From bc5d30f40038de212ade8e2961892ef1699c7095 Mon Sep 17 00:00:00 2001 From: Martin Winkler Date: Fri, 13 Dec 2019 23:48:06 +0100 Subject: [PATCH] New sequence certbot for install and update of certificates --- seqs/certbot.cfg.example | 22 ++++++++++ seqs/certbot.sh | 86 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 108 insertions(+) create mode 100644 seqs/certbot.cfg.example create mode 100755 seqs/certbot.sh diff --git a/seqs/certbot.cfg.example b/seqs/certbot.cfg.example new file mode 100644 index 0000000..c43b29e --- /dev/null +++ b/seqs/certbot.cfg.example @@ -0,0 +1,22 @@ +#!/bin/bash + +# Web root path where certbot will place the ACME challenge files +# +# A nginx example location which needs to placed in the server config listening on port 80 +# for the first time and also in the config listeing on port 443 for renewals: +# +# location ^~ /.well-known/acme-challenge/ { +# default_type "text/plain"; +# root /var/www/letsencrypt; +# } +CERTBOT_WEBROOT="/var/www/letsencrypt" + +# Email address for important account notifications +CERTBOT_MAIL="postmaster@mydomain.eu" + +# List you domains here. +# The first will be the subject CN and all other will be listed as Subject Alternative Names. +CERTBOT_DOMAINS=(\ + mydomain.eu \ + www.mydomain.eu \ + ) diff --git a/seqs/certbot.sh b/seqs/certbot.sh new file mode 100755 index 0000000..3fd0bb8 --- /dev/null +++ b/seqs/certbot.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +# Certbot installation and creation supporting Raspbian and Ubuntu. +# Certificate can be created/updated as "certonly" only. + +toolName=certbot + +# Get script working directory +# (when called from a different directory) +WDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >>/dev/null 2>&1 && pwd )" +CONFIG_FILE="$WDIR/${toolName}.cfg" +CONFIG_FILE_DEFAULT="${CONFIG_FILE}.example" + +step_config() { + if [ ! -s "$CONFIG_FILE" ] && [ ! -s "$CONFIG_FILE_DEFAULT" ] ; then + echoerr " [E] No configuration \"$CONFIG_FILE_DEFAULT\" or \"$CONFIG_FILE\" found" + exit 1; + fi + if [ -s "$CONFIG_FILE" ] ; then + . "$CONFIG_FILE" + else + echoerr " [E] No user configuration \"$CONFIG_FILE\" found. (See template $CONFIG_FILE_DEFAULT)" + fi +} + +step_1_info() { echo "Install $toolName for letsencrypt"; } +step_1_alias() { ALIAS="install"; } +step_1() { + local osName= + local distName= + + if [ "$(which lsb_release)" == "" ] ; then + echoerr " [W] Cannot detect OS. Assuming Ubuntu" + osName="Ubuntu" + else + osName=$(lsb_release -is) + distName=$(lsb_release -cs) + fi + + if [ "$osName" == "" ] ; then + echoerr " [W] Error dedecting OS. Assuming Ubuntu" + osName="Ubuntu" + fi + + echo " [I] Detected OS: $osName $distName" + + local aptOption= + if [ $QUIET -ne 0 ] ; then + aptOption="-y" + else + aptOption="" + fi + + if [ "$osName" == "Ubuntu" ] ; then + exe apt-get update + exe apt-get install software-properties-common $aptOption + saveReturn $? + exe add-apt-repository universe $aptOption + saveReturn $? + exe add-apt-repository ppa:certbot/certbot $aptOption + saveReturn $? + exe apt-get update + + exe apt-get install $toolName $aptOption + saveReturn $? + endReturn "$toolName installation for $osName failed" + elif [ "$osName" == "Raspbian" ] ; then + exe apt update + exe apt install certbot + endReturn "$toolName installation for $osName failed" + fi +} + +step_2_info() { echo "Create or update letsencrypt certificate"; } +step_2_alias() { ALIAS="update"; } +step_2() { + endCheckEmpty CERTBOT_DOMAINS "Invalid domain list" + endCheckEmpty CERTBOT_WEBROOT "Invalid web root" + endCheckEmpty CERTBOT_MAIL "Invalid mail address" + + exe certbot certonly --webroot -w "$CERTBOT_WEBROOT" --rsa-key-size 4096 --expand --agree-tos \ + -m "$CERTBOT_MAIL" ${CERTBOT_DOMAINS[@]/#/-d } +} + +VERSION_SEQREV=8 +. /usr/local/bin/sequencer.sh