init

scripts/cert.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+set -e
+
+eval $(egrep '^HOST' .env | xargs)
+eval $(egrep '^CERT_PATH' .env | xargs)
+
+echo "Domain: ${HOST}"
+echo "Cert Path: ${CERT_PATH}"
+
+if [ -f certs/cert.crt ] || [ -f certs/cert.key ] || [ -f certs/cert.pem ]; then
+  echo -e "cert already exists in certs directory\nDo you want to overwrite the files? [y]es/[n]o"
+  read -r ANSWER
+  echo
+  if [[ "$ANSWER" =~ ^[Yy](es)?$ ]] ; then
+    echo "Creating Cert"
+  else
+    exit 1
+  fi
+fi
+
+./scripts/requests.sh
+
+openssl genrsa -out $CERT_PATH/cert.key
+openssl req -new -key $CERT_PATH/cert.key -out $CERT_PATH/cert.csr -config $CERT_PATH/csr.conf
+openssl x509 -req -days 365 -in $CERT_PATH/cert.csr -signkey $CERT_PATH/cert.key -out $CERT_PATH/cert.crt -extensions req_ext -extfile $CERT_PATH/csr.conf
+
+sudo cp $CERT_PATH/cert.crt /usr/local/share/ca-certificates/cert.crt
+sudo rm -f /usr/local/share/ca-certificates/certificate.crt
+# --fresh is needed to remove symlinks to no-longer-present certificates
+sudo update-ca-certificates --fresh