From 11844f77b7725e85ff4b59063db83e45b50df42c Mon Sep 17 00:00:00 2001
From: Matthew Saunders Brown <msb@stackaas.com>
Date: Wed, 14 Apr 2021 11:17:00 -0700
Subject: [PATCH] installer

---
 README.md                   |  8 +++++++
 bin/letsencrypt-certonly.sh |  2 +-
 bin/letsencrypt-del.sh      |  5 +++++
 etc/letsencrypt/cli.ini     |  1 -
 install.sh                  | 42 +++++++++++++++++++++++++++++++++++++
 5 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100755 install.sh

diff --git a/README.md b/README.md
index 0eac516..a8857f0 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
 # letsencrypt-tools
 
 Bash scripts and Let's Encrypt & Apache configurations for managing Let's Encrypt certificates with certbot.
+
+## Install
+```
+cd /usr/local/src
+git clone https://git.stack-source.com/msb/letsencrypt-tools.git
+cd letsencrypt-tools
+./install.sh
+```
diff --git a/bin/letsencrypt-certonly.sh b/bin/letsencrypt-certonly.sh
index 9b48e9c..472c52a 100644
--- a/bin/letsencrypt-certonly.sh
+++ b/bin/letsencrypt-certonly.sh
@@ -2,7 +2,7 @@
 
 # must be root
 if [ "$USER" != "root" ]; then
-  exec sudo $0
+  exec sudo -u root --shell /bin/bash $0 $@
 fi
 
 help()
diff --git a/bin/letsencrypt-del.sh b/bin/letsencrypt-del.sh
index df7a61b..3dd6171 100644
--- a/bin/letsencrypt-del.sh
+++ b/bin/letsencrypt-del.sh
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+# must be root
+if [ "$USER" != "root" ]; then
+  exec sudo -u root --shell /bin/bash $0 $@
+fi
+
 help()
 {
   thisfilename=$(basename -- "$0")
diff --git a/etc/letsencrypt/cli.ini b/etc/letsencrypt/cli.ini
index 9e8f324..f487e09 100644
--- a/etc/letsencrypt/cli.ini
+++ b/etc/letsencrypt/cli.ini
@@ -1,7 +1,6 @@
 # Because we are using logrotate for greater flexibility, disable the
 # internal certbot logrotation.
 max-log-backups = 0
-email = hostmaster@example.com
 agree-tos = True
 allow-subset-of-names = True
 expand = True
diff --git a/install.sh b/install.sh
new file mode 100755
index 0000000..eae9d72
--- /dev/null
+++ b/install.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+# must be root
+if [ "$USER" != "root" ]; then
+  echo "You must be root to run this installer."
+  exit
+fi
+
+apt-get -y install python3-certbot-apache
+
+mkdir /etc/ssl/letsencrypt
+chmod 750 /etc/ssl/letsencrypt
+chgrp ssl-cert /etc/ssl/letsencrypt
+
+# Let's Encrypt
+cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
+chmod 644 /etc/letsencrypt/cli.ini
+chown root:root /etc/letsencrypt/cli.ini
+mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
+cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+mkdir -p /etc/letsencrypt/renewal-hooks/post/
+cp etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+chmod 750 /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+chown root:root /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+
+domain=`hostaname -d`
+if [ -n "$domain" ]; then
+  echo "email = hostmaster@$domain" >> /etc/letsencrypt/cli.ini
+  echo "Lets' Encrypt email set to hostmaster@$domain"
+else
+  echo "Server DNS domain name not set, Lets' Encrypt email setting left unconfigured."
+fi
+
+cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
+a2enmod proxy
+a2enconf certbot
+systemctl restart apache2
+
+chmod 755 bin/*
+cp bin/* /usr/local/bin/