From ec80af1bb246ac914d637ac7d78223a142a1af53 Mon Sep 17 00:00:00 2001 From: Hyperling Date: Fri, 18 Aug 2023 20:44:39 -0700 Subject: [PATCH] Certs were not being saved by LetsEncrypt for Nginx correctly. Should be working now. --- .../ReverseProxy/create_letsencrypt_certs.sh | 34 +++++++++++++++---- .../ReverseProxy/create_placeholder_certs.sh | 6 ++-- Config/ReverseProxy/docker-compose.yml | 4 +-- 3 files changed, 33 insertions(+), 11 deletions(-) diff --git a/Config/ReverseProxy/create_letsencrypt_certs.sh b/Config/ReverseProxy/create_letsencrypt_certs.sh index 09a3067..f6432aa 100755 --- a/Config/ReverseProxy/create_letsencrypt_certs.sh +++ b/Config/ReverseProxy/create_letsencrypt_certs.sh @@ -28,8 +28,8 @@ if [[ $certbot_running != 1 ]]; then fi ## Input ## - # Gather information from the user. + echo -n "Please provide the email address you would like the certs bound to: " read email if [[ -z $email ]]; then @@ -45,19 +45,34 @@ if [[ $confirm != "Y"* ]]; then exit 0 fi +echo -n "Is this a test run? [Y/n]: " +typeset -l test dry_run +read test +if [[ $test == "y"* || -z $test ]]; then + dry_run="--dry-run" + echo " Great! Running with $dry_run to avoid using up requests." +else + echo " Requesting live certificates for new domains." +fi + ## Main ## # Loop over the proxy configuration files and ensure they have certs. grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do filename=`basename $file` + echo -e "\n" if [[ $filename == *"example.com"* ]]; then echo "Skipping $filename since it is only an example." continue fi - echo "*** Checking $filename ***" - if [[ -d $CERT_DIR/$filename ]]; then + echo "*** Checking $filename ***" + if [[ -f $CERT_DIR/$filename/SELF ]]; then + echo "Removing self-signed certs." + rm -rfv $CERT_DIR/$filename + fi + if [[ ! -d $CERT_DIR/$filename ]]; then echo "Getting the domains which need the cert." domains=`grep -v '$server_name' $file | grep server_name` @@ -69,13 +84,18 @@ grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do domains=${domains// /,} echo "Domains='$domains'" - echo "Attempting to create real certs at $CERT_DIR/$filename." - docker exec reverseproxy-certbot-1 certbot certonly -n --webroot \ + echo "Attempting to create certs at $CERT_DIR/$filename." + docker exec reverseproxy-certbot-1 \ + certbot certonly -n --webroot $dry_run \ -w /etc/letsencrypt --agree-tos -m $email -d $filename - ls -lh $CERT_DIR/$filename/* + if [[ -z $dry_run ]]; then + docker exec reverseproxy-certbot-1 \ + sh -c "cp -rL /etc/letsencrypt/live/$filename /etc/letsencrypt/nginx/" + ls -lh $CERT_DIR/$filename/* + fi else - echo "Website's certificate folder does not exist, skipping." + echo "Website's certificate folder already exists, skipping." continue fi done diff --git a/Config/ReverseProxy/create_placeholder_certs.sh b/Config/ReverseProxy/create_placeholder_certs.sh index a591d41..13762ca 100755 --- a/Config/ReverseProxy/create_placeholder_certs.sh +++ b/Config/ReverseProxy/create_placeholder_certs.sh @@ -18,12 +18,14 @@ echo "CERT_DIR=$CERT_DIR" mkdir -pv $CERT_DIR # Loop over the proxy configuration files and ensure they have certs. -grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do +#grep -l proxy_pass $DIR/config/conf.d/*.* | while read file; do +ls $DIR/config/conf.d/*.* | while read file; do filename=`basename $file` - echo "*** Checking $filename ***" + echo -e "\n\n*** Checking $filename ***" if [[ ! -d $CERT_DIR/$filename ]]; then echo "Creating self-signed certs at $CERT_DIR/$filename." mkdir -pv $CERT_DIR/$filename + touch $CERT_DIR/$filename/SELF openssl req -new -x509 -days 3 -nodes \ -out $CERT_DIR/$filename/fullchain.pem \ -keyout $CERT_DIR/$filename/privkey.pem \ diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index f457c62..ac1dd4e 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -25,5 +25,5 @@ services: restart: always volumes: - ../../Volumes/ReverseProxy/letsencrypt:/etc/letsencrypt - - ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot - entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/letsencrypt/nginx + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; cp -rL /etc/letsencrypt/live/* /etc/letsencrypt/nginx/; sleep 12h & wait $${!}; done;'"