-
Notifications
You must be signed in to change notification settings - Fork 1
/
le.sh
75 lines (56 loc) · 2.02 KB
/
le.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
#!/usr/bin/env bash
set -e -o pipefail
if [ $# -ne 1 ]; then
echo $0: "usage: le domain"
exit 1
fi
DOMAIN=$1
if ! [ -x "$(command -v certbot)" ]; then
SOURCES="/etc/apt/sources.list.d/raspi.list"
#Raspbian fix. See https://github.com/certbot/certbot/issues/2673 for details
RASPBIAN_TESTING="deb http://mirrordirector.raspbian.org/raspbian/ testing main contrib non-free rpi"
if ! grep --quiet "^$RASPBIAN_TESTING" /etc/apt/sources.list /etc/apt/sources.list.d/*.list; then
echo "Applying fix for raspbian certbot install"
echo "$RASPBIAN_TESTING" >> /etc/apt/sources.list
fi
echo "Installing certbot..."
apt-get update
apt-get install \
--no-install-recommends \
--assume-yes \
--force-yes \
--target-release testing \
certbot
echo "Installed certbot!"
fi
#We stop haproxy to run the certbot as a acme server on port 80
#TODO update haproxy config to forward acme requests to certbot so we can avoid downtime
echo "Stopping haproxy..."
service haproxy stop
echo "haproxy stopped!"
echo "Registering $DOMAIN with letsencrypt..."
certbot certonly \
--standalone \
--agree-tos \
--non-interactive \
--register-unsafely-without-email \
--domain $DOMAIN \
--domain www.$DOMAIN \
--preferred-challenges http \
--http-01-port 80
echo "Registered $DOMAIN with letsencrypt!"
#TODO modify haproxy config instead of overwriting the included octopi self signed cert
SELF_SIGNED_CERT="/etc/ssl/snakeoil.pem"
LETS_ENCRYPT_CERT="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"
LETS_ENCRYPT_PRIV_KEY="/etc/letsencrypt/live/$DOMAIN/privkey.pem"
if [ -f $LETS_ENCRYPT_CERT ] && [ -f $LETS_ENCRYPT_CERT ]; then
echo "Overwriting the self-signed cert with one from letsencrypt..."
rm --force $SELF_SIGNED_CERT
cat $LETS_ENCRYPT_CERT $LETS_ENCRYPT_PRIV_KEY > $SELF_SIGNED_CERT
echo "Overwrote the self-signed cert with one from letsencrypt!"
fi
echo "Starting haproxy..."
service haproxy start
echo "haproxy started!"
#TODO create cronjob to autorenew cert
echo "You should now open your browser to https://$DOMAIN to view the website"