Like 0
Fork 0

Last active 6 months ago

Jan Wagner revised this gist 4 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

deploy_dehydrated.sh

@@ -11,7 +11,7 @@ if [ "$(lsb_release -cs)" = "jessie" ]; then
11 11 fi
12 12 PACKAGES="dehydrated dehydrated-apache2"
13 13
14 - apt-get install ${BPO} ${PACKAGES}
14 + apt-get install -y ${BPO} ${PACKAGES}
15 15
16 16 if [ ! -x ${CRON} ]; then
17 17 cat > ${CRON} <<EOF

Jan Wagner revised this gist 5 years ago. Go to revision

1 file changed, 1 insertion, 6 deletions

README.md

@@ -22,12 +22,7 @@ If you are hit by [Provided agreement URL ... does not match current agreement U
22 22
23 23 ## Linking certs and keys into usual places:
24 24 ```
25 - for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\
26 - [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/${CERT}.key ] && \
27 - ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\
28 - [ -f /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/${CERT}.pem ] && \
29 - ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\
30 - done
25 + /usr/local/sbin/dehydrated_create_links
31 26 ```
32 27
33 28 For distributed setups you might want to have a look into [Using redirects](https://nekudo.com/blog/letsencrypt-in-a-multiserver-environment) or [Use and automate letsencrypt certificates (ACME) in an high-availability environment](https://chr4.org/blog/2016/11/14/use-letsencrypt-acme-in-an-high-availability-environment/).

Jan Wagner revised this gist 5 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

deploy_dehydrated.sh

@@ -23,7 +23,7 @@ fi
23 23
24 24 cat > ${LINKSCRIPT} << EOF
25 25 #!/bin/bash
26 - for CERT in \$(awk {'print $1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/\${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
26 + for CERT in \$(awk {'print \$1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/\${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
27 27 EOF
28 28 chmod +x ${LINKSCRIPT}
29 29

Jan Wagner revised this gist 5 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

deploy_dehydrated.sh

@@ -23,7 +23,7 @@ fi
23 23
24 24 cat > ${LINKSCRIPT} << EOF
25 25 #!/bin/bash
26 - for CERT in \$(awk {'print $1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/£${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
26 + for CERT in \$(awk {'print $1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/\${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
27 27 EOF
28 28 chmod +x ${LINKSCRIPT}
29 29

Jan Wagner revised this gist 5 years ago. Go to revision

1 file changed, 3 insertions, 2 deletions

deploy_dehydrated.sh

@@ -3,6 +3,7 @@ CRON="/etc/cron.daily/dehydrated_autorenew"
3 3 CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh"
4 4 CONFIGNAME="$(basename ${CONFIGURL})"
5 5 CONFIGPATH="/etc/dehydrated/conf.d/"
6 + LINKSCRIPT="/usr/local/sbin/dehydrated_create_links"
6 7 HOOKNAME="hook.sh"
7 8 HOOKPATH="/etc/dehydrated/"
8 9 if [ "$(lsb_release -cs)" = "jessie" ]; then
@@ -20,11 +21,11 @@ EOF
20 21 chmod +x ${CRON}
21 22 fi
22 23
23 - cat > /usr/local/sbin/dehydrated_create_links << EOF
24 + cat > ${LINKSCRIPT} << EOF
24 25 #!/bin/bash
25 26 for CERT in \$(awk {'print $1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/£${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
26 27 EOF
27 - chmod +x /usr/local/sbin/dehydrated_create_links
28 + chmod +x ${LINKSCRIPT}
28 29
29 30 # Fix #941414 (for now)
30 31 sed -i "s/grep Replay-Nonce:/grep -i ^Replay-Nonce:/" /usr/bin/dehydrated

