switch from apt to pip install for certbot-dns-powerdns compat
This commit is contained in:
Matthew Saunders Brown
parent
d99837d4de
commit
9a7f451da9
10
etc/cron.d/cerbot
Normal file
10
etc/cron.d/cerbot
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
# /etc/cron.d/cert: crontab entries for the certbot (letsencrypt)
|
||||||
|
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/opt/certbot/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
# Renew certs twice daily
|
||||||
|
0 0,12 * * * root test -x /opt/certbot/bin/certbot && test -L /usr/bin/certbot && perl -e 'sleep int(rand(43200))' && certbot -q renew --no-random-sleep-on-renew
|
||||||
|
|
||||||
|
# Upgrade certbot monthly
|
||||||
|
45 0 1 * * root /opt/certbot/bin/pip install --upgrade certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1
|
||||||
31
install.sh
31
install.sh
|
|
@ -19,27 +19,30 @@ if [ -d "/etc/letsencrypt/" ]; then
|
||||||
sleep 5
|
sleep 5
|
||||||
fi
|
fi
|
||||||
|
|
||||||
apt-get update
|
# Old apt installation instructions
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-certbot-apache
|
#apt-get update
|
||||||
|
#DEBIAN_FRONTEND=noninteractive apt-get -y install certbot python3-certbot python3-certbot-apache
|
||||||
|
|
||||||
|
# New pip method - gets latest version, and is needed for certbot-dns-powerdns on Debian 12 Bookworm & Ubuntu 24.04 Noble
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get -y install python3-pip python3-wheel python3-venv libaugeas0
|
||||||
|
python3 -m venv /opt/certbot
|
||||||
|
/opt/certbot/bin/pip install --upgrade pip
|
||||||
|
# pyyaml==5.3.1 currently needed by certbot-dns-powerdns
|
||||||
|
/opt/certbot/bin/pip install certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1
|
||||||
|
ln -s /opt/certbot/bin/certbot /usr/bin/certbot
|
||||||
|
cp etc/cron.d/cerbot /etc/cron.d/cerbot
|
||||||
|
chmod 644 /etc/cron.d/cerbot
|
||||||
|
|
||||||
mkdir /etc/ssl/letsencrypt
|
mkdir /etc/ssl/letsencrypt
|
||||||
chmod 750 /etc/ssl/letsencrypt
|
chmod 750 /etc/ssl/letsencrypt
|
||||||
chgrp ssl-cert /etc/ssl/letsencrypt
|
chgrp ssl-cert /etc/ssl/letsencrypt
|
||||||
|
|
||||||
# Let's Encrypt configurations
|
# Let's Encrypt configurations
|
||||||
cp etc/letsencrypt/cli.ini /etc/letsencrypt/cli.ini
|
chown -R root:root etc/
|
||||||
|
cp -a etc/* /etc/
|
||||||
chmod 644 /etc/letsencrypt/cli.ini
|
chmod 644 /etc/letsencrypt/cli.ini
|
||||||
chown root:root /etc/letsencrypt/cli.ini
|
chmod 750 /etc/letsencrypt/renewal-hooks/*/*.sh
|
||||||
mkdir -p /etc/letsencrypt/renewal-hooks/deploy/
|
chmod 644 /etc/cron.d/certbot
|
||||||
cp etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
|
||||||
chmod 750 /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
|
||||||
chown root:root /etc/letsencrypt/renewal-hooks/deploy/cp-to-etc-ssl.sh
|
|
||||||
mkdir -p /etc/letsencrypt/renewal-hooks/post/
|
|
||||||
cp etc/letsencrypt/renewal-hooks/post/reload-services.sh /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
|
||||||
chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
|
||||||
chown root:root /etc/letsencrypt/renewal-hooks/post/reload-services.sh
|
|
||||||
|
|
||||||
cp etc/apache2/conf-available/certbot.conf /etc/apache2/conf-available/certbot.conf
|
|
||||||
a2enmod --quiet proxy proxy_http
|
a2enmod --quiet proxy proxy_http
|
||||||
a2enconf --quiet certbot
|
a2enconf --quiet certbot
|
||||||
systemctl restart apache2
|
systemctl restart apache2
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user