Created
July 9, 2020 15:00
-
-
Save nazmulpcc/de347b48e146bf8428efd6954543003b to your computer and use it in GitHub Desktop.
Generate valid ssl certificates using certbot+cloudflare plugin inside a docker container.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| if [[ $DOMAIN == "local" ]]; then | |
| if [ ! -d /etc/letsencrypt/live/local ]; then | |
| sudo mkdir -p /etc/letsencrypt/live/local | |
| fi | |
| sudo openssl genrsa -out "/etc/letsencrypt/live/local/privkey.pem" 2048 | |
| sudo openssl req -new -key "/etc/letsencrypt/live/local/privkey.pem" -out "/etc/letsencrypt/live/local/cert.pem" -subj "/CN=default/O=default/C=UK" | |
| sudo openssl x509 -req -days 365 -in "/etc/letsencrypt/live/local/cert.pem" -signkey "/etc/letsencrypt/live/local/privkey.pem" -out "/etc/letsencrypt/live/local/fullchain.pem" | |
| echo "Generated local certificates" | |
| else | |
| echo "dns_cloudflare_email = $CERTBOT_CLOUDFLARE_EMAIL" > ~/cloudflare.ini | |
| echo "dns_cloudflare_api_key = $CERTBOT_CLOUDFLARE_API" >> ~/cloudflare.ini | |
| if [ ! -d /etc/letsencrypt/live/$DOMAIN ]; then | |
| sudo certbot certonly \ | |
| --dns-cloudflare \ | |
| --dns-cloudflare-credentials ~/cloudflare.ini \ | |
| --agree-tos \ | |
| --email $CERTBOT_EMAIL \ | |
| --non-interactive \ | |
| -d $DOMAIN -d *.$DOMAIN | |
| if [ ! -d /etc/letsencrypt/live/$DOMAIN ]; then | |
| sudo cp -r /etc/letsencrypt/live/$DOMAIN /etc/letsencrypt/live/$DOMAIN | |
| fi | |
| fi | |
| rm ~/cloudflare.ini | |
| fi | |
| mkdir /tmp/ssl | |
| sudo cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem > /tmp/ssl/fullchain.pem | |
| sudo cat /etc/letsencrypt/live/$DOMAIN/privkey.pem > /tmp/ssl/privkey.pem | |
| sudo cat /etc/letsencrypt/live/$DOMAIN/cert.pem > /tmp/ssl/cert.pem | |
| sudo cp /tmp/ssl/* /etc/nginx-ssl |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM ubuntu:18.04 | |
| ENV DEBIAN_FRONTEND noninteractive | |
| RUN add-apt-repository -y ppa:certbot/certbot && \ | |
| apt-get install -yq certbot python3-certbot-dns-cloudflare curl | |
| COPY certbot.sh /tmp | |
| COPY ./init.sh /tmp | |
| ENTRYPOINT /bin/bash /tmp/init.sh && /bin/bash |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| if [ ! -f /etc/nginx-ssl/cert.pem ]; then | |
| bash /tmp/certbot.sh | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment