gist:4cc1e9ca87c0495397c7e51f647bd408

README.md · 1017 B · Markdown Brut

Deploying dehydrated for apache2 on Debian Jessie:

wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_dehydrated.sh \
 -O /tmp/deploy_dehydrated.sh && \
 bash /tmp/deploy_dehydrated.sh <registration email>

Now you need to create /etc/dehydrated/domains.txt like documented.

Running the cronjob for initial request of certs:

/etc/cron.daily/dehydrated_autorenew

Linking certs and keys into usual places:

for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\
 [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/${CERT}.key ] && \
   ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\
 [ -f /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/${CERT}.pem ] && \
   ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\
done

deploy_dehydrated.sh · 1.0 KiB · Bash Brut

1	#!/bin/bash
2	CRON="/etc/cron.daily/dehydrated_autorenew"
3	CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh"
4	CONFIGNAME="$(basename ${CONFIGURL})"
5	CONFIGPATH="/etc/dehydrated/conf.d/"
6	HOOKNAME="hook.sh"
7	HOOKPATH="/etc/dehydrated/"
8	SUITE="jessie-backports"
9	PACKAGES="dehydrated dehydrated-apache2"
10
11	apt-get install -t ${SUITE} ${PACKAGES}
12
13	if [ ! -x ${CRON} ]; then
14	echo '#!/bin/bash' > ${CRON}
15	echo 'test -x /usr/bin/dehydrated && /usr/bin/dehydrated -c \| grep -v -E "(^#\|^Processing\|Skipping renew\|unchanged\|Checking expire date of existing cert\|^$)"; exit 0' >> ${CRON}
16	chmod +x ${CRON}
17	fi
18
19	[ -f ${CONFIGPATH}/${CONFIGNAME} ] \|\| wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME}
20
21	sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME}
22	[ -f ${HOOKPATH}/${HOOKNAME} ] \|\| printf '#!/bin/sh\n\n# See also https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh\n\n[ "$1" != "deploy_cert" ] \|\| /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME}
23

lighttpd_dehydrated.conf · 90 B · Text Brut

1	alias.url += (
2	"/.well-known/acme-challenge/" => "/var/lib/dehydrated/acme-challenges/",
3	)

local.sh · 968 B · Bash Brut

1	# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
2	#CA="https://acme-v01.api.letsencrypt.org/directory"
3
4	# Program or function called in certain situations
5	#
6	# After generating the challenge-response, or after failed challenge (in this case altname is empty)
7	# Given arguments: clean_challenge\|deploy_challenge altname token-filename token-content
8	#
9	# After successfully signing certificate
10	# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
11	#
12	# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
13	# default: <unset>
14	HOOK='/etc/dehydrated/hook.sh'
15
16	# Chain clean_challenge\|deploy_challenge arguments together into one hook call per certificate (default: no)
17	HOOK_CHAIN="yes"
18
19	# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
20	#KEY_ALGO=rsa
21
22	# E-mail to use during the registration (default: <unset>)
23	CONTACT_EMAIL=
24

migrate2dehydrated.sh · 1.3 KiB · Bash Brut

1	# install (transition) package
2	aptitude -t jessie-backports install letsencrypt.sh letsencrypt.sh-apache2 && \
3	# migrate config over to dehydrated
4	sed -i s/letsencrypt\.sh/dehydrated/g /etc/cron.daily/letsencrypt_autorenew && mv /etc/cron.daily/letsencrypt_autorenew /etc/cron.daily/dehydrated_autorenew && \
5	mv /var/lib/letsencrypt.sh/certs/ /var/lib/letsencrypt.sh/accounts/ /var/lib/dehydrated/ && \
6	mv /etc/letsencrypt.sh/conf.d/* /etc/dehydrated/conf.d/ && \
7	mv /etc/letsencrypt.sh/domains.txt /etc/letsencrypt.sh/hook.sh /etc/dehydrated/ && \
8	sed -i s/letsencrypt\.sh/dehydrated/g /etc/dehydrated/conf.d/*
9
10	# migrate certificate links to dehydrated
11	for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do \
12	test -L /etc/ssl/certs/$CERT.pem && rm /etc/ssl/certs/$CERT.pem; \
13	test -L /etc/ssl/private/$CERT.key && rm /etc/ssl/private/$CERT.key; \
14	test -e /var/lib/dehydrated/certs/${CERT}/privkey.pem && \
15	ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key; \
16	test -e /var/lib/dehydrated/certs/${CERT}/fullchain.pem && \
17	ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem; \
18	done
19
20	# remove obsolete apache configuration and reload apache2
21	rm /etc/apache2/conf-available/letsencrypt.sh.conf /etc/apache2/conf-enabled/letsencrypt.sh.conf && /etc/init.d/apache2 reload
22