May 19, 20251 yr This script is run on an Unraid system hosting Nginx Proxy Manager (docker, lxc, etc) and copies specified certs in the format required by Unraid to ONE specified shared folder. This works for any number of Unraid servers - edit variables as needed. The folder location in the script is for an NPM installation within a Debian LXC container - edit as necessary for your own NPM storage location. These scripts require that you have NPM (or Certbot standalone, etc.) already set up and working, pulling updated Let's Encrypt certificates and that you have a TLS entry for each server you configure. Related: My Nginx Proxy Manager LXC setup guide: #!/bin/bash ##================================================================================================ ## ## Unraid+NPM TLS Cert Builder - Espressomatic @UnraidForums - 19 May 2025 ## ## HARDCODED version 1.5 ## ## Build Unraid TLS cert bundle from Nginx Proxy Manager's Certbot Provisions ## ##================================================================================================ # # ##================================================================================================ ##================================================================================================ ##================================================================================================ # This script is run on the NPM host and copies specified certs in Unraid's format to a shared folder # # Certificate files parent folder (LXC) - get cert parts from here and reference path below to get server name # /mnt/user/lxc/NginxReverseProxy/rootfs/etc/letsencrypt/archive/ # # Files with names of NPM hosts that use certs - get server names from here # /mnt/user/lxc/NginxReverseProxy/rootfs/data/nginx/proxy_host # # Additional Script requirement: # Put the "Install Local Certificate" script on each Unraid machine to copy its cert to its local cert folder # ##================================================================================================ ##================================================================================================ ##================================================================================================ # # Info # ---- # # Tested on Unraid versions 6.12 - 7.1.2 # # This script makes the assumption that the source is a certificate chain of 4 files # These 4 files will be concatenated together to make a certificate bundle for Unraid # # # Required Installation and Setup # ------------------------------- # # - LXC Plugin with NPM installed in Debian # # - NPM set up to generate certificate(s) for your servers with Let's Encrypt # # - In User Scripts, click the Schedule button for the script and select a weekly schedule # NPM renews certificates a 4 weeks before they expire and this makes sure the installed copy # is always up-to-date and valid # ##================================================================================================ ##------------------------------------------------------------------------------------------------ ## REQUIRED SETTINGS ##------------------------------------------------------------------------------------------------ ## Edit the following variables for the specific servers ## ------------------------------------------------------------------------------------------ myServerNames=("Trillian" "Arthur" "Ford" "Zaphod" "Marvin") myServerFileIndex=("11" "7" "8" "6" "10") certShare_Folder="/mnt/user/Clutch/Certificates/" ##================================================================================================ ##================================================================================================ ##------------------------------------------------------------------------------------------------ ## The Business - you shouldn't need to make edits below for typical use ##------------------------------------------------------------------------------------------------ ##================================================================================================ ## (4) Certificate-specific source directory # - inside NPMPlus appdata hierarchy, certs are created in numerical order # cert_dir_base="npm-" ## Unraid certificate filename suffix - as of Unraid 6.12 # unraid_certsuffix="_unraid_bundle.pem" unraid_certsuffix="_unraid_bundle.pem" ## Certificate parent directory based on NPM installation type # LXC: "/mnt/user/lxc/NginxReverseProxy/rootfs/etc/letsencrypt/live/" cert_parent_dir="/mnt/user/lxc/NginxReverseProxy/rootfs/etc/letsencrypt/live/" ## Certificate filename(s) # NPM certificate chain consists of 4 files inside a specific folder (see REQUIRED SETTINGS up above) # # cert_file1="fullchain.pem" cert_file2="chain.pem" cert_file3="cert.pem" cert_file4="privkey.pem" # # Symbolic links to the most recently renewed cert files inside the "../letsencrypt/archive/" path cert_file1="fullchain.pem" cert_file2="chain.pem" cert_file3="cert.pem" cert_file4="privkey.pem" ##================================================================================================ # Copy the files and display confirmation messages # server_cert_file="MAKE THIS" # Start Server Array Loop