Certificate Installer

1. #!/bin/bash
2. # ----------------------------------------------------------------------------
3. #    Code File: certinstall.sh
4. #    Author: Kalyan Mudumby
5. #    Date: 08 April 2025
6. #    Description:
7. #           Automate and streamline certificate updates for NGINX deployments.
8. #
9. #   Built with Love ❤️ by Kalyan Mudumby 🚀
10. # ----------------------------------------------------------------------------
11.  
12. set -euo pipefail
13.  
14. # Fetch the date in YYYY-MM-DD Format
15. DATE=$(date +%F)
16.  
17. # Fail if no domain value is passed
18. if [ -z "${1:-}" ]; then
19.     echo "Usage: $0 <domain>"
20.     exit 1
21. fi
22.  
23. DOMAIN=$1
24.  
25. # Configurable Paths
26. NGINX_CONF_DIR="/usr/local/nginx/conf"
27. NGINX_BACKUP_DIR="/usr/local/nginx/backup"
28. GEO_BACKUP_DIR="$HOME/geocerts/backup"
29. GEOCERTS_DIR="$HOME/geocerts"
30. GITLAB_BASE_URL=""
31.  
32. # Associative Arrays: domain -> snippet ID
33. declare -A CRT_SNIPPETS
34. declare -A KEY_SNIPPETS
35.  
36. # Define per-domain snippet IDs
37. CRT_SNIPPETS[thesmartice]=
38. KEY_SNIPPETS[thesmartice]=
39.  
40. CRT_SNIPPETS[thesmartcity311]=
41. KEY_SNIPPETS[thesmartcity311]=
42.  
43. CRT_SNIPPETS[ilhelpline]=
44. KEY_SNIPPETS[ilhelpline]=
45.  
46. CRT_SNIPPETS[mahelpline]=
47. KEY_SNIPPETS[mahelpline]=
48.  
49. CRT_SNIPPETS[vthelplink]=
50. KEY_SNIPPETS[vthelplink]=
51.  
52. CRT_SNIPPETS[orhelpline]=
53. KEY_SNIPPETS[orhelpline]=
54.  
55.  
56. # Utility Functions
57. log() {
58.     echo "[$(date '+%F %T')] $1"
59. }
60.  
61. backup() {
62.     log "Backing up existing NGINX config"
63.     sudo mkdir -p "$NGINX_BACKUP_DIR/${DOMAIN}_$DATE"
64.     sudo cp -r "$NGINX_CONF_DIR/"* "$NGINX_BACKUP_DIR/${DOMAIN}_$DATE"
65.  
66.     log "Backing up existing certificates to GEOCERTS folder"
67.     sudo mkdir -p "$GEO_BACKUP_DIR/$DATE"
68.     sudo mv "$NGINX_CONF_DIR/$DOMAIN.crt" "$GEO_BACKUP_DIR/${DOMAIN}_$DATE"
69.     sudo mv "$NGINX_CONF_DIR/$DOMAIN.key" "$GEO_BACKUP_DIR/${DOMAIN}_$DATE"
70. }
71.  
72. download_certificates() {
73.     CRT_ID=${CRT_SNIPPETS[$DOMAIN]:-}
74.     KEY_ID=${KEY_SNIPPETS[$DOMAIN]:-}
75.  
76.     if [ -z "$CRT_ID" ] || [ -z "$KEY_ID" ]; then
77.         echo "Missing snippet IDs for domain '$DOMAIN'"
78.         exit 1
79.     fi
80.  
81.     log "Downloading certificates for $DOMAIN from GitLab snippets"
82.     sudo mkdir -p "$GEOCERTS_DIR/$DOMAIN/"
83.     sudo wget "$GITLAB_BASE_URL/$KEY_ID/raw/main/$DOMAIN.key" -O "$GEOCERTS_DIR/$DOMAIN/$DOMAIN.key"
84.     sudo wget "$GITLAB_BASE_URL/$CRT_ID/raw/main/$DOMAIN.crt" -O "$GEOCERTS_DIR/$DOMAIN/$DOMAIN.crt"
85. }
86.  
87. validate_download() {
88.     log "Validating downloaded certificate files for $DOMAIN"
89.  
90.     local crt_path="$GEOCERTS_DIR/$DOMAIN/$DOMAIN.crt"
91.     local key_path="$GEOCERTS_DIR/$DOMAIN/$DOMAIN.key"
92.  
93.     if [ ! -f "$crt_path" ]; then
94.         echo "❌ Error: Missing downloaded file: $DOMAIN.crt"
95.         exit 1
96.     fi
97.  
98.     if [ ! -f "$key_path" ]; then
99.         echo "❌ Error: Missing downloaded file: $DOMAIN.key"
100.         exit 1
101.     fi
102. }
103.  
104. deploy_certificates() {
105.     log "Copying new certificates to NGINX config"
106.     sudo cp -r "$GEOCERTS_DIR/$DOMAIN/"* "$NGINX_CONF_DIR"
107.  
108.     log "Validating nginx config"
109.     sudo nginx -t
110.  
111.     log "Restarting nginx"
112.     sudo systemctl restart nginx.service
113.  
114.     log "Displaying certificate details:"
115.     openssl x509 -in "$NGINX_CONF_DIR/$DOMAIN.crt" -text -noout
116. }
117.  
118. log whoami
119. log pwd
120. backup
121. download_certificates
122. validate_download
123. deploy_certificates
124.