51 lines
974 B
Bash
Executable File
51 lines
974 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -ex
|
|
|
|
[[ $(uname) = Linux ]] || exit 1
|
|
[[ $USER = root ]] || exit 1
|
|
|
|
apt install -y certbot
|
|
|
|
cat > /certbot-restore.sh <<'EOF'
|
|
#!/usr/bin/env bash
|
|
set -e
|
|
|
|
domain=$1
|
|
email=$2
|
|
|
|
if [[ $USER != root ]]; then
|
|
echo "Run as root"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ -f /.cert.pem ]]; then
|
|
echo "Certificate already initialized"
|
|
exit 0
|
|
fi
|
|
|
|
set -x
|
|
if [[ -r letsencrypt.tgz ]]; then
|
|
tar -C / -zxf letsencrypt.tgz
|
|
fi
|
|
|
|
cd /
|
|
rm -f letsencrypt.tgz
|
|
|
|
maybeDryRun=
|
|
# Uncomment during testing to avoid hitting LetsEncrypt API limits while iterating
|
|
#maybeDryRun="--dry-run"
|
|
|
|
certbot certonly --standalone -d "$domain" --email "$email" --agree-tos -n $maybeDryRun
|
|
|
|
tar zcf letsencrypt.tgz /etc/letsencrypt
|
|
ls -l letsencrypt.tgz
|
|
|
|
# Copy certificates to / for easy access without knowing the value of "$domain"
|
|
rm -f /.key.pem /.cert.pem
|
|
cp /etc/letsencrypt/live/$domain/privkey.pem /.key.pem
|
|
cp /etc/letsencrypt/live/$domain/cert.pem /.cert.pem
|
|
|
|
EOF
|
|
|
|
chmod +x /certbot-restore.sh
|