Skip to content

Instantly share code, notes, and snippets.

@TehPeGaSuS
Last active February 9, 2024 00:15
Show Gist options
  • Save TehPeGaSuS/f1a27540de16d44137526c3bf69cf26d to your computer and use it in GitHub Desktop.
Save TehPeGaSuS/f1a27540de16d44137526c3bf69cf26d to your computer and use it in GitHub Desktop.
Automate UnrealIRCd certificates renewal with Certbot
#!/usr/bin/env bash
# NOTE:
# This script was made to work with certbot. I don't guarantee it will
# work with other ACME clients.
#
# This was tested in Ubuntu 20.04 and higher. This should work as it is on
# any Debian/Ubuntu based distros. For other distros please check Certbot
# documentation.
#
#
# USAGE:
# Create a folder named `scripts` inside `/etc/letsencrypt` with:
# mkdir -p /etc/letsencrypt/scripts
#
# Place this script inside `/etc/letsencrypt/scripts` and name it `deploy_irc.sh`
#
# Make the script executable with:
# chmod +x /etc/letsencrypt/scripts/deploy_irc.sh
#
# Request the certificate with one of the following commands:
# - Normal:
# certbot -d irc.domain.tld --deploy-hook /etc/letsencrypt/scripts/deploy_irc.sh
#
# - SAN certificate:
# certbot -d irc.domain.tld -d servername.domain.tld --deploy-hook /etc/letsencrypt/scripts/deploy_irc.sh
#
#
# ATTENTION:
# The SAN certificate and private key will be saved on /etc/letsencrypt/live/irc.domain.tld and not /etc/letsencrypt/live/servername.domain.tld
#
#
# Edit the domain/subdomain, user and paths to fit your installation
# Enjoy!
# What's your IRC domain/subdomain?
ircDomain=irc.domain.tld
# What is the shell user running UnrealIRCd?
ircUser=ircd
# What is the shell group of the user running UnrealIRCd?
# Usually it's the same as the user specified above.
ircGroup=ircd
# Complete path to UnrealIRCd install directory
# Usually "/home/<user>/unrealircd" when installed normally
ircDir=/home/ircd/unrealircd
# Complete path to the UnrealIRCd tls folder
# Usually `/home/<user>/unrealircd/conf/tls' when installed normally
ircTLS=/home/ircd/unrealircd/conf/tls
# Don't edit anything below unless you know exactly what you're doing.
# If you touch the code below and then complain the script "suddenly stopped working" I'll touch you at night.
case $RENEWED_LINEAGE in
*/"$ircDomain")
cp -f -- "$RENEWED_LINEAGE"/fullchain.pem "$RENEWED_LINEAGE"/privkey.pem "$ircTLS" &&
chown -- "$ircUser":"$ircGroup" "$ircTLS"/fullchain.pem "$ircTLS"/privkey.pem &&
"$ircDir"/unrealircd reloadtls
esac
#!/usr/bin/env bash
# NOTE:
# Script to be used with Certbot and the `Setting up certbot for use with UnrealIRCd' guide
# located at https://www.unrealircd.org/docs/Setting_up_certbot_for_use_with_UnrealIRCd
#
# I can't guarantee that this script will work with other ACME clients
#
# This script was tested on Ubuntu 20.04 and higher. This should work as it is on
# any Debian/Ubuntu based distros.
# For other distros, please check the distro/certbot documentation
#
#
# USAGE:
# Create a folder named `scripts` inside `/etc/letsencrypt` with:
# mkdir -p /etc/letsencrypt/scripts
#
# Place this script inside `/etc/letsencrypt/scripts` and name it `reload_cert.sh`
#
# Make the script executable with:
# chmod +x /etc/letsencrypt/scripts/reload_cert.sh
#
# Request the certificate with one of the following commands:
# - Normal:
# certbot -d irc.domain.tld --deploy-hook /etc/letsencrypt/scripts/reload_cert.sh
#
# - SAN certificate:
# certbot -d irc.domain.tld -d servername.domain.tld --deploy-hook /etc/letsencrypt/scripts/reload_cert.sh
#
#
# ATTENTION:
# The SAN certificate and private key will be saved on /etc/letsencrypt/live/irc.domain.tldd and not /etc/letsencrypt/live/servername.domain.tld
#
#
# Edit the domain and paths to fit your installation
# Enjoy!
# What's your IRC domain/subdomain?
ircDomain=irc.domain.tld
# Complete path to the UnrealIRCd install directory
# Usually "/home/<user>/unrealircd" when installed normally
ircDir=/home/ircd/unrealircd
# Don't edit anything below unless you know exactly what you're doing.
# If you touch the code below and then complain the script "suddenly stopped working" I'll touch you at night.
case $RENEWED_LINEAGE in
*/"$ircDomain")
"$ircDir"/unrealircd reloadtls
esac
@TehPeGaSuS
Copy link
Author

TehPeGaSuS commented Feb 16, 2021

You need to do some minor changes to your listen block, depending on how you plan to deploy the certs.
Using the deploy_irc script, your listen block must be something like this:

listen {
	ip <ip address>;
	port 6697;
	options {
		tls;
		clientsonly;
	}
	tls-options {
		certificate "tls/fullchain.pem";
		key "tls/privkey.pem";
	}
}

If you're using the reload_cert.sh instead, your listen block needs to be similar to this:

listen {
	ip <ip address>;
	port 6697;
	options {
		tls;
		clientsonly;
	}
	tls-options {
		certificate "/etc/letsencrypt/live/your.subdomain.tld/fullchain.pem";
		key "/etc/letsencrypt/live/your.subdomain.tld/privkey.pem";
	}
}

@Shillos
Copy link

Shillos commented Jul 15, 2021

This is nice a neat. I might use this at a later date, instead of manually doing things. thx mate!

@TehPeGaSuS
Copy link
Author

TehPeGaSuS commented Apr 11, 2023

This is nice a neat. I might use this at a later date, instead of manually doing things. thx mate!

You should probably update the fork :D

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment