lets-encrypt-scripts/README.md

# Lets Encrypt Scripts

Public Git URL: https://git.sosdg.org/brielle/lets-encrypt-scripts

By: Brielle Bruns <bruns@2mbit.com>

These are various scripts to make LetsEncrypt easier to use.

# Files
## Main Scripts

gen-cert.sh  - Main script to make it easy to generate LE certs for domain(s)

gen-unifi-cert.sh - Script to add LE cert to a Unifi controller

## Support Files

DSTROOTCAX3.txt - Root CA cert for use with the gen-unifi-cert.sh script (now optional and unneeded as the cert is embedded)

apache-le-alias.conf - Use with apache for LE well-known alias config

apache-le-proxy.conf - Use with apache for LE well-known proxy config

# How To Use

## gen-cert.sh

1. Do initial cert generation (if using webroot, see script contents for more methods of authentication):
	
		gen-cert.sh -e email@address.com -d somedomain.com -d otherdomain.com -r /var/www/letsencrypt-root/
		
2. Copy cron/renew-ssl-weekly.sh to /etc/cron.weekly, edit as appropriate

3. Run:

		chmod 750 /etc/cron.weekly/renew-ssl-weekly.sh  
		
3. Script will now run weekly and renew the certificate if necessary ( < 30 days remain).  Don't forget to add any necessary file copies/symlinks/service restarts as needed once the scripts are updated.

## gen-unifi-cert.sh

1. Do initial cert generation:
	
		gen-unifi-cert.sh -e email@address.com -d unifi.somedomain.com -d unifi.someotherdomain.com
		
2. Put in /etc/cron.weekly/renew-unifi-ssl if everything works okay:
	
		/path/to/script/gen-unifi-cert.sh -r -d unifi.somedomain.com -d unifi.someotherdomain.com
		
3. Script will now run weekly and renew the certificate if necessary ( < 30 days remain) and restart unifi only if cert has been renewed.
Updating gen-unifi-cert.sh 2016-03-24 18:55:56 -06:00			`# Lets Encrypt Scripts`
Updating formatting again. 2016-02-20 10:15:33 -07:00
Update 'README.md' 2022-05-30 16:06:40 -06:00			`Public Git URL: https://git.sosdg.org/brielle/lets-encrypt-scripts`
Updating formatting again. 2016-02-20 10:15:33 -07:00
Basic info 2016-02-19 21:18:14 -07:00			`By: Brielle Bruns <bruns@2mbit.com>`

			`These are various scripts to make LetsEncrypt easier to use.`

Updating gen-unifi-cert.sh 2016-03-24 18:55:56 -06:00			`# Files`
			`## Main Scripts`

Basic info 2016-02-19 21:18:14 -07:00			`gen-cert.sh - Main script to make it easy to generate LE certs for domain(s)`
Fixing some formatting 2016-02-19 21:20:47 -07:00
Basic info 2016-02-19 21:18:14 -07:00			`gen-unifi-cert.sh - Script to add LE cert to a Unifi controller`

Updating readme 2016-03-24 19:21:26 -06:00			`## Support Files`
Updating gen-unifi-cert.sh 2016-03-24 18:55:56 -06:00
Updating readme 2016-03-24 19:20:33 -06:00			`DSTROOTCAX3.txt - Root CA cert for use with the gen-unifi-cert.sh script (now optional and unneeded as the cert is embedded)`
Fixing some formatting 2016-02-19 21:20:47 -07:00
Basic info 2016-02-19 21:18:14 -07:00			`apache-le-alias.conf - Use with apache for LE well-known alias config`
Fixing some formatting 2016-02-19 21:20:47 -07:00
Update readme 2016-03-08 12:32:11 -07:00			`apache-le-proxy.conf - Use with apache for LE well-known proxy config`

Updating gen-unifi-cert.sh 2016-03-24 18:55:56 -06:00			`# How To Use`
Update readme 2016-03-08 12:32:11 -07:00
Update readme 2016-04-04 20:57:31 -06:00			`## gen-cert.sh`

			`1. Do initial cert generation (if using webroot, see script contents for more methods of authentication):`

			`gen-cert.sh -e email@address.com -d somedomain.com -d otherdomain.com -r /var/www/letsencrypt-root/`

			`2. Copy cron/renew-ssl-weekly.sh to /etc/cron.weekly, edit as appropriate`

			`3. Run:`

			`chmod 750 /etc/cron.weekly/renew-ssl-weekly.sh`

			`3. Script will now run weekly and renew the certificate if necessary ( < 30 days remain). Don't forget to add any necessary file copies/symlinks/service restarts as needed once the scripts are updated.`

Updating gen-unifi-cert.sh 2016-03-24 18:55:56 -06:00			`## gen-unifi-cert.sh`
Update readme 2016-03-08 12:34:44 -07:00
Update readme 2016-03-08 12:39:16 -07:00			`1. Do initial cert generation:`
Update readme 2016-03-08 12:32:11 -07:00
Update readme 2016-03-08 12:39:16 -07:00			`gen-unifi-cert.sh -e email@address.com -d unifi.somedomain.com -d unifi.someotherdomain.com`
Update readme 2016-03-08 12:32:11 -07:00
Update readme 2016-03-08 12:39:16 -07:00			`2. Put in /etc/cron.weekly/renew-unifi-ssl if everything works okay:`
Update readme 2016-03-08 12:32:11 -07:00
Update readme 2016-03-08 12:39:16 -07:00			`/path/to/script/gen-unifi-cert.sh -r -d unifi.somedomain.com -d unifi.someotherdomain.com`
Update readme 2016-03-08 12:32:11 -07:00
Update readme 2016-03-08 12:39:16 -07:00			`3. Script will now run weekly and renew the certificate if necessary ( < 30 days remain) and restart unifi only if cert has been renewed.`