@@ -0,0 +1,20 @@ | |||
-----BEGIN CERTIFICATE----- | |||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | |||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | |||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | |||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | |||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | |||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | |||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | |||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | |||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | |||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | |||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | |||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | |||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | |||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | |||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | |||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | |||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | |||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | |||
-----END CERTIFICATE----- |
@@ -0,0 +1,11 @@ | |||
<IfModule alias_module> | |||
Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge" | |||
<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge"> | |||
Options FollowSymlinks | |||
AllowOverride None | |||
Order allow,deny | |||
Allow from all | |||
#Require all granted | |||
</Directory> | |||
</IfModule> |
@@ -0,0 +1,12 @@ | |||
# Proxy method of letsencrypt auth | |||
# a2enmod proxy proxy_http | |||
<IfModule mod_proxy.c> | |||
ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1 | |||
ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" | |||
ProxyPreserveHost On | |||
<Location "/.well-known/acme-challenge/"> | |||
Order allow,deny | |||
Allow from all | |||
#Require all granted | |||
</Location> | |||
</IfModule> |
@@ -0,0 +1,68 @@ | |||
#!/bin/bash | |||
# Easy letsencrypt certs using a bash script. | |||
# v1.2 - 12/13/2015 | |||
# By Brielle Bruns <bruns@2mbit.com> | |||
# http://www.sosdg.org | |||
# Use like: gen-cert.sh -d domain1.com -d domain2.com | |||
# | |||
# There are three options for authentication: | |||
# | |||
# 1) Webroot (normal) | |||
# Specify -r flag with -d and -e flags. | |||
# gen-cert.sh -d domain1.com -r /var/www/domain1.com | |||
# | |||
# 2) Webroot (alias) | |||
# Same as #1, but also include an alias directive in apache like in: | |||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf | |||
# And: | |||
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge | |||
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge | |||
# | |||
# 3) Proxy auth | |||
# This auth method uses the standalone authenticator with a mod_proxy | |||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf | |||
# Original proxy idea from: | |||
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/ | |||
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999" | |||
while getopts "d:r:e:" opt; do | |||
case $opt in | |||
d) domains+=("$OPTARG");; | |||
r) webroot=("$OPTARG");; | |||
e) email=("$OPTARG");; | |||
esac | |||
done | |||
if [[ ! -z ${email} ]]; then | |||
email="--email ${email}" | |||
else | |||
email="" | |||
fi | |||
# Webroot auth method, activated with -r | |||
WEBAUTH="-a webroot --webroot-path ${webroot}" | |||
if [[ -z ${webroot} ]]; then | |||
AUTH=${PROXYAUTH} | |||
else | |||
AUTH=${WEBAUTH} | |||
fi | |||
shift $((OPTIND -1)) | |||
for val in "${domains[@]}"; do | |||
DOMAINS="${DOMAINS} -d ${val} " | |||
done | |||
cd /usr/src/letsencrypt | |||
./letsencrypt-auto ${email} \ | |||
--server https://acme-v01.api.letsencrypt.org/directory \ | |||
--agree-tos \ | |||
--renew-by-default \ | |||
${AUTH} \ | |||
${DOMAINS} \ | |||
certonly |
@@ -0,0 +1,39 @@ | |||
#!/usr/bin/env bash | |||
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh | |||
# Modified by: Brielle Bruns <bruns@2mbit.com> | |||
# Last Changed: 2/2/2016 | |||
# Changed: Fixed some errors with key export/import, removed lame | |||
# docker requirements | |||
DOMAIN="unifi.xxxx.xxxxx" | |||
EMAIL="email@here" | |||
EXTRACERT="/root/DSTROOTCAX3.txt" | |||
TEMPFILE=$(mktemp) | |||
service unifi stop | |||
/usr/src/letsencrypt/letsencrypt-auto \ | |||
--email ${EMAIL} \ | |||
--server https://acme-v01.api.letsencrypt.org/directory \ | |||
--agree-tos \ | |||
--renew-by-default \ | |||
-d ${DOMAIN} \ | |||
--standalone --standalone-supported-challenges tls-sni-01 \ | |||
certonly | |||
openssl pkcs12 -export -passout pass:aircontrolenterprise \ | |||
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \ | |||
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \ | |||
-out ${TEMPFILE} -name unifi \ | |||
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root | |||
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \ | |||
-deststorepass aircontrolenterprise | |||
keytool -trustcacerts -importkeystore \ | |||
-deststorepass aircontrolenterprise \ | |||
-destkeypass aircontrolenterprise \ | |||
-destkeystore /usr/lib/unifi/data/keystore \ | |||
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \ | |||
-srcstorepass aircontrolenterprise \ | |||
-alias unifi | |||
rm -f ${TEMPFILE} | |||
java -jar /usr/lib/unifi/lib/ace.jar import_cert \ | |||
/etc/letsencrypt/live/${DOMAIN}/cert.pem \ | |||
/etc/letsencrypt/live/${DOMAIN}/chain.pem \ | |||
${EXTRACERT} | |||
service unifi start |