iankelling.org Git - basic-https-conf/blob - certbot-setup

   1 #!/bin/bash
   2
   3 # usage: $0 apache2|nginx
   4
   5 if ! test "$BASH_VERSION"; then echo "error: shell is not bash" >&2; exit 1; fi
   6 shopt -s inherit_errexit 2>/dev/null ||: # ignore fail in bash < 4.4
   7 set -eE -o pipefail
   8 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?. PIPESTATUS: ${PIPESTATUS[*]}" >&2' ERR
   9 [[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
  10
  11 t=$1
  12
  13 if apt-cache show python3-certbot-apache &>/dev/null; then
  14   pyver=3
  15 fi
  16 pkgs=(certbot python${pyver}-certbot-${t%2})
  17 if ! dpkg -s -- ${pkgs[@]} 2>&1 | grep -Fx "Status: install ok installed" &> /dev/null; then
  18   apt-get -y install --purge --auto-remove ${pkgs[@]}
  19 fi
  20 # Make a version of the certbot timer that emails me.
  21 if [[ -e /a/bin/log-quiet/sysd-mail-once ]]; then
  22   x=/systemd/system/certbot
  23   md5=$(md5sum /lib$x.timer /lib$x.service 2>/dev/null) ||:
  24   sed -r -f - /lib$x.timer <<'EOF' >/etc${x}mail.timer
  25 s,^Description.*,\0 mail version,
  26 EOF
  27   sed -r -f - /lib$x.service <<'EOF' > /etc${x}mail.service
  28 s,(ExecStart=).*,\1/a/bin/log-quiet/sysd-mail-once certbotmail /usr/bin/certbot renew,
  29 EOF
  30   if [[ $md5sum != "$(md5sum /lib$x.timer /lib$x.service)" ]]; then
  31     systemctl daemon-reload
  32   fi
  33   systemctl stop certbot.timer
  34   systemctl disable certbot.timer
  35   systemctl start certbotmail.timer
  36   systemctl enable certbotmail.timer
  37 fi