#!/bin/bash # # letsencrypt-tools # https://git.stack-source.com/msb/letsencrypt-tools # Copyright (c) 2022 Matthew Saunders Brown # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # # must be root if [ "${EUID}" -ne 0 ]; then echo "You must be root to run this installer." exit fi # check for Ubuntu 22.04 (jammy) or Debian 12 (bookworm) os_codename=`lsb_release -cs` if [ $os_codename != jammy ] && [ $os_codename != bookworm ]; then echo "This installer only runs on Ubuntu 22.04 (jammy) or Debian 12 (Bookworm), bailing out." exit 1 fi # check for existing web server software installs if [ -d "/etc/letsencrypt/" ] || [ -d "/opt/certbot/" ] || [ -f "/usr/bin/certbot" ]; then echo "NOTICE: Let's Encrypt is already installed." echo "You must purge any existing certbot installs before running this." exit 1 fi if [ ! -f "/usr/local/bin/vhost.sh" ]; then echo "NOTICE: This package requires that Vhost Stack is installed first." echo "https://git.stack-source.com/msb/vhost-stack" exit 1 fi # Old apt installation instructions #apt-get update #DEBIAN_FRONTEND=noninteractive apt-get -y install certbot python3-certbot python3-certbot-apache # New pip method - gets latest version, and is needed for certbot-dns-powerdns on Debian 12 Bookworm & Ubuntu 24.04 Noble DEBIAN_FRONTEND=noninteractive apt-get -y install python3-pip python3-wheel python3-venv libaugeas0 python3 -m venv /opt/certbot /opt/certbot/bin/pip install --upgrade pip # pyyaml==5.3.1 currently needed by certbot-dns-powerdns /opt/certbot/bin/pip install certbot certbot-apache certbot-dns-powerdns pyyaml==5.3.1 ln -s /opt/certbot/bin/certbot /usr/bin/certbot cp etc/cron.d/cerbot /etc/cron.d/cerbot chmod 644 /etc/cron.d/cerbot mkdir /etc/ssl/letsencrypt chmod 750 /etc/ssl/letsencrypt chgrp ssl-cert /etc/ssl/letsencrypt # Let's Encrypt configurations chown -R root:root etc/ cp -a etc/* /etc/ chmod 644 /etc/letsencrypt/cli.ini chmod 750 /etc/letsencrypt/renewal-hooks/*/*.sh chmod 644 /etc/cron.d/certbot a2enmod --quiet proxy proxy_http a2enconf --quiet certbot systemctl restart apache2 # install Let's Encrypt user scripts cp bin/letsencrypt-* /usr/local/bin chmod 755 /usr/local/bin/letsencrypt-* # install Deploy tools used by vpanel-stack cp sbin/letsencrypt-deploy.sh /usr/local/sbin/ chmod 750 /usr/local/sbin/letsencrypt-deploy.sh cp systemd/letsencrypt-* /usr/local/lib/systemd/system/ chmod 644 /usr/local/lib/systemd/system/letsencrypt-* systemctl daemon-reload systemctl enable --now letsencrypt-deploy.path echo fqdn=`hostname -f` if [ -n "$fqdn" ]; then echo "email = webmaster@$fqdn" >> /etc/letsencrypt/cli.ini echo "Let's Encrypt email set to webmaster@$fqdn" echo "This can be changed by editing /etc/letsencrypt/cli.ini." else echo "Server DNS domain name not set, Let's Encrypt email setting left unconfigured." fi