Jan Wagner revised this gist 9 years ago. Go to revision
1 file changed, 2 insertions, 2 deletions
README.md
| @@ -17,9 +17,9 @@ Running the cronjob for initial request of certs: | |||
| 17 | 17 | Linking certs and keys into usual places: | |
| 18 | 18 | ``` | |
| 19 | 19 | for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\ | |
| 20 | - | [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && \ | |
| 20 | + | [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && ! [ -L /etc/ssl/private/${CERT}.key ] && \ | |
| 21 | 21 | ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\ | |
| 22 | - | [ -f /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && \ | |
| 22 | + | [ -f /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && ! [ -L /etc/ssl/certs/${CERT}.pem ] && \ | |
| 23 | 23 | ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\ | |
| 24 | 24 | done | |
| 25 | 25 | ``` | |
waja revised this gist 9 years ago. Go to revision
1 file changed, 1 insertion, 1 deletion
deploy_dehydrated.sh
| @@ -19,4 +19,4 @@ fi | |||
| 19 | 19 | [ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME} | |
| 20 | 20 | ||
| 21 | 21 | sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME} | |
| 22 | - | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME} | |
| 22 | + | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n\n# See also https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh\n\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME} | |
waja revised this gist 9 years ago. Go to revision
1 file changed, 2 insertions, 2 deletions
README.md
| @@ -17,9 +17,9 @@ Running the cronjob for initial request of certs: | |||
| 17 | 17 | Linking certs and keys into usual places: | |
| 18 | 18 | ``` | |
| 19 | 19 | for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\ | |
| 20 | - | [ -e /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && \ | |
| 20 | + | [ -f /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && \ | |
| 21 | 21 | ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\ | |
| 22 | - | [ -e /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && \ | |
| 22 | + | [ -f /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && \ | |
| 23 | 23 | ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\ | |
| 24 | 24 | done | |
| 25 | 25 | ``` | |
waja revised this gist 9 years ago. Go to revision
No changes
Jan Wagner revised this gist 9 years ago. Go to revision
1 file changed, 21 insertions
migrate2dehydrated.sh(file created)
| @@ -0,0 +1,21 @@ | |||
| 1 | + | # install (transition) package | |
| 2 | + | aptitude -t jessie-backports install letsencrypt.sh letsencrypt.sh-apache2 && \ | |
| 3 | + | # migrate config over to dehydrated | |
| 4 | + | sed -i s/letsencrypt\.sh/dehydrated/g /etc/cron.daily/letsencrypt_autorenew && mv /etc/cron.daily/letsencrypt_autorenew /etc/cron.daily/dehydrated_autorenew && \ | |
| 5 | + | mv /var/lib/letsencrypt.sh/certs/ /var/lib/letsencrypt.sh/accounts/ /var/lib/dehydrated/ && \ | |
| 6 | + | mv /etc/letsencrypt.sh/conf.d/* /etc/dehydrated/conf.d/ && \ | |
| 7 | + | mv /etc/letsencrypt.sh/domains.txt /etc/letsencrypt.sh/hook.sh /etc/dehydrated/ && \ | |
| 8 | + | sed -i s/letsencrypt\.sh/dehydrated/g /etc/dehydrated/conf.d/* | |
| 9 | + | ||
| 10 | + | # migrate certificate links to dehydrated | |