printf "We're Starting\n\n" for i in "${!myServerNames[@]}"; do cert_dir=${cert_dir_base}${myServerFileIndex[$i]} unraid_server=${myServerNames[$i]} unraid_cert_file="${unraid_server}${unraid_certsuffix}" printf "${unraid_server} (${cert_dir}) ... " ## Build the path variables full_cert_path=${cert_parent_dir}${cert_dir} ## Validate names, source path and certificate files # if [ ! -d "${full_cert_path}" ]; then printf "\n❗❗ The source certificates directory can't be found. Make sure the script variables have been edited correctly\n" printf "\nDirectory: \"${full_cert_path}\"\n" error=1 else cd ${full_cert_path} fi if [ ! -f "$cert_file1" ] || [ ! -f "$cert_file2" ] || [ ! -f "$cert_file3" ] || [ ! -f "$cert_file4" ]; then printf "\n❗❗ One or more of the original certificate files can't be found. Check your edits in the script.\n\n" printf "\nLooking in directory: \"${full_cert_path}\"\n" error=1 fi if [ $error ]; then exit 1 fi ## copy the original certificate files to a temporary working path # tmp_originals="/tmp/original_certs" mkdir -p $tmp_originals cp * ${tmp_originals} cd ${tmp_originals} ## Concatenate the original cert files into an Unraid certificate bundle # if [ ! -f "$cert_file1" ] || [ ! -f "$cert_file2" ] || [ ! -f "$cert_file3" ] || [ ! -f "$cert_file4" ]; then printf "\n❗❗ There was a problem copying the certificate files - please contact the script developer\n\n" exit 1 else cat $cert_file1 $cert_file2 $cert_file3 $cert_file4 > ${unraid_cert_file} fi ## Copy the bundles to defined ${certShare_Folder} # if [ ! -f ${unraid_cert_file} ]; then printf "\n❗❗ There was a problem creating the Unraid Certificate Bundle - please contact the script developer\n\n" exit 1 else cp ${unraid_cert_file} ${certShare_Folder} fi rm -r $tmp_originals printf "Success! ${unraid_cert_file} created\n\n" done #Server Array Loop End printf "\nYour TLS/SSL Certificates have been stored in ${certShare_Folder} \n" Edited May 19, 20251 yr by Espressomatic
May 19, 20251 yr Author This is the additional script to copy and install the certificate for ONE specific server from the shared folder specified above. Install this script onto each Unraid server where you want an updated TLS certificate. #!/bin/bash ##================================================================================================ ## ## Unraid WebUI TLS/SSL Certificate Installer - Espressomatic @UnraidForums - 19 May 2025 ## ## version 1.5 ## ## Copy certs from central Certificate Share to this Unraid Server's Certificate Path ## ##================================================================================================ # # # Info # ---- # # Tested on Unraid versions 6.12 - 7.1.2 # # Required Installation and Setup # ------------------------------- # # - "Make Unraid NPM Certificates" script must be run on server hosting NPM LXC & certificates must be in common share folder # # - Click the Schedule button for the script and select a weekly schedule # NPM renews certificates 4 weeks before they expire and this makes sure the installed copy # is always up-to-date and valid # # - Click the Apply button at the bottom # ##================================================================================================ ##------------------------------------------------------------------------------------------------ ## REQUIRED SETTINGS ##------------------------------------------------------------------------------------------------ ## The name (without domain) of THIS Unraid server (where you're installing this script) # this_server_name="Zaphod" ## Share folder where the Make Certs script has previously stored the certificates # certShare_Folder="/mnt/remotes/TRILLIAN_Clutch/Certificates/" ##================================================================================================ ##------------------------------------------------------------------------------------------------ ## The Business - you shouldn't need to make edits below for typical use ##------------------------------------------------------------------------------------------------ ##================================================================================================ ## Unraid Default Directories: unraid_certdir="/boot/config/ssl/certs/" ## Unraid certificate filename suffix - as of Unraid 6.12 # unraid_certsuffix="_unraid_bundle.pem" unraid_certsuffix="_unraid_bundle.pem" unraid_cert_file="${this_server_name}${unraid_certsuffix}" ## Go to the shared certificate folder and copy this server's cert to the Unraid cert path # cd ${certShare_Folder} if [ ! -f ${unraid_cert_file} ]; then printf "\n❗❗ Can't find the server's Certificate Bundle - please contact the script developer\n\n" exit 1 else cp ${unraid_cert_file} ${unraid_certdir} fi ## Adjust file permissions to creator-only read-write # chmod 600 ${unraid_certdir}${unraid_cert_file} #rm -r $tmp_originals printf "Success!\n" printf "\nYour ${unraid_cert_file} certificate has been copied to ${unraid_certdir}\n" ## Restart the Unraid WebUI # printf "\nThe Unraid WebUI is reloading its configuration with your new certificate.\n\n\n" /etc/rc.d/rc.nginx reload
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.