Admins Welt

Admins Welt

adminswelt@hubzilla.fkn-systems.de

Der Affe für alles

Ort:: 381 (Netzwerk-)Käfig 8

Niedersachsen

Heimatstadt:: Braunschweig

Status:: Single

HowTo: LetsEncrypt

Wed, 24 Feb 2016 19:19:17 +0100

Admins Welt

adminswelt@hubzilla.fkn-systems.de

LetsEncrypt are used for simple use of SSL on Webservers.

Get and Care:

#!/bin/sh
_URL='[zrl=https://github.com/letsencrypt/letsencrypt.git]https://github.com/letsencrypt/letsencrypt.git[/zrl]'
_PATH='letsencrypt'
#-
if [ ! -d "${_PATH}" ] ; then
 git clone "${_URL}" "${_PATH}"
fi
#-
cd "${_PATH}"
git reset --hard
git pull
#-
python setup.py build
# - only need for installation
#sudo python setup.py install
#-
echo -e '\n\n # now use letsencrypt-auto --help\n'
./letsencrypt-auto --help
#-
exit

Use:

Once per day called by cron a script, that contains something like this:

_MY_HOSTS="$(ls -1 "/srv/www/vhosts/")"
for host in ${_MY_HOSTS} ; do
 ${PATH_TO_LE}/letsencrypt-auto -t --keep-until-expiring --agree-tos --email ${EMAIL} certonly --webroot --webroot-path ${HOSTROOTPATH} -d "${HOST}" -d "www.${HOST}"
# on some servers you have to rewrite the vhost.conf too. !!!WARNING!! DO A BACKUP AND TEST THIS!! like:
iif [ ! "$(grep SSLCertificateFile "${_VHOST_CONF_FILE}")" = "" ] ; then
 echo -e " +++ rewrite '${host}' vhost.conf file..."
 cp "${_VHOST_CONF_FILE}" "${_VHOST_CONF_FILE}.lebak"
 sed -e '/SSLCertificateKeyFile /d' -e '/Include .root._SYSTEM._letsencrypt._letsencrypt_apache_vhosts_ssl_inc.conf/d' "${_VHOST_CONF_FILE}" > "${_VHOST_CONF_FILE}.tmp"
 sed -e 's!^\s*SSLCertificateFile.*$!\t\tSSLCertificateFile /etc/letsencrypt/live/'${host}'/cert.pem\n\t\tSSLCertificateKeyFile /etc/letsencrypt/live/'${host}'/privkey.pem\n\t\tInclude /root/_SYSTEM/_letsencrypt/_letsencrypt_apache_vhosts_ssl_inc.conf!' "${_VHOST_CONF_FILE}.tmp" > "${_VHOST_CONF_FILE}"
 rm "${_VHOST_CONF_FILE}.tmp"
 #-
 _TEST='TRUE';
else
 echo -e "\n !!! WARNING: '${host}' exists but contains no SSL conf (you should activate them with any cert), i do nothing..."
fi
done
# and if TRUE dont forget to restart your apache