| 11 | + | for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do \ | |
| 12 | + | test -L /etc/ssl/certs/$CERT.pem && rm /etc/ssl/certs/$CERT.pem; \ | |
| 13 | + | test -L /etc/ssl/private/$CERT.key && rm /etc/ssl/private/$CERT.key; \ | |
| 14 | + | test -e /var/lib/dehydrated/certs/${CERT}/privkey.pem && \ | |
| 15 | + | ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key; \ | |
| 16 | + | test -e /var/lib/dehydrated/certs/${CERT}/fullchain.pem && \ | |
| 17 | + | ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem; \ | |
| 18 | + | done | |
| 19 | + | ||
| 20 | + | # remove obsolete apache configuration and reload apache2 | |
| 21 | + | rm /etc/apache2/conf-available/letsencrypt.sh.conf /etc/apache2/conf-enabled/letsencrypt.sh.conf && /etc/init.d/apache2 reload | |
Jan Wagner revised this gist 9 years ago. Go to revision
3 files changed, 17 insertions, 17 deletions
README.md
| @@ -1,25 +1,25 @@ | |||
| 1 | - | Deploying [letsencrypt.sh](http://letsencrypt.sh) for apache2 on Debian Jessie: | |
| 1 | + | Deploying [dehydrated](http://dehydrated.de) for apache2 on Debian Jessie: | |
| 2 | 2 | ||
| 3 | 3 | ``` | |
| 4 | - | wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_letsencrypth.sh \ | |
| 5 | - | -O /tmp/deploy_letsencrypth.sh && \ | |
| 6 | - | bash /tmp/deploy_letsencrypth.sh <registration email> | |
| 4 | + | wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_dehydrated.sh \ | |
| 5 | + | -O /tmp/deploy_dehydrated.sh && \ | |
| 6 | + | bash /tmp/deploy_dehydrated.sh <registration email> | |
| 7 | 7 | ``` | |
| 8 | 8 | ||
| 9 | - | Now you need to create ```/etc/letsencrypt.sh/domains.txt``` like [documented](https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md). | |
| 9 | + | Now you need to create ```/etc/dehydrated/domains.txt``` like [documented](https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md). | |
| 10 | 10 | ||
| 11 | 11 | Running the cronjob for initial request of certs: | |
| 12 | 12 | ||
| 13 | 13 | ``` | |
| 14 | - | /etc/cron.daily/letsencrypt_autorenew | |
| 14 | + | /etc/cron.daily/dehydrated_autorenew | |
| 15 | 15 | ``` | |
| 16 | 16 | ||
| 17 | 17 | Linking certs and keys into usual places: | |
| 18 | 18 | ``` | |
| 19 | - | for CERT in $(awk {'print $1'} /etc/letsencrypt.sh/domains.txt); do\ | |
| 20 | - | [ -e /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem ] || \ | |
| 21 | - | ln -s /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\ | |
| 22 | - | [ -e /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem ] || \ | |
| 23 | - | ln -s /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\ | |
| 19 | + | for CERT in $(awk {'print $1'} /etc/dehydrated/domains.txt); do\ | |
| 20 | + | [ -e /var/lib/dehydrated/certs/${CERT}/privkey.pem ] && \ | |
| 21 | + | ln -s /var/lib/dehydrated/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\ | |
| 22 | + | [ -e /var/lib/dehydrated/certs/${CERT}/fullchain.pem ] && \ | |
| 23 | + | ln -s /var/lib/dehydrated/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\ | |
| 24 | 24 | done | |
| 25 | 25 | ``` | |
deploy_letsencrypth.sh renamed to deploy_dehydrated.sh
| @@ -1,18 +1,18 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | - | CRON="/etc/cron.daily/letsencrypt_autorenew" | |
