Development

How to create an interactive Bash script to generate SSL certificates with Let's Encrypt

Gabriele Romanato
By Gabriele Romanato Published: October 12, 2024
How to create an interactive Bash script to generate SSL certificates with Let's Encrypt

This article explains how to create an interactive Bash script to generate SSL certificates using Let's Encrypt.

Using SSL certificates is essential to secure web connections. Let's Encrypt offers free SSL certificates, and the process of obtaining them can be automated with Certbot. This article explains how to create an interactive Bash script to generate SSL certificates using Let's Encrypt.

Our goal is to create a script that:

  1. Prompts the user to enter their domain name.
  2. Generates an SSL certificate for the domain entered.
  3. Provides options for automatic renewal and web server configuration (e.g., Apache or Nginx).

#!/bin/bash

# Function to check if the previous command succeeded
check_success() {
  if [ $? -ne 0 ]; then
    echo "An error occurred. Check the logs for more details."
    exit 1
  fi
}


# Ask for domain name
read -p "Enter domain name (example: example.com): " DOMAIN

# Ask if user wants to setup Apache or Nginx
echo "Do you want to setup a web server?"
select webserver in "Apache" "Nginx" "None"; do
  case $webserver in
    Apache ) WEBSERVER="apache"; break;;
    Nginx ) WEBSERVER="nginx"; break;;
    None ) WEBSERVER="none"; break;;
  esac
done

# Check if Certbot is installed
echo "Checking Certbot installation..."
which certbot > /dev/null
check_success

# Generate SSL certificate
echo "Generating SSL certificate for domain $DOMAIN..."
if [ "$WEBSERVER" = "apache" ]; then
  sudo certbot --apache -d $DOMAIN
  check_success
elif [ "$WEBSERVER" = "nginx" ]; then
  sudo certbot --nginx -d $DOMAIN
  check_success
else
  sudo certbot certonly --standalone -d $DOMAIN
  check_success
fi

# Ask if user wants to configure automatic renewal
echo "Do you want to configure automatic renewal of certificates?"
select yn in "Yes" "No"; do
  case $yn in
  Yes )
    echo "Configuring automatic renewal..."
    (crontab -l 2>/dev/null; echo "0 3 * * * /usr/bin/certbot renew --quiet") | crontab -
    check_success
    echo "Auto-renewal configured successfully."
  break;;
  No )
    echo "Auto-renewal not configured."
  break;;
  esac
done

echo "SSL certificate for $DOMAIN was generated successfully!"

Script explanation:

  1. check_success() function: Verifies that the previous command was executed successfully. If there is an error, the script will abort.

  2. Interactivity: Use read to prompt for user input and select to present multiple options (such as choosing a web server or configuring renewal).

  3. Verifying Certbot installation: Use which to verify that Certbot is installed. Otherwise, the script reports an error and aborts.

  4. Generating SSL certificate: Runs Certbot with the appropriate option based on the chosen web server. If no web server is chosen, it uses the standalone option to generate the certificate.

  5. Setting up automatic renewal: Adds an entry to the crontab to renew certificates every day at 3:00 AM. The --quiet option prevents output unless errors occur.

Conclusion

The script presented here is a starting point for automating SSL certificate generation with Let's Encrypt. It can be further enhanced to handle other features, such as advanced Apache/Nginx configuration, support for multiple domains or subdomains, and sending email notifications in case of errors.

Using tools like Certbot simplifies the process of managing SSL certificates, ensuring secure connections and reducing the risk of errors in manual configuration.

Gabriele Romanato
Gabriele Romanato

Full Stack web developer with JavaScript, PHP, Python and Java. Creating apps and websites with Node.js, Laravel, Flask, Django, Spring Boot and React. Working online since 2008.