Go to file
Brie Bruns e64b10fa12 Doesn't look like we need ace.jar anymore to import certs, so lets make the chain and import it directly using keystore 2017-10-23 12:16:43 -06:00
cron Permissions 2016-04-04 20:59:21 -06:00
CHANGELOG Updates to gen-cert.sh to make it more foolproof. 2016-04-04 20:48:29 -06:00
DSTROOTCAX3.txt Initial import 2016-02-19 21:13:25 -07:00
LICENSE Add license 2016-02-27 14:24:22 -07:00
README.md Update readme 2016-04-04 20:57:31 -06:00
apache-le-alias.conf Initial import 2016-02-19 21:13:25 -07:00
apache-le-proxy.conf Initial import 2016-02-19 21:13:25 -07:00
gen-cert.sh Detect binary location 2017-03-21 16:29:08 -06:00
gen-unifi-cert.sh Doesn't look like we need ace.jar anymore to import certs, so lets make the chain and import it directly using keystore 2017-10-23 12:16:43 -06:00
get-letsencrypt.sh Fixing a few things... 2016-02-27 15:14:45 -07:00
nginx-le-root.conf Added nginx config 2016-05-14 09:05:04 -06:00

README.md

Lets Encrypt Scripts

Public Git URL: https://source.sosdg.org/brielle/lets-encrypt-scripts

By: Brielle Bruns bruns@2mbit.com

These are various scripts to make LetsEncrypt easier to use.

Files

Main Scripts

gen-cert.sh - Main script to make it easy to generate LE certs for domain(s)

gen-unifi-cert.sh - Script to add LE cert to a Unifi controller

Support Files

DSTROOTCAX3.txt - Root CA cert for use with the gen-unifi-cert.sh script (now optional and unneeded as the cert is embedded)

apache-le-alias.conf - Use with apache for LE well-known alias config

apache-le-proxy.conf - Use with apache for LE well-known proxy config

How To Use

gen-cert.sh

  1. Do initial cert generation (if using webroot, see script contents for more methods of authentication):

     gen-cert.sh -e email@address.com -d somedomain.com -d otherdomain.com -r /var/www/letsencrypt-root/
    
  2. Copy cron/renew-ssl-weekly.sh to /etc/cron.weekly, edit as appropriate

  3. Run:

     chmod 750 /etc/cron.weekly/renew-ssl-weekly.sh  
    
  4. Script will now run weekly and renew the certificate if necessary ( < 30 days remain). Don't forget to add any necessary file copies/symlinks/service restarts as needed once the scripts are updated.

gen-unifi-cert.sh

  1. Do initial cert generation:

     gen-unifi-cert.sh -e email@address.com -d unifi.somedomain.com -d unifi.someotherdomain.com
    
  2. Put in /etc/cron.weekly/renew-unifi-ssl if everything works okay:

     /path/to/script/gen-unifi-cert.sh -r -d unifi.somedomain.com -d unifi.someotherdomain.com
    
  3. Script will now run weekly and renew the certificate if necessary ( < 30 days remain) and restart unifi only if cert has been renewed.