added DH preamble and option to generate

.vscode/numbered-bookmarks.json

@@ -5,7 +5,7 @@
 			"bookmarks": [
 				-1,
 				17,
-				38,
+				39,
 				-1,
 				-1,
 				-1,

setup.sh

@@ -27,12 +27,13 @@ unset CAChainPath
 unset DHPath
 
 # set variables
+regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
+regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
 serverNames_working=()
 serverNames=()
 detectedIP=$(ip route get 1 | sed -n 's/^.*src \([0-9.]*\) .*$/\1/p')
-regexIP4="(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"
-regexHostname="(([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z0-9]|[A-Za-z0-9][A-Za-z0-9\-]*[A-Za-z0-9])"
 certbotFiles=(cert.pem chain.pem fullchain.pem privkey.pem)
+generateDH=0
 hostname=$(hostname)
 configPath="./etc.${hostname}"
 
@@ -352,6 +353,11 @@ if [ "${useCertbot}" -eq 0 ]; then
 fi
 
 # dhparam: get location of DH Parameters file
+echo -e "\n${mag}Generating your own Diffie-Hellman Parameters file helps make your SSL"
+echo "communication more secure by helping create unique safe large-prime numbers"
+echo "which are used to encrypt communication.  You shouldn't use the any pre-supplied"
+echo "dhparams.pem files that came with NGINX or your Linux install.  You should generate your own.  If you want this script to do that for you, please type"
+echo -e "${warn}generate${mag} when at the prompt instead of a path${norm}\n"
 while true; do
     read -p "What is the path to your DH Parameters file? (default: /etc/ssl/certs/dhparam.pem) " inputDHPath
     case "${inputDHPath}" in
@@ -386,6 +392,10 @@ while true; do
             echo -e "\n${cyan}---exiting---\n${norm}"
             exit 1
             ;;
+        generate)
+            generateDH=1
+            break
+            ;;
         *)
             # validate path
             if [ -f "${inputDHPath}" ]; then