This repository has been archived by the owner on Nov 29, 2024. It is now read-only.
forked from eduvpn/documentation
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlets_encrypt_fedora.sh
executable file
·73 lines (54 loc) · 2.62 KB
/
lets_encrypt_fedora.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/bin/sh
#
# Use Let's Encrypt to obtain certificates for the Web Server
#
if ! [ "root" = "$(id -u -n)" ]; then
echo "ERROR: ${0} must be run as root!"; exit 1
fi
###############################################################################
# VARIABLES
###############################################################################
MACHINE_HOSTNAME=$(hostname -f)
# DNS name of the Web Server
printf "DNS name of the Web Server [%s]: " "${MACHINE_HOSTNAME}"; read -r WEB_FQDN
WEB_FQDN=${WEB_FQDN:-${MACHINE_HOSTNAME}}
# convert hostname to lowercase
WEB_FQDN=$(echo "${WEB_FQDN}" | tr '[:upper:]' '[:lower:]')
###############################################################################
# SYSTEM
###############################################################################
if (command -v dnf)
then
PACKAGE_MANAGER=/usr/bin/dnf
else
PACKAGE_MANAGER=/usr/bin/yum
fi
${PACKAGE_MANAGER} install -y certbot
# stop Apache
systemctl stop httpd
###############################################################################
# CERTBOT
###############################################################################
certbot certonly --standalone -d "${WEB_FQDN}"
cat << EOF > /etc/sysconfig/certbot
PRE_HOOK="--pre-hook 'systemctl stop httpd'"
POST_HOOK="--post-hook 'systemctl start httpd'"
RENEW_HOOK=""
CERTBOT_ARGS=""
EOF
# enable automatic renewal
systemctl enable --now certbot-renew.timer
###############################################################################
# APACHE
###############################################################################
sed -i "s|SSLCertificateFile /etc/pki/tls/certs/${WEB_FQDN}|#SSLCertificateFile /etc/pki/tls/certs/${WEB_FQDN}|" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
sed -i "s|SSLCertificateKeyFile /etc/pki/tls/private/${WEB_FQDN}.key|#SSLCertificateKeyFile /etc/pki/tls/private/${WEB_FQDN}.key|" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
sed -i "s|#SSLCertificateFile /etc/letsencrypt/live/${WEB_FQDN}/cert.pem|SSLCertificateFile /etc/letsencrypt/live/${WEB_FQDN}/cert.pem|" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
sed -i "s|#SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_FQDN}/privkey.pem|SSLCertificateKeyFile /etc/letsencrypt/live/${WEB_FQDN}/privkey.pem|" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
sed -i "s|#SSLCertificateChainFile /etc/letsencrypt/live/${WEB_FQDN}/chain.pem|SSLCertificateChainFile /etc/letsencrypt/live/${WEB_FQDN}/chain.pem|" "/etc/httpd/conf.d/${WEB_FQDN}.conf"
###############################################################################
# CLEANUP
###############################################################################
# start Apache
systemctl start httpd
# ALL DONE!