msb/letsencrypt-tools
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

installer

Browse Source
This commit is contained in:
Matthew Saunders Brown 2021-04-14 11:17:00 -07:00
parent 722fff996f
commit 11844f77b7
5 changed files with 56 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
README.md
View File

@ -1,3 +1,11 @@
# letsencrypt-tools # letsencrypt-tools
Bash scripts and Let's Encrypt & Apache configurations for managing Let's Encrypt certificates with certbot. Bash scripts and Let's Encrypt & Apache configurations for managing Let's Encrypt certificates with certbot.
## Install
```
cd /usr/local/src
git clone https://git.stack-source.com/msb/letsencrypt-tools.git
cd letsencrypt-tools
./install.sh
```

2
bin/letsencrypt-certonly.sh
View File

@ -2,7 +2,7 @@
# must be root # must be root
if [ "$USER" != "root" ]; then if [ "$USER" != "root" ]; then
exec sudo $0 exec sudo -u root --shell /bin/bash $0 $@
fi fi
help() help()

5
bin/letsencrypt-del.sh
View File

@ -1,5 +1,10 @@
#!/bin/bash #!/bin/bash
# must be root
if [ "$USER" != "root" ]; then
exec sudo -u root --shell /bin/bash $0 $@
fi
help() help()
{ {
thisfilename=$(basename -- "$0") thisfilename=$(basename -- "$0")

1
etc/letsencrypt/cli.ini
View File

@ -1,7 +1,6 @@
# Because we are using logrotate for greater flexibility, disable the # Because we are using logrotate for greater flexibility, disable the
# internal certbot logrotation. # internal certbot logrotation.
max-log-backups = 0 max-log-backups = 0
email = hostmaster@example.com
agree-tos = True agree-tos = True
allow-subset-of-names = True allow-subset-of-names = True
expand = True expand = True

42
install.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/bash
# must be root
if [ "$USER" != "root" ]; then
echo "You must be root to run this installer."
exit
fi
apt-get -y install python3-certbot-apache
mkdir /etc/ssl/letsencrypt
chmod 750 /etc/ssl/letsencrypt
chgrp ssl-cert /etc/ssl/letsencrypt
# Let's Encrypt
cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
chmod 644 /etc/letsencrypt/cli.ini
chown root:root /etc/letsencrypt/cli.ini
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
mkdir -p /etc/letsencrypt/renewal-hooks/post/
cp etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
chmod 750 /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
chown root:root /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
domain=`hostaname -d`
if [ -n "$domain" ]; then
echo "email = hostmaster@$domain" >> /etc/letsencrypt/cli.ini
echo "Lets' Encrypt email set to hostmaster@$domain"
else
echo "Server DNS domain name not set, Lets' Encrypt email setting left unconfigured."
fi
cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
a2enmod proxy
a2enconf certbot
systemctl restart apache2
chmod 755 bin/*
cp bin/* /usr/local/bin/