switch from apt to pip install for certbot-dns-powerdns compat
This commit is contained in:
Matthew Saunders Brown
parent
d99837d4de
commit
9a7f451da9
10
etc/cron.d/cerbot
Normal file
10
etc/cron.d/cerbot
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# /etc/cron.d/cert: crontab entries for the certbot (letsencrypt)
|
||||
|
||||
SHELL=/bin/sh
|
||||
PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
# Renew certs twice daily
|
||||
0 0,12 * * * root test -x /opt/certbot/bin/certbot && test -L /usr/bin/certbot && perl -e 'sleep int(rand(43200))' && certbot -q renew --no-random-sleep-on-renew
|
||||
|
||||
# Upgrade certbot monthly
|
||||
45 0 1 * * root /opt/certbot/bin/pip install --upgrade certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1
|
||||
31
install.sh
31
install.sh
|
|
@ -19,27 +19,30 @@ if [ -d "/etc/letsencrypt/" ]; then
|
|||
sleep 5
|
||||
fi
|
||||
|
||||
apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-certbot-apache
|
||||
# Old apt installation instructions
|
||||
#apt-get update
|
||||
#DEBIAN_FRONTEND=noninteractive apt-get -y install certbot python3-certbot python3-certbot-apache
|
||||
|
||||
# New pip method - gets latest version, and is needed for certbot-dns-powerdns on Debian 12 Bookworm & Ubuntu 24.04 Noble
|
||||
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-pip python3-wheel python3-venv libaugeas0
|
||||
python3 -m venv /opt/certbot
|
||||
/opt/certbot/bin/pip install --upgrade pip
|
||||
# pyyaml==5.3.1 currently needed by certbot-dns-powerdns
|
||||
/opt/certbot/bin/pip install certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1
|
||||
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
|
||||
cp etc/cron.d/cerbot /etc/cron.d/cerbot
|
||||
chmod 644 /etc/cron.d/cerbot
|
||||
|
||||
mkdir /etc/ssl/letsencrypt
|
||||
chmod 750 /etc/ssl/letsencrypt
|
||||
chgrp ssl-cert /etc/ssl/letsencrypt
|
||||
|
||||
# Let's Encrypt configurations
|
||||
cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
|
||||
chown -R root:root etc/
|
||||
cp -a etc/* /etc/
|
||||
chmod 644 /etc/letsencrypt/cli.ini
|
||||
chown root:root /etc/letsencrypt/cli.ini
|
||||
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
|
||||
cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
||||
chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
||||
chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
||||
mkdir -p /etc/letsencrypt/renewal-hooks/post/
|
||||
cp etc/letsencrypt/renewal-hooks/post/reload-services.sh /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
||||
chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
||||
chown root:root /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
||||
|
||||
cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
|
||||
chmod 750 /etc/letsencrypt/renewal-hooks/*/*.sh
|
||||
chmod 644 /etc/cron.d/certbot
|
||||
a2enmod --quiet proxy proxy_http
|
||||
a2enconf --quiet certbot
|
||||
systemctl restart apache2
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user