forked from brielle/lets-encrypt-scripts
Initial import
commit
3ee49ef3f3
|
@ -0,0 +1,20 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
|
||||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
|
||||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
|
||||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
|
||||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
|
||||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
|
||||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
|
||||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
|
||||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
|
||||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
|
||||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
|
||||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
|
||||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
|
||||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
|
||||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
|
||||
-----END CERTIFICATE-----
|
|
@ -0,0 +1,11 @@
|
|||
<IfModule alias_module>
|
||||
Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge"
|
||||
|
||||
<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge">
|
||||
Options FollowSymlinks
|
||||
AllowOverride None
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
#Require all granted
|
||||
</Directory>
|
||||
</IfModule>
|
|
@ -0,0 +1,12 @@
|
|||
# Proxy method of letsencrypt auth
|
||||
# a2enmod proxy proxy_http
|
||||
<IfModule mod_proxy.c>
|
||||
ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1
|
||||
ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/"
|
||||
ProxyPreserveHost On
|
||||
<Location "/.well-known/acme-challenge/">
|
||||
Order allow,deny
|
||||
Allow from all
|
||||
#Require all granted
|
||||
</Location>
|
||||
</IfModule>
|
|
@ -0,0 +1,68 @@
|
|||
#!/bin/bash
|
||||
# Easy letsencrypt certs using a bash script.
|
||||
# v1.2 - 12/13/2015
|
||||
# By Brielle Bruns <bruns@2mbit.com>
|
||||
# http://www.sosdg.org
|
||||
|
||||
|
||||
# Use like: gen-cert.sh -d domain1.com -d domain2.com
|
||||
#
|
||||
# There are three options for authentication:
|
||||
#
|
||||
# 1) Webroot (normal)
|
||||
# Specify -r flag with -d and -e flags.
|
||||
# gen-cert.sh -d domain1.com -r /var/www/domain1.com
|
||||
#
|
||||
# 2) Webroot (alias)
|
||||
# Same as #1, but also include an alias directive in apache like in:
|
||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
|
||||
# And:
|
||||
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
|
||||
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge
|
||||
#
|
||||
# 3) Proxy auth
|
||||
# This auth method uses the standalone authenticator with a mod_proxy
|
||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
|
||||
# Original proxy idea from:
|
||||
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
|
||||
|
||||
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
|
||||
|
||||
while getopts "d:r:e:" opt; do
|
||||
case $opt in
|
||||
d) domains+=("$OPTARG");;
|
||||
r) webroot=("$OPTARG");;
|
||||
e) email=("$OPTARG");;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ ! -z ${email} ]]; then
|
||||
email="--email ${email}"
|
||||
else
|
||||
email=""
|
||||
fi
|
||||
|
||||
# Webroot auth method, activated with -r
|
||||
WEBAUTH="-a webroot --webroot-path ${webroot}"
|
||||
|
||||
if [[ -z ${webroot} ]]; then
|
||||
AUTH=${PROXYAUTH}
|
||||
else
|
||||
AUTH=${WEBAUTH}
|
||||
fi
|
||||
|
||||
shift $((OPTIND -1))
|
||||
for val in "${domains[@]}"; do
|
||||
DOMAINS="${DOMAINS} -d ${val} "
|
||||
done
|
||||
|
||||
|
||||
|
||||
cd /usr/src/letsencrypt
|
||||
./letsencrypt-auto ${email} \
|
||||
--server https://acme-v01.api.letsencrypt.org/directory \
|
||||
--agree-tos \
|
||||
--renew-by-default \
|
||||
${AUTH} \
|
||||
${DOMAINS} \
|
||||
certonly
|
|
@ -0,0 +1,39 @@
|
|||
#!/usr/bin/env bash
|
||||
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
||||
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
||||
# Last Changed: 2/2/2016
|
||||
# Changed: Fixed some errors with key export/import, removed lame
|
||||
# docker requirements
|
||||
DOMAIN="unifi.xxxx.xxxxx"
|
||||
EMAIL="email@here"
|
||||
EXTRACERT="/root/DSTROOTCAX3.txt"
|
||||
TEMPFILE=$(mktemp)
|
||||
service unifi stop
|
||||
/usr/src/letsencrypt/letsencrypt-auto \
|
||||
--email ${EMAIL} \
|
||||
--server https://acme-v01.api.letsencrypt.org/directory \
|
||||
--agree-tos \
|
||||
--renew-by-default \
|
||||
-d ${DOMAIN} \
|
||||
--standalone --standalone-supported-challenges tls-sni-01 \
|
||||
certonly
|
||||
openssl pkcs12 -export -passout pass:aircontrolenterprise \
|
||||
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
|
||||
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
|
||||
-out ${TEMPFILE} -name unifi \
|
||||
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
|
||||
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
|
||||
-deststorepass aircontrolenterprise
|
||||
keytool -trustcacerts -importkeystore \
|
||||
-deststorepass aircontrolenterprise \
|
||||
-destkeypass aircontrolenterprise \
|
||||
-destkeystore /usr/lib/unifi/data/keystore \
|
||||
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
|
||||
-srcstorepass aircontrolenterprise \
|
||||
-alias unifi
|
||||
rm -f ${TEMPFILE}
|
||||
java -jar /usr/lib/unifi/lib/ace.jar import_cert \
|
||||
/etc/letsencrypt/live/${DOMAIN}/cert.pem \
|
||||
/etc/letsencrypt/live/${DOMAIN}/chain.pem \
|
||||
${EXTRACERT}
|
||||
service unifi start
|
Loading…
Reference in New Issue