Commit b6155093 authored by Dmytro Bogatov's avatar Dmytro Bogatov 💕

Update to wildcard certs.

parent cd67b090
#!/usr/bin/env bash
set -e
shopt -s globstar
usage () {
printf "usage: ./$0 <certDirPath>\n"
printf "where\n"
printf "\t certDirPath - absolute path to directory with SSL cert (certificate.crt) and key (certificate.key) file\n"
exit 1;
}
if ! [ $# -eq 1 ]
then
usage
fi
CERTDIRPATH=$1
NAMESPACES=("websites" "monitoring" "ingress" "status-site" "kube-system")
for namespace in ${NAMESPACES[@]}
do
kubectl delete --namespace=$namespace secret lets-encrypt || true
kubectl create --namespace=$namespace secret tls lets-encrypt --key $CERTDIRPATH/certificate.key --cert $CERTDIRPATH/certificate.crt || true
done
echo "Done."
......@@ -11,3 +11,5 @@ CWD=$(pwd)
source ./.secret.sh
curl -s -X PUT -d "$CERTBOT_VALIDATION" --user $EMAIL:$PASSWORD https://box.dbogatov.org/admin/dns/custom/_acme-challenge.$CERTBOT_DOMAIN/TXT
sleep 2
#!/usr/bin/env bash
set -e
shopt -s globstar
usage () {
printf "usage: ./$0 <certDirPath> <certName>\n"
printf "where\n"
printf "\t certDirPath - absolute path to directory with SSL cert (certificate.crt) and key (certificate.key) file\n"
printf "\t certName - xxx part of /etc/letsencrypt/live/xxx/fullchain.pem\n"
exit 1;
}
if ! [ $# -eq 2 ]
then
usage
fi
CERTDIRPATH=$1
CERTNAME=$2
cp /etc/letsencrypt/live/$CERTNAME/fullchain.pem $CERTDIRPATH/certificate.crt
cp /etc/letsencrypt/live/$CERTNAME/privkey.pem $CERTDIRPATH/certificate.key
echo "Done."
......@@ -3,57 +3,21 @@
declare -A DOMAINS
DOMAINS["dbogatov.org"]=true
DOMAINS["status.dbogatov.org"]=false
DOMAINS["blog.dbogatov.org"]=false
DOMAINS["legacy.dbogatov.org"]=false
DOMAINS["push.dbogatov.org"]=false
DOMAINS["socialimps.dbogatov.org"]=false
DOMAINS["mail.dbogatov.org"]=false
DOMAINS["dns.dbogatov.org"]=false
DOMAINS["vpn.dbogatov.org"]=false
DOMAINS["apt.dbogatov.org"]=false
DOMAINS["dashboard.dbogatov.org"]=false
DOMAINS["cluster.dbogatov.org"]=false
DOMAINS["grafana.dbogatov.org"]=false
DOMAINS["git.dbogatov.org"]=false
DOMAINS["pages.dbogatov.org"]=false
DOMAINS["webcam.dbogatov.org"]=false
DOMAINS["mattermost.dbogatov.org"]=false
DOMAINS["minecraft.dbogatov.org"]=false
DOMAINS["ci.dbogatov.org"]=false
DOMAINS["registry.dbogatov.org"]=false
DOMAINS["cluster.dbogatov.org"]=true
DOMAINS["bogatov.kiev.ua"]=true
DOMAINS["blog.bogatov.kiev.ua"]=false
DOMAINS["visasupport.com.ua"]=true
DOMAINS["zima.visasupport.com.ua"]=false
DOMAINS["visasupport.kiev.ua"]=true
DOMAINS["eu.visasupport.kiev.ua"]=false
DOMAINS["lp.visasupport.kiev.ua"]=false
DOMAINS["darinagulley.com"]=true
DOMAINS["moon-travel.com.ua"]=true
DOMAINS["nigmatullina.org"]=true
DOMAINS["photobarrat.com"]=true
DOMAINS["res-public.net"]=true
DOMAINS["shevastream.com"]=true
DOMAINS["travelus.com.ua"]=true
DOMAINS["veles-russia.com"]=true
DOMAINS["visajapan.com.ua"]=true
DOMAINS["vleskniga.com"]=true
DOMAINS["votings.net"]=true
get-domains () {
......@@ -62,14 +26,7 @@ get-domains () {
for domain in "${!DOMAINS[@]}"
do
OUTPUT+="$domain,"
if [ "${DOMAINS[${domain}]}" = true ] ; then
OUTPUT+="www.$domain,"
fi
OUTPUT+="${domain//./-}.cluster.dbogatov.org,"
OUTPUT+="$domain,*.$domain,"
done
echo ${OUTPUT%?}
......
......@@ -14,7 +14,9 @@ REQDOMAINS=$(get-domains)
certbot certonly \
\
--text --agree-tos --email dmytro@dbogatov.org \
--server https://acme-v02.api.letsencrypt.org/directory \
\
-n --text --agree-tos --email dmytro@dbogatov.org \
--expand --renew-by-default \
--manual-public-ip-logging-ok \
\
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment