Juma7C9 · March 23, 2017 15:16
diff --git a/make_le_cert.sh b/make_le_cert.sh
 #!/bin/bash

 # Request a letsencrypt cert for multiple domain and related subdomain, for example
 # foo.domain.com, foo.domain.com
 # bar.domain.net, bar.domain.net
 # and encrypt the generated private key for security purposes.

 # The MIT License (MIT)
 # Copyright (c) 2016, 2017 Juma7C9
 # 
 # Permission is hereby granted, free of charge, to any person obtaining a copy of this software
 # and associated documentation files (the "Software"), to deal in the Software without restriction,
 # including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
 # and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
 # subject to the following conditions:
 #
 # The above copyright notice and this permission notice shall be included
 # in all copiesor substantial portions of the Software.

 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
 # INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
 # PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
 # FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
 # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

 #!/bin/bash

 dry_run="no"
 if [ "${dry_run}" == "yes" ]
 then
        e="echo Executing ==>"
 fi

 le_path="/root/src/letsencrypt"
 le="${e} ${le_path}/letsencrypt-auto"

 openssl="${e} openssl"
 apache="apachectl"

 certpath="/etc/letsencrypt/live/mysite.example"

 opts="certonly --rsa-key-size 4096 -a apache --force-renewal"

 domains=$(echo {,www.,subdomain1.,subdomain2.,subN.}{mysite,mysite2}.example | sed 's/ /,/g')

 # Request certs
 echo "Requesting certs"

 ${le} ${opts} -d "${domains}"


 # Encrypt last key
 echo "Encrypting key"

 lastkey="$(realpath "${certpath}/privkey.pem")"
 ${openssl} rsa -des3 -in "${lastkey}" -out "${lastkey}.tmp"

 # If encryption successfull, copy the new key back
 if [ $? -eq 0 ]
 then
        mv "${lastkey}.tmp" "${lastkey}"
 else
        echo "[ERROR] Failed to encrypt private key!"
 fi

 # Restart Apache server
 echo "Restarting Apache"

 ${apache} restart
	#!/bin/bash

	# Request a letsencrypt cert for multiple domain and related subdomain, for example
	# foo.domain.com, foo.domain.com
	# bar.domain.net, bar.domain.net
	# and encrypt the generated private key for security purposes.

	# The MIT License (MIT)
	# Copyright (c) 2016, 2017 Juma7C9
	#
	# Permission is hereby granted, free of charge, to any person obtaining a copy of this software
	# and associated documentation files (the "Software"), to deal in the Software without restriction,
	# including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
	# and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
	# subject to the following conditions:
	#
	# The above copyright notice and this permission notice shall be included
	# in all copiesor substantial portions of the Software.

	# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
	# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
	# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE
	# FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
	# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

	#!/bin/bash

	dry_run="no"
	if [ "${dry_run}" == "yes" ]
	then
	e="echo Executing ==>"
	fi

	le_path="/root/src/letsencrypt"
	le="${e} ${le_path}/letsencrypt-auto"

	openssl="${e} openssl"
	apache="apachectl"

	certpath="/etc/letsencrypt/live/mysite.example"

	opts="certonly --rsa-key-size 4096 -a apache --force-renewal"

	domains=$(echo {,www.,subdomain1.,subdomain2.,subN.}{mysite,mysite2}.example \| sed 's/ /,/g')

	# Request certs
	echo "Requesting certs"

	${le} ${opts} -d "${domains}"


	# Encrypt last key
	echo "Encrypting key"

	lastkey="$(realpath "${certpath}/privkey.pem")"
	${openssl} rsa -des3 -in "${lastkey}" -out "${lastkey}.tmp"

	# If encryption successfull, copy the new key back
	if [ $? -eq 0 ]
	then
	mv "${lastkey}.tmp" "${lastkey}"
	else
	echo "[ERROR] Failed to encrypt private key!"
	fi

	# Restart Apache server
	echo "Restarting Apache"

	${apache} restart