forked from brielle/lets-encrypt-scripts
Initial import
commit
3ee49ef3f3
|
@ -0,0 +1,20 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
|
||||||
|
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||||
|
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
|
||||||
|
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
|
||||||
|
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
|
||||||
|
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
|
||||||
|
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
|
||||||
|
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
|
||||||
|
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
|
||||||
|
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
|
||||||
|
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
|
||||||
|
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
|
||||||
|
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
|
||||||
|
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
|
||||||
|
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
|
||||||
|
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
|
||||||
|
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
|
||||||
|
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
|
||||||
|
-----END CERTIFICATE-----
|
|
@ -0,0 +1,11 @@
|
||||||
|
<IfModule alias_module>
|
||||||
|
Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge"
|
||||||
|
|
||||||
|
<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge">
|
||||||
|
Options FollowSymlinks
|
||||||
|
AllowOverride None
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
#Require all granted
|
||||||
|
</Directory>
|
||||||
|
</IfModule>
|
|
@ -0,0 +1,12 @@
|
||||||
|
# Proxy method of letsencrypt auth
|
||||||
|
# a2enmod proxy proxy_http
|
||||||
|
<IfModule mod_proxy.c>
|
||||||
|
ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1
|
||||||
|
ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/"
|
||||||
|
ProxyPreserveHost On
|
||||||
|
<Location "/.well-known/acme-challenge/">
|
||||||
|
Order allow,deny
|
||||||
|
Allow from all
|
||||||
|
#Require all granted
|
||||||
|
</Location>
|
||||||
|
</IfModule>
|
|
@ -0,0 +1,68 @@
|
||||||
|
#!/bin/bash
|
||||||
|
# Easy letsencrypt certs using a bash script.
|
||||||
|
# v1.2 - 12/13/2015
|
||||||
|
# By Brielle Bruns <bruns@2mbit.com>
|
||||||
|
# http://www.sosdg.org
|
||||||
|
|
||||||
|
|
||||||
|
# Use like: gen-cert.sh -d domain1.com -d domain2.com
|
||||||
|
#
|
||||||
|
# There are three options for authentication:
|
||||||
|
#
|
||||||
|
# 1) Webroot (normal)
|
||||||
|
# Specify -r flag with -d and -e flags.
|
||||||
|
# gen-cert.sh -d domain1.com -r /var/www/domain1.com
|
||||||
|
#
|
||||||
|
# 2) Webroot (alias)
|
||||||
|
# Same as #1, but also include an alias directive in apache like in:
|
||||||
|
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
|
||||||
|
# And:
|
||||||
|
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
|
||||||
|
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge
|
||||||
|
#
|
||||||
|
# 3) Proxy auth
|
||||||
|
# This auth method uses the standalone authenticator with a mod_proxy
|
||||||
|
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
|
||||||
|
# Original proxy idea from:
|
||||||
|
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
|
||||||
|
|
||||||
|
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
|
||||||
|
|
||||||
|
while getopts "d:r:e:" opt; do
|
||||||
|
case $opt in
|
||||||
|
d) domains+=("$OPTARG");;
|
||||||
|
r) webroot=("$OPTARG");;
|
||||||
|
e) email=("$OPTARG");;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
|
||||||
|
if [[ ! -z ${email} ]]; then
|
||||||
|
email="--email ${email}"
|
||||||
|
else
|
||||||
|
email=""
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Webroot auth method, activated with -r
|
||||||
|
WEBAUTH="-a webroot --webroot-path ${webroot}"
|
||||||
|
|
||||||
|
if [[ -z ${webroot} ]]; then
|
||||||
|
AUTH=${PROXYAUTH}
|
||||||
|
else
|
||||||
|
AUTH=${WEBAUTH}
|
||||||
|
fi
|
||||||
|
|
||||||
|
shift $((OPTIND -1))
|
||||||
|
for val in "${domains[@]}"; do
|
||||||
|
DOMAINS="${DOMAINS} -d ${val} "
|
||||||
|
done
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
cd /usr/src/letsencrypt
|
||||||
|
./letsencrypt-auto ${email} \
|
||||||
|
--server https://acme-v01.api.letsencrypt.org/directory \
|
||||||
|
--agree-tos \
|
||||||
|
--renew-by-default \
|
||||||
|
${AUTH} \
|
||||||
|
${DOMAINS} \
|
||||||
|
certonly
|
|
@ -0,0 +1,39 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
|
||||||
|
# Modified by: Brielle Bruns <bruns@2mbit.com>
|
||||||
|
# Last Changed: 2/2/2016
|
||||||
|
# Changed: Fixed some errors with key export/import, removed lame
|
||||||
|
# docker requirements
|
||||||
|
DOMAIN="unifi.xxxx.xxxxx"
|
||||||
|
EMAIL="email@here"
|
||||||
|
EXTRACERT="/root/DSTROOTCAX3.txt"
|
||||||
|
TEMPFILE=$(mktemp)
|
||||||
|
service unifi stop
|
||||||
|
/usr/src/letsencrypt/letsencrypt-auto \
|
||||||
|
--email ${EMAIL} \
|
||||||
|
--server https://acme-v01.api.letsencrypt.org/directory \
|
||||||
|
--agree-tos \
|
||||||
|
--renew-by-default \
|
||||||
|
-d ${DOMAIN} \
|
||||||
|
--standalone --standalone-supported-challenges tls-sni-01 \
|
||||||
|
certonly
|
||||||
|
openssl pkcs12 -export -passout pass:aircontrolenterprise \
|
||||||
|
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
|
||||||
|
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
|
||||||
|
-out ${TEMPFILE} -name unifi \
|
||||||
|
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
|
||||||
|
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
|
||||||
|
-deststorepass aircontrolenterprise
|
||||||
|
keytool -trustcacerts -importkeystore \
|
||||||
|
-deststorepass aircontrolenterprise \
|
||||||
|
-destkeypass aircontrolenterprise \
|
||||||
|
-destkeystore /usr/lib/unifi/data/keystore \
|
||||||
|
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
|
||||||
|
-srcstorepass aircontrolenterprise \
|
||||||
|
-alias unifi
|
||||||
|
rm -f ${TEMPFILE}
|
||||||
|
java -jar /usr/lib/unifi/lib/ace.jar import_cert \
|
||||||
|
/etc/letsencrypt/live/${DOMAIN}/cert.pem \
|
||||||
|
/etc/letsencrypt/live/${DOMAIN}/chain.pem \
|
||||||
|
${EXTRACERT}
|
||||||
|
service unifi start
|
Loading…
Reference in New Issue