Update letsencrypt.sh

2018-07-21 23:38:41 -06:00 · 2018-07-21 23:38:41 -06:00 · fbe8e97b4e
parent 0b823ce608
commit fbe8e97b4e
1 changed files with 30 additions and 28 deletions
--- a/freebsd/resources/letsencrypt.sh
+++ b/freebsd/resources/letsencrypt.sh
@ -1,3 +1,4 @@
+
 #!/bin/sh

 # FusionPBX - Install
@ -31,25 +32,6 @@ pkg install dehydrated
 #mkdir -p /usr/local/www/dehydrated
 #mkdir -p /usr/local/etc/dehydrated/certs

-#manual dns hook
-cd /usr/src
-git clone https://github.com/owhen/dns-01-manual.git
-cd /usr/src/dns-01-manual/
-cp hook.sh /usr/local/etc/dehydrated/hook.sh
-chmod 755 /usr/local/etc/dehydrated/hook.sh
-
-#copy config and hook.sh into /usr/local/etc/dehydrated
-cd /usr/src/dehydrated
-cp docs/examples/config /usr/local/etc/dehydrated
-#cp docs/examples/hook.sh /usr/local/etc/dehydrated
-
-#update the dehydrated config
-sed -i' ' -e s:'#CONTACT_EMAIL=":CONTACT_EMAIL=$email_address:' /usr/local/etc/dehydrated/config
-sed -i' ' -e s:'#WELLKNOWN="/var/www/dehydrated":WELLKNOWN="/usr/local/www/dehydrated":' /usr/local/etc/dehydrated/config
-
-#accept the terms
-dehydrated --register --accept-terms --config /usr/local/etc/dehydrated/config
-
 #wildcard detection
 wilcard_domain=$(echo $domain_name | cut -c1-1)
 if [ "$wilcard_domain" = "*" ]; then
@ -63,6 +45,24 @@ if [ .$wilcard_domain = ."true" ]; then
 	domain_name=$(echo "$domain_name" | cut -c3-255)
 fi

+#manual dns hook
+if [ .$wilcard_domain = ."true" ]; then
+	if [ ! -f /usr/local/etc/dehydrated/hook.sh]; then
+		cd /usr/src
+		git clone https://github.com/owhen/dns-01-manual.git
+		cd /usr/src/dns-01-manual/
+		cp hook.sh /usr/local/etc/dehydrated/hook.sh
+		chmod 755 /usr/local/etc/dehydrated/hook.sh
+	fi
+fi
+
+#update the dehydrated config
+sed -i' ' -e s:'#CONTACT_EMAIL=":CONTACT_EMAIL=$email_address:' /usr/local/etc/dehydrated/config
+sed -i' ' -e s:'#WELLKNOWN="/var/www/dehydrated":WELLKNOWN="/usr/local/www/dehydrated":' /usr/local/etc/dehydrated/config
+
+#accept the terms
+dehydrated --register --accept-terms --config /usr/local/etc/dehydrated/config
+
 #set the domain alias
 domain_alias=$(echo "$domain_name" | head -n1 | cut -d " " -f1)

@ -76,30 +76,32 @@ if [ .$wilcard_domain = ."false" ]; then
 	echo "$domain_name" > /usr/local/etc/dehydrated/domains.txt
 fi

-#wildcard domain
+#request the certificates
 if [ .$wilcard_domain = ."true" ]; then
 	dehydrated --cron --domain *.$domain_name --alias $domain_alias --config /usr/local/etc/dehydrated/config --out /usr/local/etc/dehydrated/certs --challenge dns-01 --hook /usr/local/etc/dehydrated/hook.sh
 fi
-
-#single domain
 if [ .$wilcard_domain = ."false" ]; then
-	dehydrated --cron --domain '$domain_name' --alias $domain_alias --config /usr/local/etc/dehydrated/config --out /usr/local/etc/dehydrated/certs --challenge http-01
+	dehydrated --cron --alias $domain_alias --config /usr/local/etc/dehydrated/config --out /usr/local/etc/dehydrated/certs --challenge http-01
 fi

 #remove the old backups
-rm /usr/local/etc/nginx/server.crt.backup
-rm /usr/local/etc/nginx/server.key.backup
+rm -f /usr/local/etc/nginx/server.crt.backup
+rm -f /usr/local/etc/nginx/server.key.backup

 #nginx config - backup the original certificates and copy the news ones for nginx
-mv /usr/local/etc/nginx/server.crt /usr/local/etc/nginx/server.crt.backup
-mv /usr/local/etc/nginx/server.key /usr/local/etc/nginx/server.key.backup
+if [ -e /usr/local/etc/nginx/server.crt]; then
+	mv /usr/local/etc/nginx/server.crt /usr/local/etc/nginx/server.crt.backup
+fi
+if [ -e /usr/local/etc/nginx/server.key]; then
+	mv /usr/local/etc/nginx/server.key /usr/local/etc/nginx/server.key.backup
+fi
 cp /usr/local/etc/dehydrated/certs/$domain_alias/fullchain.pem /usr/local/etc/nginx/server.crt
 cp /usr/local/etc/dehydrated/certs/$domain_alias/privkey.pem /usr/local/etc/nginx/server.key

 #read the config
 /usr/local/sbin/nginx -t && /usr/local/sbin/nginx -s reload

-#setup freeswitch tls 
+#setup freeswitch tls
 if [ .$switch_tls = ."true" ]; then
 	#make sure the freeswitch directory exists
 	mkdir -p /usr/local/etc/freeswitch/tls