-
Notifications
You must be signed in to change notification settings - Fork 9
/
GetSSL.sh
executable file
·196 lines (155 loc) · 4.74 KB
/
GetSSL.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
#!/bin/sh
# Created by: David Nahodyl, Blue Feather
# Contact: [email protected]
# Need help? We can set this up to run on your server for you! Send an email to
# [email protected] or give a call at (770) 765-6258
function usage() {
cat <<USAGE
WARNING! THIS SCRIPT WILL RESTART FILEMAKER SERVER!
Creates an SSL Certificate from the Let's Encrypt Certificate Authority (CA) to
encypt data in motion for FileMaker. Certbot requires that port 80 be forwarded
to your server.
Must be run as root.
Options:
-d | --domain Set the domain.
-e | --email Set the contact email.
-s | --server-path Set the path to the FileMaker Server directory.
--no-confirm Skip confirmation. Suggested for use in scripts.
-h, --help, --usage: Print this help message.
Domain:
--domain
Change the domain variable to the domain/subdomain for which you would like
an SSL Certificate
"fms.mycompany.com"
Email:
--email
Change the contact email address to your real email address so that Let's Encrypt
can contact you if there are any problems
Server Path:
--server-path
Enter the path to your FileMaker Server directory, ending in a slash
"/Library/FileMaker Server/"
USAGE
exit 1
}
# Set flags
echo
while [ "$1" != "" ]; do
case $1 in
-d | --domain)
shift
DOMAIN=$1
# echo "Using domain: $DOMAIN"
;;
-e | --email)
shift
EMAIL=$1
# echo "Email: $EMAIL"
;;
-s | --server-path)
shift
SERVER_PATH=$1
# echo "Server path: $SERVER_PATH"
;;
--no-confirm)
NOCONFIRM=true
;;
-h | --help | --usage)
usage
exit 1
;;
*)
printf "\033[1;31mError: Invalid option!\033[0m\n"
echo "Use --help for usage"
exit 1
;;
esac
shift
done
# Checks to see if script is running as root.
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
# Check to see if certbot is installed.
if ! type certbot > /dev/null;
then
printf "\033[1;31mError: Certbot could not be found\033[0m\n"
echo "Install Certbot https://certbot.eff.org"
exit 1
fi
# Check for arguements.
if [ "$DOMAIN" = "" ]; then
read -p "Set your domain: " DOMAIN
if [[ $DOMAIN == "" ]];
then printf "\033[1;31mError: Domain not specified. Must enter domain.\033[0m\n" && exit 1
fi
echo
fi
if [ "$EMAIL" = "" ]; then
read -p "Set your Email: " EMAIL
if [[ $EMAIL == "" ]];
then printf "\033[1;31mError: Email not specified. Must enter email.\033[0m\n" && exit 1
fi
echo
fi
if [ "$SERVER_PATH" = "" ]; then
read -p "Set your Server Path. Press 'enter' for default. ('/Library/FileMaker Server/'): " SERVER_PATH
SERVER_PATH=${SERVER_PATH:-"/Library/FileMaker Server/"}
if [[ $SERVER_PATH == "" ]];
then printf "\033[1;31mError: Server Path not specified. Must enter Server Path.\033[0m\n" && exit 1
fi
echo
fi
# Confirm arguements
if [[ $NOCONFIRM == "" ]];
then
while true; do
echo "Domain: $DOMAIN"
echo "Email: $EMAIL"
echo "Server Path: $SERVER_PATH"
echo
read -p "Is the above information correct? Y/n: " YN
case $YN in
[Yy]* )
echo "Continueing..."
break;;
[Nn]* )
echo "Stopping script..."
exit 1
break;;
* )
echo "Please answer yes or no.";;
esac
done
else
echo "Skipping Confirmation..."
fi
# testing e-brake
# exit
WEB_ROOT="${SERVER_PATH}HTTPServer/htdocs"
# Get the certificate
certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m "$EMAIL" --preferred-challenges "http" -n
cp "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" "${SERVER_PATH}CStore/fullchain.pem"
cp "/etc/letsencrypt/live/${DOMAIN}/privkey.pem" "${SERVER_PATH}CStore/privkey.pem"
chmod 640 "${SERVER_PATH}CStore/privkey.pem"
# Move an old certificate, if there is one, to prevent an error
FILE=${SERVER_PATH}CStore/serverKey.pem
if test -f "$FILE"; then
echo "$FILE exists. Moving to serverKey-old.pem to prevent an error."
mv "${SERVER_PATH}CStore/serverKey.pem" "${SERVER_PATH}CStore/serverKey-old.pem"
fi
# Remove the old certificate
fmsadmin certificate delete
# Install the certificate
fmsadmin certificate import "${SERVER_PATH}CStore/fullchain.pem" --keyfile "${SERVER_PATH}CStore/privkey.pem" -y
# Stop FileMaker Server
launchctl stop com.filemaker.fms
# Wait 15 seconds for it to stop
sleep 15s
# Start FileMaker Server again
launchctl start com.filemaker.fms
echo
echo "FileMaker Server should now be set to use TLS/SSL"
echo