wip

scripts/create-nginx-certs.sh

@@ -0,0 +1,103 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+usage() {
+  cat <<'EOF'
+Usage:
+  create-nginx-certs.sh --domain <domain> [--output <name>]
+
+Options:
+  -d, --domain   Domain name to use for the certificate Common Name and SAN
+  -o, --output   Output file base name (defaults to the domain name)
+  -h, --help     Show this help message
+
+Examples:
+  ./create-nginx-certs.sh --domain mydomain.local
+  ./create-nginx-certs.sh --domain mydomain.local --output foo
+EOF
+}
+
+DOMAIN=""
+OUTPUT_BASE=""
+
+while [[ $# -gt 0 ]]; do
+  case "$1" in
+    -d|--domain)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --domain requires a value" >&2
+        usage >&2
+        exit 1
+      fi
+      DOMAIN="$2"
+      shift 2
+      ;;
+    -o|--output)
+      if [[ $# -lt 2 ]]; then
+        echo "Error: --output requires a value" >&2
+        usage >&2
+        exit 1
+      fi
+      OUTPUT_BASE="$2"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      echo "Error: unknown argument: $1" >&2
+      usage >&2
+      exit 1
+      ;;
+  esac
+done
+
+if [[ -z "$DOMAIN" ]]; then
+  echo "Error: --domain is required" >&2
+  usage >&2
+  exit 1
+fi
+
+if [[ -z "$OUTPUT_BASE" ]]; then
+  OUTPUT_BASE="$DOMAIN"
+fi
+
+CERT_FILE="${OUTPUT_BASE}.pem"
+KEY_FILE="${OUTPUT_BASE}.key.pem"
+TMP_CONFIG="$(mktemp)"
+
+cleanup() {
+  rm -f "$TMP_CONFIG"
+}
+trap cleanup EXIT
+
+cat > "$TMP_CONFIG" <<EOF
+[req]
+default_bits = 2048
+prompt = no
+default_md = sha256
+distinguished_name = dn
+req_extensions = req_ext
+
+[dn]
+CN = ${DOMAIN}
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = ${DOMAIN}
+EOF
+
+openssl req -x509 \
+  -nodes \
+  -days 3650 \
+  -newkey rsa:2048 \
+  -keyout "$KEY_FILE" \
+  -out "$CERT_FILE" \
+  -config "$TMP_CONFIG" \
+  -extensions req_ext
+
+echo "Created certificate: $CERT_FILE"
+echo "Created private key:  $KEY_FILE"