From 77cc82b0222bcf199700ddc944f276199e882855 Mon Sep 17 00:00:00 2001
From: Sven Liebert <mail@sven-liebert.de>
Date: Thu, 12 Sep 2024 11:26:17 +0200
Subject: [PATCH] Add script for generating ssl certificates

---
 create_certificate | 79 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)
 create mode 100755 create_certificate

diff --git a/create_certificate b/create_certificate
new file mode 100755
index 0000000..069e12d
--- /dev/null
+++ b/create_certificate
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+echo "This is the WendzelNNTPd script for generating SSL certificates"
+echo
+
+mkdir -p /usr/local/etc/ssl
+
+if [ "$USER" != "root" ]; then
+    echo "Run this script with root privileges!"
+    exit
+fi
+
+while [ $# -gt 0 ]; do
+    if [[ $1 == "--"* ]]; then
+        v="${1/--/}"
+        declare "$v"="$2"
+        shift
+    fi
+    shift
+done
+
+if [[ -z $environment || "$environment" = "local" ]]; then
+    echo "Environment is set to local. Certificates for local use are generated now..."
+    echo 
+
+    openssl req \
+        -x509 \
+        -new \
+        -newkey rsa:2048 \
+        -days 3650 \
+        -nodes \
+        -extensions v3_ca \
+        -subj "/C=DE/ST=Hagen/O=Test-Cert Inc." \
+        -keyout "/usr/local/etc/ssl/ca-key.pem" \
+        -out "/usr/local/etc/ssl/ca.crt"
+
+    openssl genrsa -out "/usr/local/etc/ssl/server.key" 2048
+    openssl req \
+        -new -key "/usr/local/etc/ssl/server.key" \
+        -out "/usr/local/etc/ssl/server.csr" \
+        -config "./docker/openssl/openssl.cnf"
+
+    openssl x509 \
+        -req \
+        -days 365 \
+        -in "/usr/local/etc/ssl/server.csr" \
+        -CA "/usr/local/etc/ssl/ca.crt" \
+        -CAkey "/usr/local/etc/ssl/ca-key.pem" \
+        -CAcreateserial \
+        -extensions v3_req \
+        -extfile "./docker/openssl/openssl.cnf" \
+        -out "/usr/local/etc/ssl/server.crt"
+
+    echo "Finished ..."
+    echo "You can find certificate at: /usr/local/etc/ssl/server.crt, key: /usr/local/etc/ssl/server.crt, CA certificate: /usr/local/etc/ssl/ca.crt"
+    echo
+elif [ "$environment" = "letsencrypt" ]; then
+    echo "Environment is set to local. Certificates are generated now via LetsEncrypt certbot..."
+    echo "Check if certbot is installed..."
+    certbot --version  || exit
+
+    if [ -z $email ]; then
+        echo "You have to add an email with --email parameter"
+        exit
+    fi
+
+    if [ -z $domain ]; then
+        echo "You have to add the domain where running this script with --domain parameter"
+        exit
+    fi
+
+    echo "Generating certificates..."
+    certbot certonly --standalone -n --agree-tos --email $email --domains $domain
+
+else
+    echo "Unknown environment for script generation provided..."
+    echo "Stopping script."
+    echo
+fi
\ No newline at end of file