#!/bin/bash # Initialize Let's Encrypt SSL certificates with Certbot # This improved version handles the chicken-and-egg problem with SSL files set -e # Bold text function bold() { echo -e "\033[1m$1\033[0m" } # Print section header header() { echo bold "=== $1 ===" } # Check requirements header "Checking requirements" if ! [ -x "$(command -v docker-compose)" ]; then echo 'Error: docker-compose is not installed.' >&2 exit 1 fi # Default domain and email settings domains=${DOMAIN:-} email=${EMAIL:-} staging=${STAGING:-0} # Set to 1 if you're testing your setup # Ask for domain if not provided if [ -z "$domains" ]; then read -p "Enter your domain name (e.g., gametracker.example.com): " domains fi # Ask for email if not provided if [ -z "$email" ]; then read -p "Enter your email (for Let's Encrypt notifications): " email fi header "Setting up SSL for domain: $domains" # Create required directories mkdir -p ./data/certbot/conf mkdir -p ./data/certbot/www mkdir -p ./nginx # Create dummy certificates to bootstrap nginx echo "Creating dummy certificates..." rsa_key_size=4096 dummy_cert_path="./data/certbot/conf/live/$domains" # Make sure the directory is empty and exists rm -rf "$dummy_cert_path" mkdir -p "$dummy_cert_path" # Generate dummy certificates openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1 \ -keyout "$dummy_cert_path/privkey.pem" \ -out "$dummy_cert_path/fullchain.pem" \ -subj "/CN=localhost" # Create required files for Nginx echo "Creating required SSL configurations..." # Create options-ssl-nginx.conf cat > ./data/certbot/conf/options-ssl-nginx.conf << EOF ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; EOF # Create ssl-dhparams.pem cat > ./data/certbot/conf/ssl-dhparams.pem << EOF -----BEGIN DH PARAMETERS----- MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz +8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a 87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi 7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== -----END DH PARAMETERS----- EOF # Generate Nginx config using template header "Configuring Nginx" echo "Generating Nginx configuration..." export DOMAIN_NAME=$domains envsubst < ./nginx/app.conf.template > ./nginx/app.conf # Stop any existing services echo "Stopping any existing services..." docker-compose down header "Starting services with dummy certificates" # Start services with dummy certificates echo "Starting Nginx and web containers..." docker-compose up --force-recreate -d # Give Nginx time to start echo "Waiting for Nginx to start..." sleep 5 # Check if Nginx is running docker-compose ps nginx | grep Up if [ $? -ne 0 ]; then echo "Nginx failed to start! Checking logs:" docker-compose logs nginx exit 1 fi header "Obtaining real certificates from Let's Encrypt" # Prepare staging argument for Certbot staging_arg="" if [ "$staging" = 1 ]; then staging_arg="--staging" echo "Running in staging mode (test certificates)" fi # Get real certificates domain_args="-d $domains" echo "Requesting certificates for: $domains" docker-compose run --rm --entrypoint "\ certbot certonly --webroot -w /var/www/certbot \ $staging_arg \ --email $email \ --agree-tos \ --no-eff-email \ --force-renewal \ $domain_args" certbot # Check if certificates were obtained successfully if [ ! -d "./data/certbot/conf/live/$domains" ]; then echo "Certificate issuance failed! Check logs above." exit 1 fi # Reload Nginx to use the new certificates echo "Reloading Nginx to use new certificates..." docker-compose exec nginx nginx -s reload header "HTTPS Setup Completed Successfully!" echo "Your app is now available at: https://$domains" echo "" echo "The certificates will auto-renew every 90 days." echo "To view logs: docker-compose logs -f" echo "To stop the server: docker-compose down"