Bez popisu
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

home_deploy_ssl-self-signed.sh.j2 1.3KB

1234567891011121314151617181920212223242526272829303132333435
  1. #!/bin/bash
  2. echo generating CA key
  3. openssl genrsa -out /etc/letsencrypt/rootCA.key 4096
  4. echo generating CA certificate
  5. openssl req -x509 -new -nodes -sha256 -days 7300 \
  6. -key /etc/letsencrypt/rootCA.key \
  7. -subj "/C=DE/ST=BW/O={{ domain }}/CN={{ domain }}" \
  8. -out /etc/letsencrypt/rootCA.crt
  9. echo generating server key
  10. openssl genrsa -out /etc/letsencrypt/{{ domain }}.key 2048
  11. echo generating signing request
  12. openssl req -new -sha256 \
  13. -key /etc/letsencrypt/{{ domain }}.key \
  14. -subj "/C=DE/ST=BW/O={{ domain }}/CN=*.{{ domain }}" \
  15. -out /etc/letsencrypt/{{ domain }}.csr
  16. echo generating server certificate
  17. openssl x509 -req -CAcreateserial -days 7300 -sha256 \
  18. -in /etc/letsencrypt/{{ domain }}.csr \
  19. -CA /etc/letsencrypt/rootCA.crt \
  20. -CAkey /etc/letsencrypt/rootCA.key \
  21. -out /etc/letsencrypt/{{ domain }}.crt
  22. echo copy to proper locations
  23. cp /etc/letsencrypt/{{ domain }}.key /etc/letsencrypt/live/{{ domain }}/privkey.pem
  24. cp /etc/letsencrypt/rootCA.crt /etc/letsencrypt/live/{{ domain }}/chain.pem
  25. cp /etc/letsencrypt/{{ domain }}.crt /etc/letsencrypt/live/{{ domain }}/cert.pem
  26. echo generate full chain certificate
  27. cat /etc/letsencrypt/live/{{ domain }}/cert.pem > /etc/letsencrypt/live/{{ domain }}/fullchain.pem
  28. cat /etc/letsencrypt/live/{{ domain }}/chain.pem >> /etc/letsencrypt/live/{{ domain }}/fullchain.pem