# SSL Certificate Setup Script for VPS Deployment (PowerShell)
# This script helps set up SSL certificates for your nginx configuration
param(
[string]$Domain = "candivista.com",
[string]$Email = "your-email@example.com"
)
$ErrorActionPreference = "Stop"
$NginxConfDir = ".\nginx"
$SslDir = ".\nginx\ssl"
Write-Host "Setting up SSL certificates for $Domain" -ForegroundColor Green
# Create SSL directory if it doesn't exist
if (!(Test-Path $SslDir)) {
New-Item -ItemType Directory -Path $SslDir -Force
}
# Check if we have a domain name or just IP
if ($Domain -match '^\d+\.\d+\.\d+\.\d+$') {
Write-Host "IP address detected: $Domain" -ForegroundColor Yellow
Write-Host "For IP addresses, you'll need to use self-signed certificates or a service like Cloudflare" -ForegroundColor Yellow
Write-Host "Generating self-signed certificate..." -ForegroundColor Yellow
# Check if OpenSSL is available
try {
$opensslVersion = & openssl version 2>$null
if ($LASTEXITCODE -ne 0) {
throw "OpenSSL not found"
}
}
catch {
Write-Host "OpenSSL not found. Please install OpenSSL or use WSL/Linux subsystem." -ForegroundColor Red
Write-Host "Alternative: Use Cloudflare for SSL termination" -ForegroundColor Yellow
exit 1
}
# Generate self-signed certificate
& openssl req -x509 -nodes -days 365 -newkey rsa:2048 `
-keyout "$SslDir\key.pem" `
-out "$SslDir\cert.pem" `
-subj "/C=US/ST=State/L=City/O=Organization/CN=$Domain"
if ($LASTEXITCODE -eq 0) {
Write-Host "Self-signed certificate generated successfully!" -ForegroundColor Green
Write-Host "Note: Browsers will show a security warning for self-signed certificates." -ForegroundColor Yellow
Write-Host "For production, consider using Cloudflare or a domain name with Let's Encrypt." -ForegroundColor Yellow
} else {
Write-Host "Failed to generate self-signed certificate" -ForegroundColor Red
exit 1
}
} else {
Write-Host "Domain name detected: $Domain" -ForegroundColor Green
Write-Host "Setting up Let's Encrypt certificate..." -ForegroundColor Green
# Check if certbot is available
try {
$certbotVersion = & certbot --version 2>$null
if ($LASTEXITCODE -ne 0) {
throw "Certbot not found"
}
}
catch {
Write-Host "Certbot not found. Please install certbot first:" -ForegroundColor Red
Write-Host " Windows: Use WSL or install via pip" -ForegroundColor Yellow
Write-Host " Linux: sudo apt-get install certbot" -ForegroundColor Yellow
Write-Host " macOS: brew install certbot" -ForegroundColor Yellow
exit 1
}
# Create webroot directory for Let's Encrypt challenge
$webrootDir = "$SslDir\webroot\.well-known\acme-challenge"
if (!(Test-Path $webrootDir)) {
New-Item -ItemType Directory -Path $webrootDir -Force
}
# Get certificate
& certbot certonly --webroot `
-w "$SslDir\webroot" `
-d $Domain `
--email $Email `
--agree-tos `
--non-interactive
if ($LASTEXITCODE -eq 0) {
# Copy certificates to our SSL directory
Copy-Item "/etc/letsencrypt/live/$Domain/fullchain.pem" "$SslDir\cert.pem"
Copy-Item "/etc/letsencrypt/live/$Domain/privkey.pem" "$SslDir\key.pem"
Write-Host "Let's Encrypt certificate installed successfully!" -ForegroundColor Green
# Create renewal script
$renewScript = @"
#!/bin/bash
certbot renew --quiet
docker-compose restart nginx
"@
$renewScript | Out-File -FilePath "$SslDir\renew.sh" -Encoding UTF8
Write-Host "Auto-renewal script created!" -ForegroundColor Green
} else {
Write-Host "Failed to obtain Let's Encrypt certificate" -ForegroundColor Red
exit 1
}
}
Write-Host "SSL setup complete!" -ForegroundColor Green
Write-Host "Certificate: $SslDir\cert.pem" -ForegroundColor Cyan
Write-Host "Private key: $SslDir\key.pem" -ForegroundColor Cyan
Write-Host ""
Write-Host "Next steps:" -ForegroundColor Yellow
Write-Host "1. Update your .env file with production values" -ForegroundColor White
Write-Host "2. Run: docker-compose -f docker-compose.yml --env-file env.production up -d" -ForegroundColor White
Write-Host "3. Test your setup: https://$Domain" -ForegroundColor White
Reference in New Issue View Git Blame Copy Permalink