2021-04-14 11:17:00 -07:00
|
|
|
#!/bin/bash
|
2022-08-22 13:43:03 -07:00
|
|
|
#
|
|
|
|
# letsencrypt-tools
|
|
|
|
# https://git.stack-source.com/msb/letsencrypt-tools
|
|
|
|
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
#
|
2021-04-14 11:17:00 -07:00
|
|
|
# must be root
|
2022-10-17 10:09:09 -07:00
|
|
|
if [ "${EUID}" -ne 0 ]; then
|
2021-04-14 11:17:00 -07:00
|
|
|
echo "You must be root to run this installer."
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
2024-06-14 12:43:36 -07:00
|
|
|
# check for Ubuntu 22.04 (jammy) or Debian 12 (bookworm)
|
|
|
|
os_codename=`lsb_release -cs`
|
|
|
|
if [ $os_codename != jammy ] && [ $os_codename != bookworm ]; then
|
|
|
|
echo "This installer only runs on Ubuntu 22.04 (jammy) or Debian 12 (Bookworm), bailing out."
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# check for existing web server software installs
|
|
|
|
if [ -d "/etc/letsencrypt/" ] || [ -d "/opt/certbot/" ] || [ -f "/usr/bin/certbot" ]; then
|
|
|
|
echo "NOTICE: Let's Encrypt is already installed."
|
|
|
|
echo "You must purge any existing certbot installs before running this."
|
|
|
|
exit 1
|
2021-04-15 13:16:58 -07:00
|
|
|
fi
|
|
|
|
|
2024-06-14 09:14:07 -07:00
|
|
|
# Old apt installation instructions
|
|
|
|
#apt-get update
|
|
|
|
#DEBIAN_FRONTEND=noninteractive apt-get -y install certbot python3-certbot python3-certbot-apache
|
|
|
|
|
|
|
|
# New pip method - gets latest version, and is needed for certbot-dns-powerdns on Debian 12 Bookworm & Ubuntu 24.04 Noble
|
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-pip python3-wheel python3-venv libaugeas0
|
|
|
|
python3 -m venv /opt/certbot
|
|
|
|
/opt/certbot/bin/pip install --upgrade pip
|
|
|
|
# pyyaml==5.3.1 currently needed by certbot-dns-powerdns
|
|
|
|
/opt/certbot/bin/pip install certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1
|
|
|
|
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
|
|
|
|
cp etc/cron.d/cerbot /etc/cron.d/cerbot
|
|
|
|
chmod 644 /etc/cron.d/cerbot
|
2021-04-14 11:17:00 -07:00
|
|
|
|
|
|
|
mkdir /etc/ssl/letsencrypt
|
|
|
|
chmod 750 /etc/ssl/letsencrypt
|
|
|
|
chgrp ssl-cert /etc/ssl/letsencrypt
|
|
|
|
|
2021-04-15 13:16:58 -07:00
|
|
|
# Let's Encrypt configurations
|
2024-06-14 09:14:07 -07:00
|
|
|
chown -R root:root etc/
|
|
|
|
cp -a etc/* /etc/
|
2021-04-14 11:17:00 -07:00
|
|
|
chmod 644 /etc/letsencrypt/cli.ini
|
2024-06-14 09:14:07 -07:00
|
|
|
chmod 750 /etc/letsencrypt/renewal-hooks/*/*.sh
|
|
|
|
chmod 644 /etc/cron.d/certbot
|
2022-04-20 12:06:18 -07:00
|
|
|
a2enmod --quiet proxy proxy_http
|
2021-04-14 11:21:15 -07:00
|
|
|
a2enconf --quiet certbot
|
2021-04-14 11:17:00 -07:00
|
|
|
systemctl restart apache2
|
|
|
|
|
2021-04-15 13:16:58 -07:00
|
|
|
# install Let's Encrypt user scripts
|
|
|
|
cp bin/letsencrypt-* /usr/local/bin
|
|
|
|
chmod 755 /usr/local/bin/letsencrypt-*
|
2023-06-16 09:08:59 -07:00
|
|
|
|
|
|
|
# install Deploy tools used by vpanel-stack
|
|
|
|
cp sbin/letsencrypt-deploy.sh /usr/local/sbin/
|
|
|
|
chmod 750 /usr/local/sbin/letsencrypt-deploy.sh
|
|
|
|
cp systemd/letsencrypt-* /usr/local/lib/systemd/system/
|
|
|
|
chmod 644 /usr/local/lib/systemd/system/letsencrypt-*
|
|
|
|
systemctl daemon-reload
|
|
|
|
systemctl enable --now letsencrypt-deploy.path
|
2024-03-14 15:24:53 -07:00
|
|
|
|
|
|
|
echo
|
2024-03-26 14:35:42 -07:00
|
|
|
fqdn=`hostname -f`
|
|
|
|
if [ -n "$fqdn" ]; then
|
|
|
|
echo "email = webmaster@$fqdn" >> /etc/letsencrypt/cli.ini
|
|
|
|
echo "Let's Encrypt email set to webmaster@$fqdn"
|
|
|
|
echo "This can be changed by editing /etc/letsencrypt/cli.ini."
|
2024-03-14 15:24:53 -07:00
|
|
|
else
|
|
|
|
echo "Server DNS domain name not set, Let's Encrypt email setting left unconfigured."
|
|
|
|
fi
|