Exercice for automate generate let's encrypt cartification what acme-client, OpenBSD and nginx

add_domain_with_acme.sh

@@ -1,5 +1,12 @@
 #!/bin/sh
 
+. ./myserver.conf
+
+
+check_ssl_folder()
+{
+    [ -d "$FOLDER_CONF/ssl" ] || mkdir -p "$FOLDER_CONF/ssl"
+}
 
 gen_nginx_acme_conf(){
     domain=$1
@@ -26,12 +33,18 @@ EOF
 
 }
 
+
+# Generate part of acme client for the domain
 gen_acme_client_conf(){
     domain=$1
     alt_domain=$2
-    acme_conf_file="my_configuration/ssl/$domain-acme-client.conf"
+    acme_conf_file="$FOLDER_CONF/ssl/acme-client-$1.conf"
     # If the file exist, do nothing
-    [ ! -f $acme_conf_file ] || echo "Domain already configured !"; exit 1;
+    if [ -f $acme_conf_file ]
+    then
+	echo "Domain already configured !";
+	exit 1;
+    fi
 
     if [ "$alt_domain" == "" ]; then
         cat >> $acme_conf_file <<EOF
@@ -56,36 +69,39 @@ domain $domain {
 EOF
     fi
 
+    echo "on est passé dans gen_acme_client_conf "
 }
 
 add_acme_domain_to_conf(){
-    domain=$1
+    domain="domain $1 {"
-    egrep "domain $domain" -A5 /etc/acme-client.conf > /tmp/acme-client.conf
+    acme_conf="$FOLDER_CONF/ssl/acme-client-$1.conf"
+    sed "/$domain/,/}/d" /etc/acme-client.conf > /tmp/acme-client.conf
     cp -v /etc/acme-client.conf /etc/acme-client.conf.old
+    cat $acme_conf >> /tmp/acme-client.conf
     cp -v /tmp/acme-client.conf /etc/acme-client.conf
 }
 
 install_utils(){
-    cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
+
+    [ -f  /usr/local/bin/renew_https_certificate ] || cp -v utils/renew_https_certificate /usr/local/bin/renew_https_certificate
     chmod u+x /usr/local/bin/renew_https_certificate
 }
 
 get_certificate()
 {
     domain=$1
-    /usr/local/bin/renew_https_certificate $domain
+    /usr/local/bin/renew_https_certificate "$domain"
 }
 
 usage()
 {
-    print "This program ask 3 arguments : \n"
+    print "This program ask 2 arguments : \n"
-    print "First is email with domain name the second is list of alternatives domains with \" \"  \n"
+    print "First is  domain name the second is list of alternatives domains with \" \"  \n"
-    print "the last arguments is for share the ssl cert with xmpp daemon add xmpp at the end or not"
     print "\t $0 domain.tld \"a.domain.tld b.domain.tld c.domain.tld\""
 }
 
 
-if [ -z $1 ];
+if [ -z $1 ] || [ $1 == "-h" ] || [ $1 == "--help" ];
 then
     usage
     exit 3;
@@ -94,4 +110,9 @@ fi
 domain=$1
 alt_domain=$2
 
-gen_nginx_acme_conf $domain
+check_ssl_folder
+gen_acme_client_conf $domain $alt_domain
+gen_nginx_acme_conf $domain $alt_domain
+add_acme_domain_to_conf $domain
+install_utils
+get_certificate $domain

configure_mail_service.sh

@@ -15,7 +15,8 @@ gen_mails_service_configuration()
     sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/opensmtpd/smtpd.conf
     cp -v default_configuration/opensmtpd/spamd.conf.example my_configuration/opensmtpd/spamd.conf
     cp -v default_configuration/dovecot/dovecot.conf.example my_configuration/dovecot/dovecot.conf
-    cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/dovecot.conf
+    cp -v default_configuration/dovecot/local.conf.example my_configuration/dovecot/local.conf
+    sed -i "s/__DOMAIN__/$DOMAIN/g" my_configuration/dovecot/local.conf
 }
 
 gen_dkim_keys()
@@ -132,6 +133,6 @@ then
     gen_dkim_keys
     install_mails_services_configuration
     make_system_mails_services_requirements
-    rcctl enable redis
+    rcctl enable rspamd redis
-    rcctl start redis
+    rcctl start rspamd redis
     restart_mails_service

default_configuration/dovecot/local.conf.example

@@ -76,8 +76,8 @@ ssl_cipher_list = EECDH+AESGCM
 ssl_prefer_server_ciphers = yes
 #ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
 
-ssl_cert = </etc/ssl/kitoy.me.crt
+ssl_cert = </etc/ssl/__DOMAIN__.crt
-ssl_key = </etc/ssl/private/kitoy.me.key
+ssl_key = </etc/ssl/private/__DOMAIN__.key
 
 userdb {
     driver = static

myserver.conf

@@ -2,10 +2,15 @@
 ## Par défault le domain est le nom d'hote de la machine mais il est possible de le personnaliser
 ## comme l'exemple ce-dessous
 # DOMAIN="example.com"
+
+FOLDER_CONF="./my_configuration"
 DOMAIN=`hostname`
 SSL="manual"
 SERVICE_MAIL="yes"
 SERVICE_XMPP="yes"
+
+
+
 xmpp_passphrase_for_filesuploads='Changez cette valeur'
 postresql_root_password='Changez cette valeur'
 # Laissez le port ssh par défault (22) est en général une mauvaise idée