diff --git a/generate-certs.sh b/generate-certs.sh index 69c4f2f..8918159 100755 --- a/generate-certs.sh +++ b/generate-certs.sh @@ -1,19 +1,26 @@ #!/bin/bash #CONFIG: + +#using dry_run, certificates are not actually generated, instead it will only do test run. +#Remember that if you build certificates (dry_run=false) then don't keep on doing it in short interval (more than 5in a day), as otherwise certbot might apply rate limits on further usages. dry_run=true -cloudflare_token='' #Create it from Cloudflare, and limit it the DNZ zone of your domain. +#Create it from Cloudflare, and limit it the DNZ zone of your domain. +cloudflare_token='' -live_certs_dir="certs/live/test.com"; #Script will check this directory for empty, to determine to create or renew ssl certificates. +#Script will check this directory for empty, to determine to create or renew ssl certificates. +live_certs_dir="certs/live/test.com"; #-d test.com, -d *.test.com means certificate for: test.com and it's wildcard subdomains. #Only 1 certificate will be generated, regardless of number of subdomains provided here. new_ssl_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare certonly #dry_run_arg# --dns-cloudflare --dns-cloudflare-credentials /certbot-cloudflare -d test.com -d \*.test.com --preferred-challenges dns-01 --preferred-chain 'ISRG Root X1' --non-interactive --dns-cloudflare-propagation-seconds 20 --agree-tos --email w3goodies.com@gmail.com"; +#domains cant be changed in renewal. If you want to change, then clear certs/* folder and regenerate certificates. renew_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare renew #dry_run_arg# --non-interactive --agree-tos --email w3goodies.com@gmail.com --no-random-sleep-on-renew" -post_hook="docker-compose restart nginx" #posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time). +#posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time). +post_hook="docker-compose restart nginx" #END CONFIG