext "subjectAltName=IP:${ip_address}"
# Create chain.pem (same as fullchain for self-signed)
sudo cp /etc/letsencrypt/live/${ip_address}/fullchain.pem /etc/letsencrypt/live/${ip_address}/chain.pem
# Create cert.pem (same as fullchain for self-signed)
sudo cp /etc/letsencrypt/live/${ip_address}/fullchain.pem /etc/letsencrypt/live/${ip_address}/cert.pem
# Archive the certificate
sudo cp /etc/letsencrypt/live/${ip_address}/privkey.pem /etc/letsencrypt/archive/${ip_address}/privkey1.pem
sudo cp /etc/letsencrypt/live/${ip_address}/fullchain.pem /etc/letsencrypt/archive/${ip_address}/fullchain1.pem
sudo cp /etc/letsencrypt/live/${ip_address}/chain.pem /etc/letsencrypt/archive/${ip_address}/chain1.pem
sudo cp /etc/letsencrypt/live/${ip_address}/cert.pem /etc/letsencrypt/archive/${ip_address}/cert1.pem
echo "Self-signed certificate generated for IP address: ${ip_address}"
# Request certificate for dns subdomain
sudo certbot certonly --standalone --non-interactive --agree-tos -m $email -d "dns.${domain}"
# Request certificate for api subdomain
sudo certbot certonly --standalone --non-interactive --agree-tos -m $email -d "api.${domain}"