From 9a7f451da955dfc460eef68cfdb83b77238ffc8d Mon Sep 17 00:00:00 2001 From: Matthew Saunders Brown Date: Fri, 14 Jun 2024 09:14:07 -0700 Subject: [PATCH] switch from apt to pip install for certbot-dns-powerdns compat --- etc/cron.d/cerbot | 10 ++++++++++ install.sh | 31 +++++++++++++++++-------------- 2 files changed, 27 insertions(+), 14 deletions(-) create mode 100644 etc/cron.d/cerbot diff --git a/etc/cron.d/cerbot b/etc/cron.d/cerbot new file mode 100644 index 0000000..2afb9ae --- /dev/null +++ b/etc/cron.d/cerbot @@ -0,0 +1,10 @@ +# /etc/cron.d/cert: crontab entries for the certbot (letsencrypt) + +SHELL=/bin/sh +PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin + +# Renew certs twice daily +0 0,12 * * * root test -x /opt/certbot/bin/certbot && test -L /usr/bin/certbot && perl -e 'sleep int(rand(43200))' && certbot -q renew --no-random-sleep-on-renew + +# Upgrade certbot monthly +45 0 1 * * root /opt/certbot/bin/pip install --upgrade certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1 diff --git a/install.sh b/install.sh index d674162..e708726 100755 --- a/install.sh +++ b/install.sh @@ -19,27 +19,30 @@ if [ -d "/etc/letsencrypt/" ]; then sleep 5 fi -apt-get update -DEBIAN_FRONTEND=noninteractive apt-get -y install python3-certbot-apache +# Old apt installation instructions +#apt-get update +#DEBIAN_FRONTEND=noninteractive apt-get -y install certbot python3-certbot python3-certbot-apache + +# New pip method - gets latest version, and is needed for certbot-dns-powerdns on Debian 12 Bookworm & Ubuntu 24.04 Noble +DEBIAN_FRONTEND=noninteractive apt-get -y install python3-pip python3-wheel python3-venv libaugeas0 +python3 -m venv /opt/certbot +/opt/certbot/bin/pip install --upgrade pip +# pyyaml==5.3.1 currently needed by certbot-dns-powerdns +/opt/certbot/bin/pip install certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1 +ln -s /opt/certbot/bin/certbot /usr/bin/certbot +cp etc/cron.d/cerbot /etc/cron.d/cerbot +chmod 644 /etc/cron.d/cerbot mkdir /etc/ssl/letsencrypt chmod 750 /etc/ssl/letsencrypt chgrp ssl-cert /etc/ssl/letsencrypt # Let's Encrypt configurations -cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini +chown -R root:root etc/ +cp -a etc/* /etc/ chmod 644 /etc/letsencrypt/cli.ini -chown root:root /etc/letsencrypt/cli.ini -mkdir -p /etc/letsencrypt/renewal-hooks/deploy/ -cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh -chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh -chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh -mkdir -p /etc/letsencrypt/renewal-hooks/post/ -cp etc/letsencrypt/renewal-hooks/post/reload-services.sh /etc/letsencrypt/renewal-hooks/post/reload-services.sh -chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh -chown root:root /etc/letsencrypt/renewal-hooks/post/reload-services.sh - -cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf +chmod 750 /etc/letsencrypt/renewal-hooks/*/*.sh +chmod 644 /etc/cron.d/certbot a2enmod --quiet proxy proxy_http a2enconf --quiet certbot systemctl restart apache2