Skip to content

Instantly share code, notes, and snippets.

@Rynoxx
Last active October 6, 2018 14:58
Show Gist options
  • Save Rynoxx/3c685521ad3f3359eb3b924882d54838 to your computer and use it in GitHub Desktop.
Save Rynoxx/3c685521ad3f3359eb3b924882d54838 to your computer and use it in GitHub Desktop.
Sentora LetsEncrypt/Certbot
#!/bin/bash
USER="";
FQDN="";
ALT_FQDN="";
IGNORE_WWW="";
_startswith(){
_str="$1"
_sub="$2"
echo "$_str" | grep "^$_sub" >/dev/null 2>&1
}
while [ ${#} -gt 0 ] ; do
case "${1}" in
--no-www|-nw)
IGNORE_WWW="yes"
shift
;;
--user|-u)
USER="$2"
shift
;;
--domain|-d)
_dvalue="$2"
if [ "$_dvalue" ] ; then
if _startswith "$_dvalue" "-" ; then
echo "'$_dvalue' is not a valid domain for parameter '$1'"
exit 1
fi
if [ -z "$FQDN" ] ; then
FQDN="$_dvalue"
else
if [ -z "$ALT_FQDN" ] ; then
ALT_FQDN="$_dvalue"
else
ALT_FQDN="$ALT_FQDN $_dvalue"
fi
fi
fi
shift
;;
*)
echo "Unknown parameter : $1"
exit 1
;;
esac
shift 1
done
FQDN_=${FQDN//./_};
ALT_FQDN_=${ALT_FQDN//./_}
if [ -z "$USER" ]; then
echo "User is unset";
exit 1;
fi
if [ -z "$FQDN" ]; then
echo "Domain is unset";
exit 1;
fi
if [ ! -d "/var/sentora/hostdata/${USER}/public_html/${FQDN_}/" ]; then
echo "The folder for the domain ${FQDN} for the user ${USER} doesn't exist! (/var/sentora/hostdata/${USER}/public_html/${FQDN_}/)";
exit 1;
fi
if [ ! -d "/var/sentora/hostdata/${USER}/ssl/${FQDN_}/" ]; then
echo "The SSL Folder for the domain ${FQDN} for the user ${USER} doesn't exist! (/var/sentora/hostdata/${USER}/ssl/${FQDN_}/)";
exit 1;
fi
if [ ! -z $ALT_FQDN_ ]; then
for _domain in $ALT_FQDN_; do
if [ ! -d "/var/sentora/hostdata/${USER}/public_html/${_domain}/" ]; then
echo "The folder for the domain ${_domain//_/.} for the user ${USER} doesn't exist! (/var/sentora/hostdata/${USER}/public_html/${_domain}/)";
exit 1;
fi
if [ ! -d "/var/sentora/hostdata/${USER}/ssl/${_domain}/" ]; then
echo "The SSL Folder for the domain ${_domain//_/.} for the user ${USER} doesn't exist! (/var/sentora/hostdata/${USER}/ssl/${_domain}/)";
exit 1;
fi
done
fi
COMMAND=""
if [ -x "$(command -v letsencrypt)" ]; then
COMMAND="letsencrypt";
elif [ -x "$(command -v letsencrypt-auto)" ]; then
COMMAND="letsencrypt-auto";
elif [ -x "$(command -v certbot)" ]; then
COMMAND="certbot";
elif [ -x "$(command -v certbot-auto)" ]; then
COMMAND="certbot-auto";
fi
if [ -z "COMMAND" ]; then
echo "CertBot or LetsEncrypt isn't installed!"
exit 1;
fi
ALTDOMAINS=""
if [ ! -z $ALT_FQDN ]; then
for _domain in $ALT_FQDN; do
if [ -z $IGNORE_WWW ]; then
ALTDOMAINS="$ALTDOMAINS -w /var/sentora/hostdata/${USER}/public_html/${_domain//./_}/ -d ${_domain} -d www.${_domain}"
else
ALTDOMAINS="$ALTDOMAINS -w /var/sentora/hostdata/${USER}/public_html/${_domain//./_}/ -d ${_domain}"
fi
done
fi
if [ -z $IGNORE_WWW ]; then
$COMMAND certonly --webroot -w "/var/sentora/hostdata/${USER}/public_html/${FQDN_}/" -d "${FQDN}" -d www.${FQDN} ${ALTDOMAINS}
else
$COMMAND certonly --webroot -w "/var/sentora/hostdata/${USER}/public_html/${FQDN_}/" -d "${FQDN}" ${ALTDOMAINS}
