2021-04-14 11:17:00 -07:00
|
|
|
#!/bin/bash
|
2022-08-22 13:43:03 -07:00
|
|
|
#
|
|
|
|
|
# letsencrypt-tools
|
|
|
|
|
# https://git.stack-source.com/msb/letsencrypt-tools
|
|
|
|
|
# Copyright (c) 2022 Matthew Saunders Brown <matthewsaundersbrown@gmail.com>
|
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
|
#
|
2021-04-14 11:17:00 -07:00
|
|
|
# must be root
|
2022-10-17 10:09:09 -07:00
|
|
|
if [ "${EUID}" -ne 0 ]; then
|
2021-04-14 11:17:00 -07:00
|
|
|
echo "You must be root to run this installer."
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
2021-04-15 13:16:58 -07:00
|
|
|
# check for existing Let's Encrypt install
|
|
|
|
|
if [ -d "/etc/letsencrypt/" ]; then
|
|
|
|
|
echo "WARNING: Let's Encrypt is already installed."
|
|
|
|
|
echo "This installer will overwrite existing configurations."
|
|
|
|
|
echo -e "You have five seconds to execute ctrl-c to cancel this install.\a"
|
|
|
|
|
sleep 5
|
|
|
|
|
fi
|
|
|
|
|
|
2021-04-21 11:16:26 -07:00
|
|
|
apt-get update
|
2022-10-05 10:32:29 -07:00
|
|
|
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-certbot-apache
|
2021-04-14 11:17:00 -07:00
|
|
|
|
|
|
|
|
mkdir /etc/ssl/letsencrypt
|
|
|
|
|
chmod 750 /etc/ssl/letsencrypt
|
|
|
|
|
chgrp ssl-cert /etc/ssl/letsencrypt
|
|
|
|
|
|
2021-04-15 13:16:58 -07:00
|
|
|
# Let's Encrypt configurations
|
2021-04-14 11:17:00 -07:00
|
|
|
cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
|
|
|
|
|
chmod 644 /etc/letsencrypt/cli.ini
|
|
|
|
|
chown root:root /etc/letsencrypt/cli.ini
|
|
|
|
|
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
|
|
|
|
|
cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
|
|
|
|
chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
|
|
|
|
chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
2022-10-05 10:32:29 -07:00
|
|
|
mkdir -p /etc/letsencrypt/renewal-hooks/post/
|
|
|
|
|
cp etc/letsencrypt/renewal-hooks/post/reload-services.sh /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
|
|
|
|
chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
|
|
|
|
chown root:root /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
2021-04-14 11:17:00 -07:00
|
|
|
|
|
|
|
|
cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
|
2022-04-20 12:06:18 -07:00
|
|
|
a2enmod --quiet proxy proxy_http
|
2021-04-14 11:21:15 -07:00
|
|
|
a2enconf --quiet certbot
|
2021-04-14 11:17:00 -07:00
|
|
|
systemctl restart apache2
|
|
|
|
|
|
2021-04-15 13:16:58 -07:00
|
|
|
# install Let's Encrypt user scripts
|
|
|
|
|
cp bin/letsencrypt-* /usr/local/bin
|
|
|
|
|
chmod 755 /usr/local/bin/letsencrypt-*
|
2023-06-16 09:08:59 -07:00
|
|
|
|
|
|
|
|
# install Deploy tools used by vpanel-stack
|
|
|
|
|
cp sbin/letsencrypt-deploy.sh /usr/local/sbin/
|
|
|
|
|
chmod 750 /usr/local/sbin/letsencrypt-deploy.sh
|
|
|
|
|
cp systemd/letsencrypt-* /usr/local/lib/systemd/system/
|
|
|
|
|
chmod 644 /usr/local/lib/systemd/system/letsencrypt-*
|
|
|
|
|
systemctl daemon-reload
|
|
|
|
|
systemctl enable --now letsencrypt-deploy.path
|
2024-03-14 15:24:53 -07:00
|
|
|
|
|
|
|
|
echo
|
2024-03-26 14:35:42 -07:00
|
|
|
fqdn=`hostname -f`
|
|
|
|
|
if [ -n "$fqdn" ]; then
|
|
|
|
|
echo "email = webmaster@$fqdn" >> /etc/letsencrypt/cli.ini
|
|
|
|
|
echo "Let's Encrypt email set to webmaster@$fqdn"
|
|
|
|
|
echo "This can be changed by editing /etc/letsencrypt/cli.ini."
|
2024-03-14 15:24:53 -07:00
|
|
|
else
|
|
|
|
|
echo "Server DNS domain name not set, Let's Encrypt email setting left unconfigured."
|
|
|
|
|
fi
|
