From 35f620ef31efe83b6f3d552ec5af4a62a5d88f58 Mon Sep 17 00:00:00 2001
From: Nick Leffler <nicholasleffler@gmail.com>
Date: Wed, 22 Jan 2020 23:32:14 -0500
Subject: [PATCH] added the start of certbot fun

---
 deploy.sh | 49 ++++++++++++++++++++++++++++++-------------------
 1 file changed, 30 insertions(+), 19 deletions(-)

diff --git a/deploy.sh b/deploy.sh
index 8aacdad..7397b64 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -6,25 +6,25 @@
 # 20190930 v1
 
 ##### EDIT HERE ####
-#siteName="_"
-#siteTitle="TEST"
-#adminEmail="test@test.com"
-#siteURL="test.url.com"
-#siteProto="http://"
+# acme.sh location
+acmebin="/root/.acme.sh/acme.sh"
 
+# httpd server user
 wwwUser="nginx"
+
 #### DON"T TOUCH BELOW HERE ####
 
 get_info () {
 read -p "Enter Site Name: " siteName
 read -p "Enter Site Title: " siteTitle
-read -p "If SSL type ssl otherwise don't: " siteProtoIn
+read -p "SSL [Y/n]: " siteProtoIn
+read -p "Certbot ready?: cbReady
 read -p "Enter Site URL: " siteURL
 read -p "Enter WPAdmin email: " adminEmail
 
-if [[ $siteProtoIn == "ssl" ]]; then
-	siteProto="https://"
-	ssl=1
+if [[ $siteProtoIn == "n" ]]; then
+	siteProto="http://"
+	ssl=0
 fi
 
 fullURL="${siteProto}${siteURL}"
@@ -34,15 +34,25 @@ genSSL () {
 mkdir -p "/etc/nginx/ssl/${siteURL}/" || exit
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/${siteURL}/key -out /etc/nginx/ssl/${siteURL}/crt \
     -subj "/C=TT/ST=TT/L=TT/O=TEMP/OU=TEMP/CN=$siteURL/emailAddress=TEMP"
+
+sslCert="/etc/nginx/ssl/${siteURL}/crt"
+sslKey="/etc/nginx/ssl/${siteURL}/key"
+}
+
+acmeSSL () {
+	"${acmebin}" --issue --dns dns_cf -d "${siteURL}" --reloadcmd "systemctl reload nginx" --force
+
+	sslCert="/root/.acme.sh/${siteURL}/fullchain.cer"
+	sslKey="/root/.acme.sh/${siteURL}/${siteURL}.key"
 }
 
 create_wp_db () {
-siteNoP=$(echo "${siteURL}" | sed 's/\.//g')
-# create wordpress user with passwd
-wpasswd=$(openssl rand 39 -base64 | cut -c1-37)
-wpapasswd=$(openssl rand 39 -base64 | cut -c1-37)
-mysql -e "create database ${siteNoP}"
-mysql -e "grant all on ${siteNoP}.* to ${siteNoP}@localhost identified by '${wpasswd}'"
+	siteNoP=$(echo "${siteURL}" | sed 's/\.//g')
+	# create wordpress user with passwd
+	wpasswd=$(openssl rand 39 -base64 | cut -c1-37)
+	wpapasswd=$(openssl rand 39 -base64 | cut -c1-37)
+	mysql -e "create database ${siteNoP}"
+	mysql -e "grant all on ${siteNoP}.* to ${siteNoP}@localhost identified by '${wpasswd}'"
 }
 
 vHostHTTP () {
@@ -158,8 +168,9 @@ server {
         fastcgi_param   SCRIPT_FILENAME    \$document_root\$fastcgi_script_name;
         fastcgi_param   SCRIPT_NAME        \$fastcgi_script_name;
     }
-    ssl_certificate /etc/nginx/ssl/${siteURL}/crt;
-    ssl_certificate_key /etc/nginx/ssl/${siteURL}/key;
+
+    ssl_certificate "${sslCert}";
+    ssl_certificate_key "${sslKey}";
 
     ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK";
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
@@ -191,8 +202,8 @@ fi
 ########################################################################
 
 # set defaults
-siteProto="http://"
-ssl=0
+siteProto="https://"
+ssl=1
 
 # get mdata
 get_info