Page Menu
Home
Miraheze
Search
Configure Global Search
Log In
Paste
P144
(An Untitled Masterwork)
Active
Public
Actions
Authored by
Paladox
on Nov 24 2018, 00:06.
Edit Paste
Archive Paste
View Raw File
Subscribe
Mute Notifications
Flag For Later
Award Token
Tags
None
Referenced Files
F868561:
Nov 24 2018, 00:06
2018-11-24 00:06:05 (UTC+0)
Subscribers
None
#!/usr/bin/python3 -u
# Generate an SSL certificate (LetsEncrypt) with a CSR and private key.
#
# John Lewis
# Paladox
import
argparse
import
os
# construct the argument parse and parse the arguments
ap
=
argparse
.
ArgumentParser
()
ap
.
add_argument
(
"-c"
,
"--csr"
,
required
=
False
,
help
=
"generates a csr"
)
ap
.
add_argument
(
"-d"
,
"--domain"
,
required
=
True
,
help
=
"name of domain"
)
ap
.
add_argument
(
"-g"
,
"--generate"
,
required
=
False
,
help
=
"generates LetsEncrypt SSL Certificate"
)
ap
.
add_argument
(
"-r"
,
"--renew"
,
required
=
False
,
help
=
"renews LetsEncrypt SSL Certificate"
)
ap
.
add_argument
(
"-s"
,
"--secondary"
,
required
=
False
,
help
=
"allows you to add other domains to the same cert, eg www.<domain>"
)
ap
.
add_argument
(
"-w"
,
"--wildcard"
,
required
=
False
,
help
=
"auths against DNS supporting wildcards"
)
args
=
vars
(
ap
.
parse_args
())
domain
=
args
[
'domain'
]
if
args
[
'secondary'
]:
secondary_domain
=
" -d "
+
args
[
'secondary'
]
else
:
secondary_domain
=
""
if
args
[
"csr"
]:
secondary_domain
=
secondary_domain
.
replace
(
" -d "
,
""
)
# Generate the private key
os
.
system
(
"openssl genrsa 2048 > /root/ssl/
{}
.key"
.
format
(
domain
))
print
(
"Private key generated at: /root/ssl/
{}
.key"
.
format
(
domain
))
# Generate the CSR
os
.
system
(
"openssl req -new -sha256 -key /root/ssl/
{0}
.key -subj
\"
/C=NL/ST=Netherlands/L=Netherlands/O=Miraheze/CN=
{0}
\"
-reqexts SAN -config <(cat /etc/ssl/openssl.cnf <(printf
\"
[SAN]
\n
subjectAltName=DNS:
{0}{1}
\"
)) > /root/ssl/
{0}
.csr"
.
format
(
domain
,
secondary_domain
))
print
(
"CSR generated at: /root/ssl/
{0}
.csr"
.
format
(
domain
))
print
(
"Not generating an SSL certificate. Use CSR below to send to the requestor"
)
os
.
system
(
"cat /root/ssl/
{0}
.csr"
.
format
(
domain
))
if
args
[
"generate"
]
and
not
args
[
"renew"
]:
if
args
[
"wildcard"
]:
print
(
"Generating SSL certificate with LetsEncrypt"
)
os
.
system
(
"/usr/bin/certbot certonly --manual --preferred-challenges dns-01 -d
{0}
{1}
"
.
format
(
domain
,
secondary_domain
))
print
(
"LetsEncrypt certificate at: /etc/letsencrypt/live/
{0}
/fullchain.pem"
.
format
(
domain
))
else
:
print
(
"Generating Wildcard SSL certificate with LetsEncrypt"
)
os
.
system
(
"/usr/bin/certbot -q --noninteractive certonly -d
{0}
{1}
"
.
format
(
domain
,
secondary_domain
))
print
(
"LetsEncrypt certificate at: /etc/letsencrypt/live/
{0}
/fullchain.pem"
.
format
(
domain
))
os
.
system
(
"cat /etc/letsencrypt/live/
{0}
/fullchain.pem"
.
format
(
domain
))
elif
not
args
[
"generate"
]
and
args
[
"renew"
]:
# note that if you do *.domain.org then the cert name is domain.org
print
(
"Re-generating a new SSL cert for
{0}
"
.
format
(
domain
))
os
.
system
(
"/usr/bin/certbot renew --cert-name
{0}
--force-renewal --expand"
.
format
(
domain
))
print
(
"LetsEncrypt certificate at: /etc/letsencrypt/live/
{0}
/fullchain.pem"
.
format
(
domain
))
Event Timeline
Paladox
created this paste.
Nov 24 2018, 00:06
2018-11-24 00:06:05 (UTC+0)
Log In to Comment