Ark74/posbox-ssl.sh

## posbox-ssl.sh
#!/bin/bash
# POSBOX SSL for ISPConfig DNS API
# This is an early approach, it is NOT suitable for production, yet. ;)
#
# ToDo
# Bypass RAM disk for apache2 configuration
# otherwise certs configuration is lost on reboot.
# mount -o remount, rw /

# ========== ACME.SH (Let's Encrypt) Installation ==========
# Was tempted to include it on the base image, but new support or fixes
# could be integrated on later releases.
if [ -d /root/.acme.sh ]; then
	echo "acme.sh already exist!"
	echo "Do you want do force reinstall??: ( yes or no )"
		while [[ $FORCEACME != yes && $FORCEACME != no ]]
		do
			read FORCEACME
		if [ $FORCEACME == no ]; then
			echo "Using existing acme.sh installation..."
		elif [ $FORCEACME == yes ]; then
			echo "Forcing reinstall!"
			wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
			unzip -o /root/acme.zip -d /root
			cd /root
			mv acme.sh-master acme.sh
			rm acme.zip
			cd acme.sh
			./acme.sh --install
		else
			echo "Please check this, there is only a yes || no response."
		fi
		done
	else
	echo "Installing acme.sh..."
	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
	unzip /root/acme.zip -d /root
	cd /root
	mv acme.sh-master acme.sh
	rm acme.zip
	cd acme.sh
	./acme.sh --install
fi
# ========== POSBOX SSL Cert adquisition - ISPConfig DNS API ========== #

# **** Modify this values to your owns, see acme.sh documentation **** #
export DNS_API=dns_ispconfig
export ISPC_User="YOURUSER"
export ISPC_Password="YOURPASSWORD"
export ISPC_Api="https://domain.ltd:8080/remote/json.php"
export ISPC_Api_Insecure=1

export DOMAIN="your.domain.ltd"
# ******************************************************************** #

bash /root/.acme.sh/acme.sh --issue --dns $DNS_API -d $DOMAIN

if [ -d /root/.acme.sh/$DOMAIN ]; then
	echo "Everything seems to be in place."
else
	echo "Something went wrong. Please check. Exiting..."
	exit
fi

# ========== Setup proxy Apache2 ==========

export _IP=$(hostname -I) || true
export KEY="/root/.acme.sh/$DOMAIN/${DOMAIN}.key"
export CERT="/root/.acme.sh/$DOMAIN/fullchain.cer"
export A2CONF="/etc/apache2/sites-available/000-default.conf"

envsubst < $A2CONF | tee $A2CONF

systemctl daemon-reload
service apache2 restart

# ========== DNS resolution ==========

echo "
address=/$DOMAIN/$_IP" | tee -a /etc/dnsmasq.conf
service dnsmasq restart

mount -o remount, ro /

echo "##########################################################"
echo "Finally put the POSBOX ip as the primary DNS server on"
echo "your (wireless) router and you are good to go."
echo "##########################################################"
	#!/bin/bash
	# POSBOX SSL for ISPConfig DNS API
	# This is an early approach, it is NOT suitable for production, yet. ;)
	#
	# ToDo
	# Bypass RAM disk for apache2 configuration
	# otherwise certs configuration is lost on reboot.
	# mount -o remount, rw /

	# ========== ACME.SH (Let's Encrypt) Installation ==========
	# Was tempted to include it on the base image, but new support or fixes
	# could be integrated on later releases.
	if [ -d /root/.acme.sh ]; then
	echo "acme.sh already exist!"
	echo "Do you want do force reinstall??: ( yes or no )"
	while [[ $FORCEACME != yes && $FORCEACME != no ]]
	do
	read FORCEACME
	if [ $FORCEACME == no ]; then
	echo "Using existing acme.sh installation..."
	elif [ $FORCEACME == yes ]; then
	echo "Forcing reinstall!"
	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
	unzip -o /root/acme.zip -d /root
	cd /root
	mv acme.sh-master acme.sh
	rm acme.zip
	cd acme.sh
	./acme.sh --install
	else
	echo "Please check this, there is only a yes \|\| no response."
	fi
	done
	else
	echo "Installing acme.sh..."
	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
	unzip /root/acme.zip -d /root
	cd /root
	mv acme.sh-master acme.sh
	rm acme.zip
	cd acme.sh
	./acme.sh --install
	fi
	# ========== POSBOX SSL Cert adquisition - ISPConfig DNS API ========== #

	# ** Modify this values to your owns, see acme.sh documentation ** #
	export DNS_API=dns_ispconfig
	export ISPC_User="YOURUSER"
	export ISPC_Password="YOURPASSWORD"
	export ISPC_Api="https://domain.ltd:8080/remote/json.php"
	export ISPC_Api_Insecure=1

	export DOMAIN="your.domain.ltd"
	# ******************************************************************** #

	bash /root/.acme.sh/acme.sh --issue --dns $DNS_API -d $DOMAIN

	if [ -d /root/.acme.sh/$DOMAIN ]; then
	echo "Everything seems to be in place."
	else
	echo "Something went wrong. Please check. Exiting..."
	exit
	fi

	# ========== Setup proxy Apache2 ==========

	export _IP=$(hostname -I) \|\| true
	export KEY="/root/.acme.sh/$DOMAIN/${DOMAIN}.key"
	export CERT="/root/.acme.sh/$DOMAIN/fullchain.cer"
	export A2CONF="/etc/apache2/sites-available/000-default.conf"

	envsubst < $A2CONF \| tee $A2CONF

	systemctl daemon-reload
	service apache2 restart

	# ========== DNS resolution ==========

	echo "
	address=/$DOMAIN/$_IP" \| tee -a /etc/dnsmasq.conf
	service dnsmasq restart

	mount -o remount, ro /

	echo "##########################################################"
	echo "Finally put the POSBOX ip as the primary DNS server on"
	echo "your (wireless) router and you are good to go."
	echo "##########################################################"