-
Notifications
You must be signed in to change notification settings - Fork 73
/
setup-le.sh
executable file
·31 lines (24 loc) · 762 Bytes
/
setup-le.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/bash
set -o nounset -o errexit
FQDN=$(hostname -f)
WORKDIR=$(dirname "$(realpath $0)")
CERTS=("isrgrootx1.pem" "isrg-root-x2.pem" "lets-encrypt-r3.pem" "lets-encrypt-e1.pem" "lets-encrypt-r4.pem" "lets-encrypt-e2.pem")
sed -i "s/server.example.test/$FQDN/g" $WORKDIR/ipa-httpd.cnf
dnf install letsencrypt -y
if [ ! -d "/etc/ssl/$FQDN" ]
then
mkdir -p "/etc/ssl/$FQDN"
fi
for CERT in "${CERTS[@]}"
do
if command -v wget &> /dev/null
then
wget -O "/etc/ssl/$FQDN/$CERT" "https://letsencrypt.org/certs/$CERT"
elif command -v curl &> /dev/null
then
curl -o "/etc/ssl/$FQDN/$CERT" "https://letsencrypt.org/certs/$CERT"
fi
ipa-cacert-manage install "/etc/ssl/$FQDN/$CERT"
done
ipa-certupdate
"$WORKDIR/renew-le.sh" --first-time