-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathletsencrypt_order.sh
More file actions
124 lines (104 loc) · 5.99 KB
/
letsencrypt_order.sh
File metadata and controls
124 lines (104 loc) · 5.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
#!/bin/sh
ATO_NETS="62.20.146.242/32"
certbot="/usr/bin/certbot"
wanted_cert_path="/etc/letsencrypt/live"
premium_cert_path="/appdir/atomia/ssl/premium_certificates"
apache_config="/storage/configuration/maps"
iis_config="/storage/configuration/iisv2"
le_auth=/appdir/atomia/le_auth.sh
le_cleanup=/appdir/atomia/le_cleanup.sh
f5hook=/appdir/atomia/f5_hook.sh
if [ -z "$1" ]; then
echo "usage: $0 r preview_domain"
echo "example:"
echo "$0 preview.dev.atomia.com"
exit 1
fi
in_net() {
perl -e '
use strict;
my $net = shift @ARGV or die "no net";
my $ip = shift @ARGV or die "no ip";
my @pair = split("/", $net);
my $pf = $pair[0];
my $pl = $pair[1];
$pf =~ s/(\d+)([.]|$)/sprintf("%02X", $1)/ge;
$pf = unpack("N", pack("H8", $pf));
$pl = unpack("N", pack("b32", "1" x $pl . "0" x (32 - $pl)));
$ip =~ s/(\d+)([.]|$)/sprintf("%02X", $1)/ge;
$ip = unpack("N", pack("H8", $ip));
exit 1 if ($pf & $pl) ne ($ip & $pl);
' "$1" "$2"
}
in_ato_nets() {
is_in=no
for net in $ATO_NETS; do
in_net $net "$1" && {
is_in=yes
break
}
done
echo $is_in
}
echo "LINUX websites:"
if [ -f "$apache_config/vhost.map" ]; then
cat "$apache_config"/vhost.map | awk '{ print $1 }' | grep -vE "$1"'$' | grep -v '^www\.' | grep -E '^[a-zA-Z0-9.-]+$' \
| sort -u | awk '{ print $0 " www." $0 }' | while read cert; do
wanted_cert=$(echo "$cert" | cut -d " " -f 1)
wanted_wwwcert=$(echo "$cert" | cut -d " " -f 2 )
desired=$(echo "$cert" | cut -d " " -f 1 )
if [ ! -d `echo "$wanted_cert_path/$desired"` ] && [ ! -d `echo "$premium_cert_path/$desired"` ]; then
ip1="$(dig +short $wanted_wwwcert | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b')"
ip2="$(dig +short $wanted_cert | head -1)"
if [ -n "$ip1" ] && [ "$(in_ato_nets $ip1)" = yes ] && [ -n "$ip2" ] && [ "$(in_ato_nets $ip2)" = yes ] ; then
#Order actual certificate
certbot certonly --manual --manual-auth-hook $le_auth --manual-cleanup-hook $le_cleanup -d $wanted_cert -d $wanted_wwwcert --non-interactive --agree-tos --email noreply@hosting.telia.com --manual-public-ip-logging-ok
LEDIR="/var/www/html/le_cert/$wanted_cert"
if [ ! -d "$LEDIR" ]; then
mkdir -p $LEDIR
chmod 755 $LEDIR
cp /etc/letsencrypt/live/$wanted_cert/fullchain.pem $LEDIR/$wanted_cert.crt
cp /etc/letsencrypt/live/$wanted_cert/privkey.pem $LEDIR/$wanted_cert.key
chown apache:apache $LEDIR/*
else
cp /etc/letsencrypt/live/$wanted_cert/fullchain.pem $LEDIR/$wanted_cert.crt
cp /etc/letsencrypt/live/$wanted_cert/privkey.pem $LEDIR/$wanted_cert.key
chown apache:apache $LEDIR/*
fi
#Upload certificate to F5
$f5hook add letsencrypt $wanted_cert
fi
fi
done
fi
echo "WINDOWS websites:"
if [ -f "$iis_config/applicationHost.config" ]; then
grep -F binding "$iis_config/applicationHost.config" | grep -F ":80:" | awk -F ':80:' '{ print $2 }' | cut -d '"' -f 1 \
| grep -vE "$1"'$' | grep -v '^www\.' | grep -E '^[a-zA-Z0-9.-]+$' | sort -u | awk '{ print $0 " www." $0 }' | while read cert; do
wanted_cert=$(echo "$cert" | cut -d " " -f 1)
wanted_wwwcert=$(echo "$cert" | cut -d " " -f 2 )
desired=$(echo "$cert" | cut -d " " -f 1 )
if [ ! -d `echo "$wanted_cert_path/$desired"` ] && [ ! -d `echo "$premium_cert_path/$desired"` ]; then
ip1="$(dig +short $wanted_wwwcert | grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b')"
ip2="$(dig +short $wanted_cert | head -1)"
if [ -n "$ip1" ] && [ "$(in_ato_nets $ip1)" = yes ] && [ -n "$ip2" ] && [ "$(in_ato_nets $ip2)" = yes ] ; then
#Order actual certificate
certbot certonly --manual --manual-auth-hook $le_auth --manual-cleanup-hook $le_cleanup -d $wanted_cert -d $wanted_wwwcert --non-interactive --agree-tos --email noreply@hosting.telia.com --manual-public-ip-logging-ok
LEDIR="/var/www/html/le_cert/$wanted_cert"
if [ ! -d "$LEDIR" ]; then
mkdir -p $LEDIR
chmod 755 $LEDIR
cp /etc/letsencrypt/live/$wanted_cert/fullchain.pem $LEDIR/$wanted_cert.crt
cp /etc/letsencrypt/live/$wanted_cert/privkey.pem $LEDIR/$wanted_cert.key
chown apache:apache $LEDIR/*
else
cp /etc/letsencrypt/live/$wanted_cert/fullchain.pem $LEDIR/$wanted_cert.crt
cp /etc/letsencrypt/live/$wanted_cert/privkey.pem $LEDIR/$wanted_cert.key
chown apache:apache $LEDIR/*
fi
#Upload certificate to F5
$f5hook add letsencrypt $wanted_cert
fi
fi
done
fi