Exercice for automate generate let's encrypt cartification what acme-client, OpenBSD and nginx

2025-11-20 23:27:48 +01:00 · 2025-11-20 23:27:48 +01:00 · e47ac322ec
commit e47ac322ec
parent 033866ee64
2 changed files with 37 additions and 11 deletions
--- a/add_domain_with_acme.sh
+++ b/add_domain_with_acme.sh
@ -1,5 +1,12 @@
 #!/bin/sh

+. ./myserver.conf
+
+
+check_ssl_folder()
+{
+    [ -d "$FOLDER_CONF/ssl" ] || mkdir -p "$FOLDER_CONF/ssl"
+}

 gen_nginx_acme_conf(){
    domain=$1
@ -26,12 +33,18 @@ EOF

 }

+
+# Generate part of acme client for the domain
 gen_acme_client_conf(){
    domain=$1
    alt_domain=$2
-    acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
+    acme_conf_file="$FOLDER_CONF/ssl/acme-client-$1.conf"
    # If the file exist, do nothing
-    [ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
+    if [ -f $acme_conf_file ]
+    then
+	echo "Domain already configured !";
+	exit 1;
+    fi

    if [ "$alt_domain" == "" ]; then
        cat >> $acme_conf_file <<EOF
@ -56,36 +69,39 @@ domain $domain {
 EOF
    fi

+    echo "on est passé dans gen_acme_client_conf "
 }

 add_acme_domain_to_conf(){
-    domain=$1
-    egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
+    domain="domain $1 {"
+    acme_conf="$FOLDER_CONF/ssl/acme-client-$1.conf"
+    sed "/$domain/,/}/d" /etc/acme-client.conf > /tmp/acme-client.conf
    cp -v /etc/acme-client.conf /etc/acme-client.conf.old
+    cat $acme_conf >> /tmp/acme-client.conf
    cp -v /tmp/acme-client.conf /etc/acme-client.conf
 }

 install_utils(){
-    cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
+
+    [ -f  /usr/local/bin/renew_https_certificate ] || cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
    chmod u+x /usr/local/bin/renew_https_certificate
 }

 get_certificate()
 {
    domain=$1
-    /usr/local/bin/renew_https_certificate $domain
+    /usr/local/bin/renew_https_certificate "$domain"
 }

 usage()
 {
-    print "This program ask 3 arguments : \n"
-    print "First is email with domain name the second is list of alternatives domains with \" \"  \n"
-    print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
+    print "This program ask 2 arguments : \n"
+    print "First is  domain name the second is list of alternatives domains with \" \"  \n"
    print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
 }


-if [ -z $1 ];
+if [ -z $1 ] || [ $1 == "-h" ] || [ $1 == "--help" ];
 then
    usage
    exit 3;
@ -94,4 +110,9 @@ fi
 domain=$1
 alt_domain=$2

-gen_nginx_acme_conf $domain
+check_ssl_folder
+gen_acme_client_conf $domain $alt_domain
+gen_nginx_acme_conf $domain $alt_domain
+add_acme_domain_to_conf $domain
+install_utils
+get_certificate $domain
--- a/myserver.conf
+++ b/myserver.conf
@ -2,10 +2,15 @@
 ## Par défault le domain est le nom d'hote de la machine mais il est possible de le personnaliser
 ## comme l'exemple ce-dessous
 # DOMAIN="example.com"
+
+FOLDER_CONF="./my_configuration"
 DOMAIN=`hostname`
 SSL="manual"
 SERVICE_MAIL="yes"
 SERVICE_XMPP="yes"
+
+
+
 xmpp_passphrase_for_filesuploads='Changez cette valeur'
 postresql_root_password='Changez cette valeur'
 # Laissez le port ssh par défault (22) est en général une mauvaise idée