Certificate Installer
This is not the most secure way to install the certificates, but this is one of the decent ways we can automate this process without the extra steps of authentication.
to achieve this we are using a link which has the certificate and the private key contents, using wget we can fetch the certificate contents and write them to the desired location and filename.
I thought of using gitlab snippets or github gist
#!/bin/bash
# ----------------------------------------------------------------------------
# INTERNAL USE ONLY: Nebulogic Technologies
# Code File: certinstall.sh
# Author: Kalyan Mudumby
# Date: 08 April 2025
# Description:
# Automate and streamline certificate updates for NGINX deployments.
#
# IMPORTANT NOTICE:
# This code is intended solely for internal use within Nebulogic Technologies.
# Unauthorized use, distribution, or modification of this code is strictly
# prohibited. Please handle this code with care and ensure compliance with
# company policies and guidelines.
#
# For questions or concerns, please contact `Kalyan Mudumby` at
# `kalyan.mudumby@nebulogic.com`.
#
# © 2025 Nebulogic Technologies. All rights reserved.
#
# Built with Love ❤️ by Kalyan Mudumby 🚀
# ----------------------------------------------------------------------------
set -euo pipefail
# Fetch the date in YYYY-MM-DD Format
DATE=$(date +%F)
# Fail if no domain value is passed
if [ -z "${1:-}" ]; then
echo "Usage: $0 <domain>"
exit 1
fi
DOMAIN=$1
# Configurable Paths
NGINX_CONF_DIR="/usr/local/nginx/conf"
NGINX_BACKUP_DIR="/usr/local/nginx/backup"
GEO_BACKUP_DIR="$HOME/geocerts/backup"
GEOCERTS_DIR="$HOME/geocerts"
GITLAB_BASE_URL="https://gitlab.nebulogic.com/-/snippets"
# Associative Arrays: domain -> snippet ID
declare -A CRT_SNIPPETS
declare -A KEY_SNIPPETS
# Define per-domain snippet IDs
CRT_SNIPPETS[thesmartice]=27
KEY_SNIPPETS[thesmartice]=26
CRT_SNIPPETS[thesmartcity311]=30
KEY_SNIPPETS[thesmartcity311]=29
CRT_SNIPPETS[ilhelpline]=
KEY_SNIPPETS[ilhelpline]=
CRT_SNIPPETS[mahelpline]=
KEY_SNIPPETS[mahelpline]=
CRT_SNIPPETS[vthelplink]=
KEY_SNIPPETS[vthelplink]=
CRT_SNIPPETS[orhelpline]=
KEY_SNIPPETS[orhelpline]=
# Utility Functions
log() {
echo "[$(date '+%F %T')] $1"
}
backup() {
log "Backing up existing NGINX config"
sudo mkdir -p "$NGINX_BACKUP_DIR/${DOMAIN}_$DATE"
sudo cp -r "$NGINX_CONF_DIR/"* "$NGINX_BACKUP_DIR/${DOMAIN}_$DATE"
log "Backing up existing certificates to GEOCERTS folder"
sudo mkdir -p "$GEO_BACKUP_DIR/$DATE"
sudo mv "$NGINX_CONF_DIR/$DOMAIN.crt" "$GEO_BACKUP_DIR/${DOMAIN}_$DATE"
sudo mv "$NGINX_CONF_DIR/$DOMAIN.key" "$GEO_BACKUP_DIR/${DOMAIN}_$DATE"
}
download_certificates() {
CRT_ID=${CRT_SNIPPETS[$DOMAIN]:-}
KEY_ID=${KEY_SNIPPETS[$DOMAIN]:-}
if [ -z "$CRT_ID" ] || [ -z "$KEY_ID" ]; then
echo "Missing snippet IDs for domain '$DOMAIN'"
exit 1
fi
log "Downloading certificates for $DOMAIN from GitLab snippets"
sudo mkdir -p "$GEOCERTS_DIR/$DOMAIN/"
sudo wget "$GITLAB_BASE_URL/$KEY_ID/raw/main/$DOMAIN.key" -O "$GEOCERTS_DIR/$DOMAIN/$DOMAIN.key"
sudo wget "$GITLAB_BASE_URL/$CRT_ID/raw/main/$DOMAIN.crt" -O "$GEOCERTS_DIR/$DOMAIN/$DOMAIN.crt"
}
validate_download() {
log "Validating downloaded certificate files for $DOMAIN"
local crt_path="$GEOCERTS_DIR/$DOMAIN/$DOMAIN.crt"
local key_path="$GEOCERTS_DIR/$DOMAIN/$DOMAIN.key"
if [ ! -f "$crt_path" ]; then
echo "❌ Error: Missing downloaded file: $DOMAIN.crt"
exit 1
fi
if [ ! -f "$key_path" ]; then
echo "❌ Error: Missing downloaded file: $DOMAIN.key"
exit 1
fi
}
deploy_certificates() {
log "Copying new certificates to NGINX config"
sudo cp -r "$GEOCERTS_DIR/$DOMAIN/"* "$NGINX_CONF_DIR"
log "Validating nginx config"
sudo nginx -t
log "Restarting nginx"
sudo systemctl restart nginx.service
log "Displaying certificate details:"
openssl x509 -in "$NGINX_CONF_DIR/$DOMAIN.crt" -text -noout
}
log whoami
log pwd
backup
download_certificates
validate_download
deploy_certificates