Initial import
This commit is contained in:
		
						commit
						3ee49ef3f3
					
				
							
								
								
									
										20
									
								
								DSTROOTCAX3.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										20
									
								
								DSTROOTCAX3.txt
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,20 @@ | ||||
| -----BEGIN CERTIFICATE----- | ||||
| MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ | ||||
| MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT | ||||
| DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow | ||||
| PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD | ||||
| Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB | ||||
| AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O | ||||
| rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq | ||||
| OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b | ||||
| xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw | ||||
| 7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD | ||||
| aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV | ||||
| HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG | ||||
| SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 | ||||
| ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr | ||||
| AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz | ||||
| R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 | ||||
| JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo | ||||
| Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ | ||||
| -----END CERTIFICATE----- | ||||
							
								
								
									
										11
									
								
								apache-le-alias.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								apache-le-alias.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,11 @@ | ||||
| <IfModule alias_module> | ||||
| 	Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge" | ||||
| 
 | ||||
| 	<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge"> | ||||
| 		Options FollowSymlinks | ||||
| 		AllowOverride None | ||||
| 		Order allow,deny | ||||
| 		Allow from all | ||||
| 		#Require all granted | ||||
| 	</Directory> | ||||
| </IfModule> | ||||
							
								
								
									
										12
									
								
								apache-le-proxy.conf
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										12
									
								
								apache-le-proxy.conf
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,12 @@ | ||||
| # Proxy method of letsencrypt auth | ||||
| # a2enmod proxy proxy_http | ||||
| <IfModule mod_proxy.c> | ||||
| 	ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1 | ||||
| 	ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" | ||||
|          ProxyPreserveHost On | ||||
| 	<Location "/.well-known/acme-challenge/"> | ||||
|           Order allow,deny | ||||
|           Allow from all | ||||
|           #Require all granted | ||||
| 	</Location> | ||||
| </IfModule> | ||||
							
								
								
									
										68
									
								
								gen-cert.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										68
									
								
								gen-cert.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,68 @@ | ||||
| #!/bin/bash | ||||
| # Easy letsencrypt certs using a bash script. | ||||
| # v1.2 - 12/13/2015 | ||||
| # By Brielle Bruns <bruns@2mbit.com> | ||||
| # http://www.sosdg.org | ||||
| 
 | ||||
| 
 | ||||
| # Use like:  gen-cert.sh -d domain1.com -d domain2.com | ||||
| # | ||||
| # There are three options for authentication: | ||||
| # | ||||
| # 1) Webroot (normal) | ||||
| #	Specify -r flag with -d and -e flags. | ||||
| #	gen-cert.sh -d domain1.com -r /var/www/domain1.com | ||||
| # | ||||
| # 2) Webroot (alias) | ||||
| #	Same as #1, but also include an alias directive in apache like in: | ||||
| #	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf | ||||
| #	And: | ||||
| #	mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge | ||||
| #	gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge | ||||
| # | ||||
| # 3) Proxy auth | ||||
| #	This auth method uses the standalone authenticator with a mod_proxy | ||||
| # 	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf | ||||
| #	Original proxy idea from: | ||||
| #	http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/ | ||||
| 
 | ||||
| PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999" | ||||
| 
 | ||||
| while getopts "d:r:e:" opt; do | ||||
|     case $opt in | ||||
|         d) domains+=("$OPTARG");; | ||||
| 	r) webroot=("$OPTARG");; | ||||
| 	e) email=("$OPTARG");; | ||||
|     esac | ||||
| done | ||||
| 
 | ||||
| if [[ ! -z ${email} ]]; then | ||||
| 	email="--email ${email}" | ||||
| else | ||||
| 	email="" | ||||
| fi | ||||
| 
 | ||||
| # Webroot auth method, activated with -r | ||||
| WEBAUTH="-a webroot --webroot-path ${webroot}" | ||||
| 
 | ||||
| if [[ -z ${webroot} ]]; then | ||||
| 	AUTH=${PROXYAUTH} | ||||
| else | ||||
| 	AUTH=${WEBAUTH} | ||||
| fi | ||||
| 
 | ||||
| shift $((OPTIND -1)) | ||||
| for val in "${domains[@]}"; do | ||||
|         DOMAINS="${DOMAINS} -d ${val} " | ||||
| done | ||||
| 
 | ||||
| 
 | ||||
| 
 | ||||
| cd /usr/src/letsencrypt | ||||
| ./letsencrypt-auto ${email} \ | ||||
|         --server https://acme-v01.api.letsencrypt.org/directory \ | ||||
|         --agree-tos \ | ||||
|         --renew-by-default \ | ||||
|         ${AUTH} \ | ||||
|         ${DOMAINS} \ | ||||
|          certonly | ||||
							
								
								
									
										39
									
								
								gen-unifi-cert.sh
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										39
									
								
								gen-unifi-cert.sh
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,39 @@ | ||||
| #!/usr/bin/env bash | ||||
| # Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh | ||||
| # Modified by: Brielle Bruns <bruns@2mbit.com> | ||||
| # Last Changed: 2/2/2016 | ||||
| # Changed: Fixed some errors with key export/import, removed lame | ||||
| # docker requirements | ||||
| DOMAIN="unifi.xxxx.xxxxx" | ||||
| EMAIL="email@here" | ||||
| EXTRACERT="/root/DSTROOTCAX3.txt" | ||||
| TEMPFILE=$(mktemp) | ||||
| service unifi stop | ||||
| /usr/src/letsencrypt/letsencrypt-auto \ | ||||
| 	--email ${EMAIL} \ | ||||
| 	--server https://acme-v01.api.letsencrypt.org/directory \ | ||||
|         --agree-tos \ | ||||
|         --renew-by-default \ | ||||
|         -d ${DOMAIN} \ | ||||
| 	--standalone --standalone-supported-challenges tls-sni-01 \ | ||||
|          certonly | ||||
| openssl pkcs12 -export  -passout pass:aircontrolenterprise \ | ||||
|     -in /etc/letsencrypt/live/${DOMAIN}/cert.pem \ | ||||
|     -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \ | ||||
|     -out ${TEMPFILE} -name unifi \ | ||||
|     -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root | ||||
| keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \ | ||||
| 	-deststorepass aircontrolenterprise | ||||
| keytool -trustcacerts -importkeystore \ | ||||
|     -deststorepass aircontrolenterprise \ | ||||
|     -destkeypass aircontrolenterprise \ | ||||
|     -destkeystore /usr/lib/unifi/data/keystore \ | ||||
|     -srckeystore ${TEMPFILE} -srcstoretype PKCS12 \ | ||||
|     -srcstorepass aircontrolenterprise \ | ||||
|     -alias unifi | ||||
| rm -f ${TEMPFILE} | ||||
| java -jar /usr/lib/unifi/lib/ace.jar import_cert \ | ||||
|     /etc/letsencrypt/live/${DOMAIN}/cert.pem \ | ||||
|     /etc/letsencrypt/live/${DOMAIN}/chain.pem \ | ||||
|     ${EXTRACERT} | ||||
| service unifi start | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user