1.6 KiB
1.6 KiB
Overview
Script to automate management of letsencrypt SSL certificates, supporting wildcard certs.
Requirements
Features
- Generation and renewal of SSL certificates using certbot
- Handles DNS challenges
- Supports wildcard certificates
- Supports "silent master" DNS architectures
- Pushes generated/renewed certificates out to web servers
Usage
# Generate configuration and scripts in ~/.lehook/
bash$ ./lehook.sh -i
Creating config in /Users/rob/.lehook...
Creating hardlinks in /Users/rob/.lehook...
Init complete. Files are in /Users/rob/.lehook.
Main binary in /usr/local/bin/lehook.sh.
# Usage
bash$ ./lehook.sh -h
usage: ./lehook.sh OPTIONS mode [domain1] ... [domainX]
Pushes wildcard SSL certs for the given domains to hosts [default: example.net].
mode is one of: deploy|renew|generate|test
-c Cron mode - only output if something is done.
-f Push out certs even if they haven't changed.
-i Iniitalise new config file in /Users/rpearce/.lehook/config
-r remotes Only push certs to the given remotes [default: webserver1 webserver2.example.org webserver3.example.net]
-s services Only restart the given services [default: nginx httpd ngircd dovecot postfix]
-d domain Only push cert for given domain [default: example.net].
-q Quiet mode - no output except errors
-v Verbose mode - show certbot output
-h Show this text.