fi
if [ ! -d "/etc/letsencrypt/live/${FQDN}/" ]; then
echo "LetsEncrypt certificates for ${FQDN} wasn't successfully created!";
exit;
fi
cd "/etc/letsencrypt/live/${FQDN}/"
pushd "/var/sentora/hostdata/${USER}/ssl/${FQDN_}/"
echo ~1
rm -f *
ln -s ~1/fullchain.pem "${FQDN}.crt"
ln -s ~1/privkey.pem "${FQDN}.key"
ln -s ~1/chain.pem intermediate.crt
if [ ! -z $ALT_FQDN ]; then
for _domain in $ALT_FQDN; do
cd "/var/sentora/hostdata/${USER}/ssl/${_domain//./_}/"
rm -f *
ln -s ~1/fullchain.pem "${_domain}.crt"
ln -s ~1/privkey.pem "${_domain}.key"
ln -s ~1/chain.pem intermediate.crt
done
fi
#if [ -f "/etc/sentora/panel/bin/daemon.php" ]; then
# php -q "/etc/sentora/panel/bin/daemon.php"
#fi
if service --status-all | grep -Fq 'apache2'; then
service apache2 restart
elif service --status-all | grep -Fq 'httpd'; then
service httpd restart
elif service --status-all | grep -Fq 'nginx'; then
service nginx restart
fi
#!/bin/bash
# certbot-auto --standalone certonly -d matrix.soder.me -d riot.soder.me -d soder.me --tls-sni-01-port 8007 --http-01-port 8006 --standalone-supported-challenges http-01
COMMAND=""
if [ -x "$(command -v letsencrypt)" ]; then
COMMAND="letsencrypt";
elif [ -x "$(command -v letsencrypt-auto)" ]; then
COMMAND="letsencrypt-auto";
elif [ -x "$(command -v certbot-auto)" ]; then
COMMAND="certbot-auto";
elif [ -x "$(command -v certbot)" ]; then
COMMAND="certbot";
fi
$COMMAND renew
if [ -d "/etc/letsencrypt/live/" ]; then
for dir in $(ls -d /etc/letsencrypt/live/*); do
cat $dir/privkey.pem $dir/fullchain.pem > $dir/combined.pem
done
fi
statusall=$(service --status-all)
services=()
services+=("nginx")
services+=("apache2")
services+=("httpd")
services+=("proftpd")
services+=("pure-ftpd")
services+=("dovecot")
services+=("cyrus")
services+=("cyrus-imapd")
services+=("guam")
services+=("postfix")
services+=("exim")
services+=("matrix-synapse")
for i in ${services[@]}; do
if $(echo $statusall | grep -Fq $i); then
service $i restart
fi
done
#cp /etc/letsencrypt/live/mta.grid-servers.net/* /opt/zimbra/ssl/letsencrypt/
#chown zimbra:zimbra /opt/zimbra/ssl/letsencrypt/ -R
  1. I Sentora, gå till "Domain Management" -> "Certificate Manager" -> "Install Signed Certificate"
  2. Välj bara en tom text fil som "Domain Signing Certificate Key", "Signed Server Certificate" och "CA Certificate"
  3. Kör "sh generate_letsencrypt.sh -u SENTORA_USERNAME -d domain.tld"

Behöver göras en gång:
Skriv:
crontab -e

Lägg till:
0 0 * * 1 sh /root/renew_letsencrypt.sh

(Eng)

  1. In Sentora, go to "Domain Management" -> "Certificate Manager" -> "Install Signed Certificate"
  2. Choose any empty file as "Domain Signing Certificate Key", "Signed Server Certificate" och "CA Certificate"
  3. Run "sh generate_letsencrypt.sh -u SENTORA_USERNAME -d domain.tld"

Only needed once:
Enter:
crontab -e

Add the following:
0 0 * * 1 sh /root/renew_letsencrypt.sh

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment