kitos9112 · June 6, 2020 09:55
diff --git a/get-letsencrypt-cert-cloudflare.sh b/get-letsencrypt-cert-cloudflare.sh
 #!/usr/bin/env bash
 # You should have your cloudflare ini-like file in the following location
 CLOUDFLARE_INI="/etc/letsencrypt-cloudflare/cf.ini"
 if [ "$#" -ne 2 ]
 then
  echo "Usage: $0 <command> (e.g. certonly, renew) $1 <domain> (e.g. my-domain.example.com)"
  exit 1
 fi

 COMMAND=$1 # certonly
 DOMAIN=$2 # my-domain.example.com

 mkdir -pv $DOMAIN && cd $DOMAIN_DIR
 ETC=$(pwd)/etc
 LIB=$(pwd)/lib
 LOG=$(pwd)/log

 # I'll happily create the set of directories for you, if none exist yet:
 if [ ! -d $ETC -a ! -d $LIB -a ! -d $LOG ]
 then
  mkdir -pv $ETC $LIB $LOG
  echo 'Directories created'
 fi



 echo "Using etc: $ETC, /var/log: $LOG, /var/lib/letsencrypt: $LIB"

 # Finally do something:
 # The command runs *INTERACTIVELY* and has not (yet) been tested for renewals
 docker run -it --rm --name certbot \
   -v "$CLOUDFLARE_INI:/etc/cf.ini:r"
   -v "$ETC:/etc/letsencrypt:rw" \
   -v "$LIB:/var/lib/letsencrypt:rw" \
   -v "$LOG:/var/log/letsencrypt:rw" \
   certbot/dns-cloudflare \
   -d $DOMAIN -n --dns-cloudflare \
   $COMMAND --preferred-challenges=dns-01 --expand \
   --register-unsafely-without-email --agree-tos \
   --dns-cloudflare-credentials /etc/cf.ini \
   --dns-cloudflare-propagation-seconds 10 \
   --server https://acme-v02.api.letsencrypt.org/directory

 # On success, show a friendly reminder:
 if [ $? -eq 0 ]
 then
 cat -<<"MSG"
 Now, copy the files in ./etc/live/<your-domain> to your server
 extract them somewhere, and cd into that directory, then:
 $ chmod 640 *.pem
 $ chgrp ssl-cert privkey.pem
 $ rename 's/(.*)/example.com-$1/' *.pem
 $ mv *privkey.pem /etc/ssl/private/
 $ mv *.pem /etc/ssl/

 Now, update your e.g. apache config like so:
 SSLEngine On
 SSLCertificateFile      /etc/ssl/example.com-cert.pem
 SSLCertificateChainFile /etc/ssl/example.com-fullchain.pem
 SSLCertificateKeyFile   /etc/ssl/private/example.com-privkey.pem
 MSG
 fi
	#!/usr/bin/env bash
	# You should have your cloudflare ini-like file in the following location
	CLOUDFLARE_INI="/etc/letsencrypt-cloudflare/cf.ini"
	if [ "$#" -ne 2 ]
	then
	echo "Usage: $0 <command> (e.g. certonly, renew) $1 <domain> (e.g. my-domain.example.com)"
	exit 1
	fi

	COMMAND=$1 # certonly
	DOMAIN=$2 # my-domain.example.com

	mkdir -pv $DOMAIN && cd $DOMAIN_DIR
	ETC=$(pwd)/etc
	LIB=$(pwd)/lib
	LOG=$(pwd)/log

	# I'll happily create the set of directories for you, if none exist yet:
	if [ ! -d $ETC -a ! -d $LIB -a ! -d $LOG ]
	then
	mkdir -pv $ETC $LIB $LOG
	echo 'Directories created'
	fi



	echo "Using etc: $ETC, /var/log: $LOG, /var/lib/letsencrypt: $LIB"

	# Finally do something:
	# The command runs INTERACTIVELY and has not (yet) been tested for renewals
	docker run -it --rm --name certbot \
	-v "$CLOUDFLARE_INI:/etc/cf.ini:r"
	-v "$ETC:/etc/letsencrypt:rw" \
	-v "$LIB:/var/lib/letsencrypt:rw" \
	-v "$LOG:/var/log/letsencrypt:rw" \
	certbot/dns-cloudflare \
	-d $DOMAIN -n --dns-cloudflare \
	$COMMAND --preferred-challenges=dns-01 --expand \
	--register-unsafely-without-email --agree-tos \
	--dns-cloudflare-credentials /etc/cf.ini \
	--dns-cloudflare-propagation-seconds 10 \
	--server https://acme-v02.api.letsencrypt.org/directory

	# On success, show a friendly reminder:
	if [ $? -eq 0 ]
	then
	cat -<<"MSG"
	Now, copy the files in ./etc/live/<your-domain> to your server
	extract them somewhere, and cd into that directory, then:
	$ chmod 640 *.pem
	$ chgrp ssl-cert privkey.pem
	$ rename 's/(.)/example.com-$1/' .pem
	$ mv *privkey.pem /etc/ssl/private/
	$ mv *.pem /etc/ssl/

	Now, update your e.g. apache config like so:
	SSLEngine On
	SSLCertificateFile /etc/ssl/example.com-cert.pem
	SSLCertificateChainFile /etc/ssl/example.com-fullchain.pem
	SSLCertificateKeyFile /etc/ssl/private/example.com-privkey.pem
	MSG
	fi