# SSL Certificate Setup Script for VPS Deployment (PowerShell) # This script helps set up SSL certificates for your nginx configuration param( [string]$Domain = "candivista.com", [string]$Email = "your-email@example.com" ) $ErrorActionPreference = "Stop" $NginxConfDir = ".\nginx" $SslDir = ".\nginx\ssl" Write-Host "Setting up SSL certificates for $Domain" -ForegroundColor Green # Create SSL directory if it doesn't exist if (!(Test-Path $SslDir)) { New-Item -ItemType Directory -Path $SslDir -Force } # Check if we have a domain name or just IP if ($Domain -match '^\d+\.\d+\.\d+\.\d+$') { Write-Host "IP address detected: $Domain" -ForegroundColor Yellow Write-Host "For IP addresses, you'll need to use self-signed certificates or a service like Cloudflare" -ForegroundColor Yellow Write-Host "Generating self-signed certificate..." -ForegroundColor Yellow # Check if OpenSSL is available try { $opensslVersion = & openssl version 2>$null if ($LASTEXITCODE -ne 0) { throw "OpenSSL not found" } } catch { Write-Host "OpenSSL not found. Please install OpenSSL or use WSL/Linux subsystem." -ForegroundColor Red Write-Host "Alternative: Use Cloudflare for SSL termination" -ForegroundColor Yellow exit 1 } # Generate self-signed certificate & openssl req -x509 -nodes -days 365 -newkey rsa:2048 ` -keyout "$SslDir\key.pem" ` -out "$SslDir\cert.pem" ` -subj "/C=US/ST=State/L=City/O=Organization/CN=$Domain" if ($LASTEXITCODE -eq 0) { Write-Host "Self-signed certificate generated successfully!" -ForegroundColor Green Write-Host "Note: Browsers will show a security warning for self-signed certificates." -ForegroundColor Yellow Write-Host "For production, consider using Cloudflare or a domain name with Let's Encrypt." -ForegroundColor Yellow } else { Write-Host "Failed to generate self-signed certificate" -ForegroundColor Red exit 1 } } else { Write-Host "Domain name detected: $Domain" -ForegroundColor Green Write-Host "Setting up Let's Encrypt certificate..." -ForegroundColor Green # Check if certbot is available try { $certbotVersion = & certbot --version 2>$null if ($LASTEXITCODE -ne 0) { throw "Certbot not found" } } catch { Write-Host "Certbot not found. Please install certbot first:" -ForegroundColor Red Write-Host " Windows: Use WSL or install via pip" -ForegroundColor Yellow Write-Host " Linux: sudo apt-get install certbot" -ForegroundColor Yellow Write-Host " macOS: brew install certbot" -ForegroundColor Yellow exit 1 } # Create webroot directory for Let's Encrypt challenge $webrootDir = "$SslDir\webroot\.well-known\acme-challenge" if (!(Test-Path $webrootDir)) { New-Item -ItemType Directory -Path $webrootDir -Force } # Get certificate & certbot certonly --webroot ` -w "$SslDir\webroot" ` -d $Domain ` --email $Email ` --agree-tos ` --non-interactive if ($LASTEXITCODE -eq 0) { # Copy certificates to our SSL directory Copy-Item "/etc/letsencrypt/live/$Domain/fullchain.pem" "$SslDir\cert.pem" Copy-Item "/etc/letsencrypt/live/$Domain/privkey.pem" "$SslDir\key.pem" Write-Host "Let's Encrypt certificate installed successfully!" -ForegroundColor Green # Create renewal script $renewScript = @" #!/bin/bash certbot renew --quiet docker-compose restart nginx "@ $renewScript | Out-File -FilePath "$SslDir\renew.sh" -Encoding UTF8 Write-Host "Auto-renewal script created!" -ForegroundColor Green } else { Write-Host "Failed to obtain Let's Encrypt certificate" -ForegroundColor Red exit 1 } } Write-Host "SSL setup complete!" -ForegroundColor Green Write-Host "Certificate: $SslDir\cert.pem" -ForegroundColor Cyan Write-Host "Private key: $SslDir\key.pem" -ForegroundColor Cyan Write-Host "" Write-Host "Next steps:" -ForegroundColor Yellow Write-Host "1. Update your .env file with production values" -ForegroundColor White Write-Host "2. Run: docker-compose -f docker-compose.yml --env-file env.production up -d" -ForegroundColor White Write-Host "3. Test your setup: https://$Domain" -ForegroundColor White