Jan Wagner revised this gist 5 years ago. Go to revision

1 file changed, 6 insertions

deploy_dehydrated.sh

@@ -20,6 +20,12 @@ EOF
20 20 chmod +x ${CRON}
21 21 fi
22 22
23 + cat > /usr/local/sbin/dehydrated_create_links << EOF
24 + #!/bin/bash
25 + for CERT in \$(awk {'print $1'} /etc/dehydrated/domains.txt); do [ -f /var/lib/dehydrated/certs/£${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/\${CERT}.key ] && ln -s /var/lib/dehydrated/certs/\${CERT}/privkey.pem /etc/ssl/private/\${CERT}.key; [ -f /var/lib/dehydrated/certs/\${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/\${CERT}.pem ] && ln -s /var/lib/dehydrated/certs/\${CERT}/fullchain.pem /etc/ssl/certs/\${CERT}.pem;done
26 + EOF
27 + chmod +x /usr/local/sbin/dehydrated_create_links
28 +
23 29 # Fix #941414 (for now)
24 30 sed -i "s/grep Replay-Nonce:/grep -i ^Replay-Nonce:/" /usr/bin/dehydrated
25 31

Jan Wagner revised this gist 6 years ago. Go to revision

1 file changed, 3 insertions

deploy_dehydrated.sh

@@ -20,6 +20,9 @@ EOF
20 20 chmod +x ${CRON}
21 21 fi
22 22
23 + # Fix #941414 (for now)
24 + sed -i "s/grep Replay-Nonce:/grep -i ^Replay-Nonce:/" /usr/bin/dehydrated
25 +
23 26 [ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME}
24 27
25 28 sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME}

Jan Wagner revised this gist 6 years ago. Go to revision

1 file changed, 2 insertions, 2 deletions

README.md

@@ -1,4 +1,4 @@
1 - Deploying [dehydrated](http://dehydrated.de) for apache2 on Debian Jessie:
1 + ## Deploying [dehydrated](http://dehydrated.de) for apache2 on Debian Jessie:
2 2
3 3 ```
4 4 wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_dehydrated.sh \
@@ -20,7 +20,7 @@ If you are hit by [Provided agreement URL ... does not match current agreement U
20 20 /usr/bin/dehydrated -c --accept-terms && /etc/cron.daily/dehydrated_autorenew
21 21 ```
22 22
23 - Linking certs and keys into usual places:
23 + ## Linking certs and keys into usual places:
24 24 ```
25 25 for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\
26 26 [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/${CERT}.key ] && \

waja revised this gist 7 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

deploy_dehydrated.sh

@@ -15,7 +15,7 @@ apt-get install ${BPO} ${PACKAGES}
15 15 if [ ! -x ${CRON} ]; then
16 16 cat > ${CRON} <<EOF
17 17 #!/bin/bash
18 - test -x /usr/bin/dehydrated && /usr/bin/dehydrated -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|Certificate will not expire|^$)"; exit 0
18 + test -x /usr/bin/dehydrated && /usr/bin/dehydrated -c -g | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|Certificate will not expire|^$)"; exit 0
19 19 EOF
20 20 chmod +x ${CRON}
21 21 fi

Jan Wagner revised this gist 8 years ago. Go to revision

1 file changed, 7 insertions, 1 deletion

README.md

@@ -14,6 +14,12 @@ Running the cronjob for initial request of certs:
14 14 /etc/cron.daily/dehydrated_autorenew
15 15 ```
16 16
17 + If you are hit by [Provided agreement URL ... does not match current agreement URL ...](https://github.com/lukas2511/dehydrated/issues/248) you need to use at least dehydrated 0.4.0, for example from stretch-backports. Use:
18 +
19 + ```
20 + /usr/bin/dehydrated -c --accept-terms && /etc/cron.daily/dehydrated_autorenew
21 + ```
22 +
17 23 Linking certs and keys into usual places:
18 24 ```
19 25 for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\
@@ -24,4 +30,4 @@ for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\
24 30 done
25 31 ```
26 32
27 - For distributed setups you might want to have a look into [Using redirects](https://nekudo.com/blog/letsencrypt-in-a-multiserver-environment) or [Use and automate letsencrypt certificates (ACME) in an high-availability environment](https://chr4.org/blog/2016/11/14/use-letsencrypt-acme-in-an-high-availability-environment/).
33 + For distributed setups you might want to have a look into [Using redirects](https://nekudo.com/blog/letsencrypt-in-a-multiserver-environment) or [Use and automate letsencrypt certificates (ACME) in an high-availability environment](https://chr4.org/blog/2016/11/14/use-letsencrypt-acme-in-an-high-availability-environment/).
Newer Older

Powered by Opengist Load: 19ms

English