installer

2021-04-14 11:17:00 -07:00 · 2021-04-14 11:17:00 -07:00 · 11844f77b7
commit 11844f77b7
parent 722fff996f
5 changed files with 56 additions and 2 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,11 @@
 # letsencrypt-tools

 Bash scripts and Let's Encrypt & Apache configurations for managing Let's Encrypt certificates with certbot.
+
+## Install
+```
+cd /usr/local/src
+git clone https://git.stack-source.com/msb/letsencrypt-tools.git
+cd letsencrypt-tools
+./install.sh
+```
--- a/bin/letsencrypt-certonly.sh
+++ b/bin/letsencrypt-certonly.sh
@ -2,7 +2,7 @@

 # must be root
 if [ "$USER" != "root" ]; then
-  exec sudo $0
+  exec sudo -u root --shell /bin/bash $0 $@
 fi

 help()
--- a/bin/letsencrypt-del.sh
+++ b/bin/letsencrypt-del.sh
@ -1,5 +1,10 @@
 #!/bin/bash

+# must be root
+if [ "$USER" != "root" ]; then
+  exec sudo -u root --shell /bin/bash $0 $@
+fi
+
 help()
 {
  thisfilename=$(basename -- "$0")
--- a/etc/letsencrypt/cli.ini
+++ b/etc/letsencrypt/cli.ini
@ -1,7 +1,6 @@
 # Because we are using logrotate for greater flexibility, disable the
 # internal certbot logrotation.
 max-log-backups = 0
-email = hostmaster@example.com
 agree-tos = True
 allow-subset-of-names = True
 expand = True
--- a/install.sh
+++ b/install.sh
@ -0,0 +1,42 @@
+#!/bin/bash
+
+# must be root
+if [ "$USER" != "root" ]; then
+  echo "You must be root to run this installer."
+  exit
+fi
+
+apt-get -y install python3-certbot-apache
+
+mkdir /etc/ssl/letsencrypt
+chmod 750 /etc/ssl/letsencrypt
+chgrp ssl-cert /etc/ssl/letsencrypt
+
+# Let's Encrypt
+cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
+chmod 644 /etc/letsencrypt/cli.ini
+chown root:root /etc/letsencrypt/cli.ini
+mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
+cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
+mkdir -p /etc/letsencrypt/renewal-hooks/post/
+cp etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+chmod 750 /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+chown root:root /etc/letsencrypt/renewal-hooks/post/sync-certs-to-etc-ssl.sh
+
+domain=`hostaname -d`
+if [ -n "$domain" ]; then
+  echo "email = hostmaster@$domain" >> /etc/letsencrypt/cli.ini
+  echo "Lets' Encrypt email set to hostmaster@$domain"
+else
+  echo "Server DNS domain name not set, Lets' Encrypt email setting left unconfigured."
+fi
+
+cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
+a2enmod proxy
+a2enconf certbot
+systemctl restart apache2
+
+chmod 755 bin/*
+cp bin/* /usr/local/bin/