| 2 | + | CRON="/etc/cron.daily/dehydrated_autorenew" | |
| 3 | 3 | CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh" | |
| 4 | 4 | CONFIGNAME="$(basename ${CONFIGURL})" | |
| 5 | - | CONFIGPATH="/etc/letsencrypt.sh/conf.d/" | |
| 5 | + | CONFIGPATH="/etc/dehydrated/conf.d/" | |
| 6 | 6 | HOOKNAME="hook.sh" | |
| 7 | - | HOOKPATH="/etc/letsencrypt.sh/" | |
| 7 | + | HOOKPATH="/etc/dehydrated/" | |
| 8 | 8 | SUITE="jessie-backports" | |
| 9 | - | PACKAGES="letsencrypt.sh letsencrypt.sh-apache2" | |
| 9 | + | PACKAGES="dehydrated dehydrated-apache2" | |
| 10 | 10 | ||
| 11 | 11 | apt-get install -t ${SUITE} ${PACKAGES} | |
| 12 | 12 | ||
| 13 | 13 | if [ ! -x ${CRON} ]; then | |
| 14 | 14 | echo '#!/bin/bash' > ${CRON} | |
| 15 | - | echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"; exit 0' >> ${CRON} | |
| 15 | + | echo 'test -x /usr/bin/dehydrated && /usr/bin/dehydrated -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"; exit 0' >> ${CRON} | |
| 16 | 16 | chmod +x ${CRON} | |
| 17 | 17 | fi | |
| 18 | 18 | ||
local.sh
| @@ -11,7 +11,7 @@ | |||
| 11 | 11 | # | |
| 12 | 12 | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program | |
| 13 | 13 | # default: <unset> | |
| 14 | - | HOOK='/etc/letsencrypt.sh/hook.sh' | |
| 14 | + | HOOK='/etc/dehydrated/hook.sh' | |
| 15 | 15 | ||
| 16 | 16 | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) | |
| 17 | 17 | HOOK_CHAIN="yes" | |
Jan Wagner revised this gist 9 years ago. Go to revision
1 file changed, 1 insertion, 1 deletion
deploy_letsencrypth.sh
| @@ -12,7 +12,7 @@ apt-get install -t ${SUITE} ${PACKAGES} | |||
| 12 | 12 | ||
| 13 | 13 | if [ ! -x ${CRON} ]; then | |
| 14 | 14 | echo '#!/bin/bash' > ${CRON} | |
| 15 | - | echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"' >> ${CRON} | |
| 15 | + | echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"; exit 0' >> ${CRON} | |
| 16 | 16 | chmod +x ${CRON} | |
| 17 | 17 | fi | |
| 18 | 18 | ||
Jan Wagner revised this gist 9 years ago. Go to revision
1 file changed, 25 insertions
README.md(file created)
| @@ -0,0 +1,25 @@ | |||
| 1 | + | Deploying [letsencrypt.sh](http://letsencrypt.sh) for apache2 on Debian Jessie: | |
| 2 | + | ||
| 3 | + | ``` | |
| 4 | + | wget https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/deploy_letsencrypth.sh \ | |
| 5 | + | -O /tmp/deploy_letsencrypth.sh && \ | |
| 6 | + | bash /tmp/deploy_letsencrypth.sh <registration email> | |
| 7 | + | ``` | |
| 8 | + | ||
| 9 | + | Now you need to create ```/etc/letsencrypt.sh/domains.txt``` like [documented](https://github.com/lukas2511/dehydrated/blob/master/docs/domains_txt.md). | |
| 10 | + | ||
| 11 | + | Running the cronjob for initial request of certs: | |
| 12 | + | ||
| 13 | + | ``` | |
| 14 | + | /etc/cron.daily/letsencrypt_autorenew | |
| 15 | + | ``` | |
| 16 | + | ||
| 17 | + | Linking certs and keys into usual places: | |
| 18 | + | ``` | |
| 19 | + | for CERT in $(awk {'print $1'} /etc/letsencrypt.sh/domains.txt); do\ | |
| 20 | + | [ -e /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem ] || \ | |
| 21 | + | ln -s /var/lib/letsencrypt.sh/certs/${CERT}/privkey.pem /etc/ssl/private/${CERT}.key;\ | |
| 22 | + | [ -e /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem ] || \ | |
| 23 | + | ln -s /var/lib/letsencrypt.sh/certs/${CERT}/fullchain.pem /etc/ssl/certs/${CERT}.pem;\ | |
| 24 | + | done | |
| 25 | + | ``` | |
Jan Wagner revised this gist 9 years ago. Go to revision
1 file changed, 1 insertion, 1 deletion
deploy_letsencrypth.sh
| @@ -19,4 +19,4 @@ fi | |||
| 19 | 19 | [ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME} | |
| 20 | 20 | ||
| 21 | 21 | sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME} | |
| 22 | - | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} | |
| 22 | + | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} && chmod +x ${HOOKPATH}/${HOOKNAME} | |
Jan Wagner revised this gist 9 years ago. Go to revision
2 files changed, 45 insertions
deploy_letsencrypth.sh(file created)
| @@ -0,0 +1,22 @@ | |||
| 1 | + | #!/bin/bash | |
| 2 | + | CRON="/etc/cron.daily/letsencrypt_autorenew" | |
| 3 | + | CONFIGURL="https://gist.githubusercontent.com/waja/8df78afb09691e4f383d818685f48885/raw/local.sh" | |
| 4 | + | CONFIGNAME="$(basename ${CONFIGURL})" | |
| 5 | + | CONFIGPATH="/etc/letsencrypt.sh/conf.d/" | |
| 6 | + | HOOKNAME="hook.sh" | |
| 7 | + | HOOKPATH="/etc/letsencrypt.sh/" | |
| 8 | + | SUITE="jessie-backports" | |
| 9 | + | PACKAGES="letsencrypt.sh letsencrypt.sh-apache2" | |
| 10 | + | ||
| 11 | + | apt-get install -t ${SUITE} ${PACKAGES} | |
| 12 | + | ||
| 13 | + | if [ ! -x ${CRON} ]; then | |
| 14 | + | echo '#!/bin/bash' > ${CRON} | |
| 15 | + | echo 'test -x /usr/bin/letsencrypt.sh && /usr/bin/letsencrypt.sh -c | grep -v -E "(^#|^Processing|Skipping renew|unchanged|Checking expire date of existing cert|^$)"' >> ${CRON} | |
| 16 | + | chmod +x ${CRON} | |
| 17 | + | fi | |
| 18 | + | ||
| 19 | + | [ -f ${CONFIGPATH}/${CONFIGNAME} ] || wget ${CONFIGURL} -O ${CONFIGPATH}/${CONFIGNAME} | |
| 20 | + | ||
| 21 | + | sed -i "s/^CONTACT_EMAIL=*/CONTACT_EMAIL=${1}/" ${CONFIGPATH}/${CONFIGNAME} | |
| 22 | + | [ -f ${HOOKPATH}/${HOOKNAME} ] || printf '#!/bin/sh\n[ "$1" != "deploy_cert" ] || /usr/sbin/service apache2 restart' > ${HOOKPATH}/${HOOKNAME} | |
local.sh(file created)
| @@ -0,0 +1,23 @@ | |||
| 1 | + | # Path to certificate authority (default: https://acme-v01.api.letsencrypt.org/directory) | |
| 2 | + | #CA="https://acme-v01.api.letsencrypt.org/directory" | |
| 3 | + | ||
| 4 | + | # Program or function called in certain situations | |
| 5 | + | # | |
| 6 | + | # After generating the challenge-response, or after failed challenge (in this case altname is empty) | |
| 7 | + | # Given arguments: clean_challenge|deploy_challenge altname token-filename token-content | |
| 8 | + | # | |
| 9 | + | # After successfully signing certificate | |
| 10 | + | # Given arguments: deploy_cert domain path/to/privkey.pem path/to/cert.pem path/to/fullchain.pem | |
| 11 | + | # | |
| 12 | + | # BASEDIR and WELLKNOWN variables are exported and can be used in an external program | |
| 13 | + | # default: <unset> | |
| 14 | + | HOOK='/etc/letsencrypt.sh/hook.sh' | |
| 15 | + | ||
| 16 | + | # Chain clean_challenge|deploy_challenge arguments together into one hook call per certificate (default: no) | |
| 17 | + | HOOK_CHAIN="yes" | |
| 18 | + | ||
| 19 | + | # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 | |
| 20 | + | #KEY_ALGO=rsa | |
| 21 | + | ||
| 22 | + | # E-mail to use during the registration (default: <unset>) | |
| 23 | + | CONTACT_EMAIL= | |