README.md
· 973 B · Markdown
Brut
Deploying [letsencrypt.sh](http://letsencrypt.sh) for apache2 on Debian Jessie:
```
wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_letsencrypth.sh \
-O /tmp/deploy_letsencrypth.sh && \
bash /tmp/deploy_letsencrypth.sh <registration email>
```
Now you need to create ```/etc/letsencrypt.sh/domains.txt``` like [documented](https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md).
Running the cronjob for initial request of certs:
```
/etc/cron.daily/letsencrypt_autorenew
```
Linking certs and keys into usual places:
```
for CERT in $(awk {'print $1'} /etc/letsencrypt.sh/domains.txt); do\
[ -e /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem ] || \
ln -s /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\
[ -e /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem ] || \
ln -s /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\
done
```
Deploying letsencrypt.sh for apache2 on Debian Jessie:
wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_letsencrypth.sh \
-O /tmp/deploy_letsencrypth.sh && \
bash /tmp/deploy_letsencrypth.sh <registration email>
Now you need to create /etc/letsencrypt.sh/domains.txt like documented.
Running the cronjob for initial request of certs:
/etc/cron.daily/letsencrypt_autorenew
Linking certs and keys into usual places:
for CERT in $(awk {'print $1'} /etc/letsencrypt.sh/domains.txt); do\
[ -e /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem ] || \
ln -s /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\
[ -e /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem ] || \
ln -s /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\
done
deploy_letsencrypth.sh
· 1009 B · Bash
Brut
#!/bin/bash
CRON="/etc/cron.daily/letsencrypt_autorenew"
CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh"
CONFIGNAME="$(basename ${CONFIGURL})"
CONFIGPATH="/etc/letsencrypt.sh/conf.d/"
HOOKNAME="hook.sh"
HOOKPATH="/etc/letsencrypt.sh/"
SUITE="jessie-backports"
PACKAGES="letsencrypt.sh letsencrypt.sh-apache2"
apt-get install -t ${SUITE} ${PACKAGES}
if [ ! -x ${CRON} ]; then
echo '#!/bin/bash' > ${CRON}
echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"; exit 0' >> ${CRON}
chmod +x ${CRON}
fi
[ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME}
sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME}
[ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME}
| 1 | #!/bin/bash |
| 2 | CRON="/etc/cron.daily/letsencrypt_autorenew" |
| 3 | CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh" |
| 4 | CONFIGNAME="$(basename ${CONFIGURL})" |
| 5 | CONFIGPATH="/etc/letsencrypt.sh/conf.d/" |
| 6 | HOOKNAME="hook.sh" |
| 7 | HOOKPATH="/etc/letsencrypt.sh/" |
| 8 | SUITE="jessie-backports" |
| 9 | PACKAGES="letsencrypt.sh letsencrypt.sh-apache2" |
| 10 | |
| 11 | apt-get install -t ${SUITE} ${PACKAGES} |
| 12 | |
| 13 | if [ ! -x ${CRON} ]; then |
| 14 | echo '#!/bin/bash' > ${CRON} |
| 15 | echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"; exit 0' >> ${CRON} |
| 16 | chmod +x ${CRON} |
| 17 | fi |
| 18 | |
| 19 | [ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME} |
| 20 | |
| 21 | sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME} |
| 22 | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME} |
| 23 |
local.sh
· 972 B · Bash
Brut
# Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory)
#CA="https://acme-v01.api.letsencrypt.org/directory"
# Program or function called in certain situations
#
# After generating the challenge-response, or after failed challenge (in this case altname is empty)
# Given arguments: clean_challenge|deploy_challenge altname token-filename token-content
#
# After successfully signing certificate
# Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem
#
# BASEDIR and WELLKNOWN variables are exported and can be used in an external program
# default: <unset>
HOOK='/etc/letsencrypt.sh/hook.sh'
# Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no)
HOOK_CHAIN="yes"
# Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=rsa
# E-mail to use during the registration (default: <unset>)
CONTACT_EMAIL=
| 1 | # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) |
| 2 | #CA="https://acme-v01.api.letsencrypt.org/directory" |
| 3 | |
| 4 | # Program or function called in certain situations |
| 5 | # |
| 6 | # After generating the challenge-response, or after failed challenge (in this case altname is empty) |
| 7 | # Given arguments: clean_challenge|deploy_challenge altname token-filename token-content |
| 8 | # |
| 9 | # After successfully signing certificate |
| 10 | # Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem |
| 11 | # |
| 12 | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program |
| 13 | # default: <unset> |
| 14 | HOOK='/etc/letsencrypt.sh/hook.sh' |
| 15 | |
| 16 | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) |
| 17 | HOOK_CHAIN="yes" |
| 18 | |
| 19 | # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 |
| 20 | #KEY_ALGO=rsa |
| 21 | |
| 22 | # E-mail to use during the registration (default: <unset>) |
| 23 | CONTACT_EMAIL= |
| 24 |