iankelling.org / git / basic-https-conf / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
add new option
[basic-https-conf] / certbot-setup
1 #!/bin/bash
2 # This file is part of web-conf which configures web servers
3 # Copyright (C) 2024 Ian Kelling
4
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU General Public License as published by
7 # the Free Software Foundation, either version 3 of the License, or
8 # (at your option) any later version.
9
10 # This program is distributed in the hope that it will be useful,
11 # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 # GNU General Public License for more details.
14
15 # You should have received a copy of the GNU General Public License
16 # along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 # SPDX-License-Identifier: GPL-3.0-or-later
19
20 # usage: $0 apache2|nginx
21
22 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
23 shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
24 set -eE -o pipefail
25 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
26 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
27
28 t=$1
29
30 if apt-cache show python3-certbot-apache &>/dev/null; then
31 pyver=3
32 fi
33 pkgs=(certbot python${pyver}-certbot-${t%2})
34 if ! dpkg -s -- ${pkgs[@]} 2>&1 | grep -Fx "Status: install ok installed" &> /dev/null; then
35 apt-get -y install --purge --auto-remove ${pkgs[@]}
36 fi
37 # Make a version of the certbot timer that emails me.
38 if [[ -e /a/bin/log-quiet/sysd-mail-once ]]; then
39 x=/systemd/system/certbot
40 md5=$(md5sum /lib$x.timer /lib$x.service 2>/dev/null) ||:
41 sed -r -f - /lib$x.timer <<'EOF' >/etc${x}mail.timer
42 s,^Description.*,\0 mail version,
43 EOF
44 sed -r -f - /lib$x.service <<'EOF' > /etc${x}mail.service
45 s,(ExecStart=).*,\1/a/bin/log-quiet/sysd-mail-once certbotmail /usr/bin/certbot renew,
46 EOF
47 if [[ $md5sum != "$(md5sum /lib$x.timer /lib$x.service)" ]]; then
48 systemctl daemon-reload
49 fi
50 systemctl stop certbot.timer
51 systemctl disable certbot.timer
52 systemctl start certbotmail.timer
53 systemctl enable certbotmail.timer
54 fi
apache/nginx config & let's encrypt