srvBuilds/install_lets_encrypt.sh at master · c2theg/srvBuilds · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/sh
#    If you update this from Windows, using Notepad ++, do the following:
#       sudo apt-get -y install dos2unix
#       dos2unix <FILE>
#       chmod u+x <FILE>
#
clear
echo "
 _____             _         _    _          _
|     |___ ___ ___| |_ ___ _| |  | |_ _ _   |_|
|   --|  _| -_| .'|  _| -_| . |  | . | | |   _
|_____|_| |___|__,|_| |___|___|  |___|_  |  |_|
                                     |___|

 _____ _       _     _           _              _____    __    _____
|     | |_ ___|_|___| |_ ___ ___| |_ ___ ___   |     |__|  |  |   __|___ ___ _ _
|   --|   |  _| |_ -|  _| . | . |   | -_|  _|  | | | |  |  |  |  |  |  _| .'| | |
|_____|_|_|_| |_|___|_| |___|  _|_|_|___|_|    |_|_|_|_____|  |_____|_| |__,|_  |
                            |_|                                             |___|


Version:  0.0.6                             \r\n
Last Updated:  6/30/2022

"

# ---- Add to crontab ----
#  15 3 * * * /usr/bin/certbot renew --quiet --deploy-hook "systemctl restart nginx"
#    or
#  43 6 * * * certbot renew --post-hook "systemctl reload nginx"
#
#

fqdn='cloud.site.com'
#----------------------------------------------------------------------------
wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto
wait
chmod u+x certbox-auto
wait
#./certbox-auto

#--- fix OpenSSL ---
sudo ldconfig
sudo ldconfig /usr/local/lib64/

#--- OCSP Cert ---
mkdir -p /etc/nginx/certs/
wget -O /etc/nginx/certs/lets-encrypt-x3-cross-signed.pem "https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
#--------------- Old below ------------------------------------
clear
#sudo add-apt-repository -y ppa:certbot/certbot
sudo apt-add-repository -r ppa:certbot/certbot
wait
sudo apt-get update
wait
sudo apt-get install -y python3-certbot-nginx
wait

echo -e "\r\n \r\n \r\n";
echo -e "For Let's Encrypt to work, you must have generated the self signed cert first, and configured nginx \r\n "
echo -e "If this hasn't been done yet, please stop, and work on that. \r\n "
echo -e "or download this script: https://raw.githubusercontent.com/c2theg/srvBuilds/master/gen_ssl_cert.sh  \r\n \r\n "

#SSL - generate cert
#https://www.madboa.com/geek/openssl/#how-do-i-find-out-what-openssl-version-i-m-running

echo -e "\r\n \r\n"
read -p "Enter your FQDN: "  fqdn
echo -e "You entered: $fqdn!"

cd /etc/ssl/private/

openssl req \
       -newkey rsa:2048 -nodes -keyout server_$fqdn.key \
       -x509 -days 3650 -out server_$fqdn.crt -text -subj '/C=US/ST=NA/L=NA/O=$fqdn/OU=HQ/CN=$fqdn'

openssl dhparam -out server_$fqdn.pem 2048

echo "\r\n \r\n "
echo "For Wildcard certs, use the following: \r\n \r\n
certbot certonly --server https://acme-v02.api.letsencrypt.org/directory --manual --preferred-challenges dns -d 'yourdomain.tld,*.yourdomain.tld'

\r\n \r\n \r\n
"

sudo certbot --nginx -d $fqdn

echo -e "\r\n DONE \r\n \r\n "
echo -e "If you want to schedule this to renew daily add the following to crontab: \r\n \r\n "
echo -e "15 3 * * * /usr/bin/certbot renew --quiet --deploy-hook \"systemctl restart nginx\" \r\n \r\n"