Last active
August 20, 2021 15:46
-
-
Save alberto56/80c418c656bdf218cae663c3ba227e9a to your computer and use it in GitHub Desktop.
Scripts semi-automating settings up LetsEncrypt for Acquia Stage environments (see http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# | |
# Script semi-automating the process of adding LetsEncrypt certificates to | |
# serve Acquia staging sites in HTTPS. | |
# See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/ | |
# | |
set -e | |
BASE="$PWD" | |
echo ' **** ' | |
echo " SET UP LET'S ENCRYPT ON MY ACQUIA STAGE SITE" | |
echo " See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/" | |
echo " See https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a" | |
echo " (requires Docker)" | |
echo ' **** ' | |
echo 'See https://redfinsolutions.com/blog/installing-free-lets-encrypt-ssl-certificates-acquia' | |
echo 'You might want to change this if https://www.drupal.org/project/letsencrypt_challenge has been ported to D8.' | |
LOCALCONFIG="$BASE"/acquia-stage-letsencrypt-environments | |
if ls "$LOCALCONFIG"/environment-*.source 1> /dev/null 2>&1; then | |
echo "We have at least one file in $LOCALCONFIG/environment-*.source" | |
echo "Moving on." | |
else | |
>&2 echo "You need to have at least one file in $LOCALCONFIG/environment-*.source" | |
echo "For example:" | |
echo '' | |
echo "$LOCALCONFIG/environment-my-site.source" | |
echo '' | |
echo "It should contain:" | |
echo '' | |
echo '# This file describes an Acquia environment for which we want to set' | |
echo '# up LetsEncrypt https via the set-up-letsencrypt-acquia-stage.sh' | |
echo '# script.' | |
echo '#' | |
echo '# Project description' | |
echo 'NAME="My Project"' | |
echo '# The main project dashboard' | |
echo 'DASHBOARD=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID' | |
echo '# normally "test", can also be "dev". Prod might not work because we' | |
echo '# to be able to put the target environment into live mode, at least' | |
echo '# until https://www.drupal.org/project/letsencrypt_challenge or some' | |
echo '# other mechanism exists to put challenges into environments via the' | |
echo '# database' | |
echo 'ENVTYPE=test' | |
echo '# SSH access to the server' | |
echo 'SSH=mywebsite.test@staging-12345.prod.hosting.acquia.com' | |
echo '# Domain for which we want to set up HTTPS, without the protocol.' | |
echo 'URL=mywebsitestg.prod.acquia-sites.com' | |
echo '# The project namespace on Acquia. This should be the string just' | |
echo '# before "test" in the ssh connection string.' | |
echo 'NAMESPACE=mywebsite' | |
echo '# URL to the dashboard where you can insert an SSL certificate' | |
echo 'SSLINSTALL=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID/ssl/install' | |
echo '' | |
exit 1 | |
fi | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
if [ -z "$NAME" ]; then | |
>&2 echo "Make sure $f has NAME=..." | |
exit 1; | |
fi | |
if [ -z "$DASHBOARD" ]; then | |
>&2 echo "Make sure $f has DASHBOARD=..." | |
exit 1; | |
fi | |
if [ -z "$ENVTYPE" ]; then | |
>&2 echo "Make sure $f has ENVTYPE=..." | |
exit 1; | |
fi | |
if [ -z "$SSH" ]; then | |
>&2 echo "Make sure $f has SSH=..." | |
exit 1; | |
fi | |
if [ -z "$URL" ]; then | |
>&2 echo "Make sure $f has URL=..." | |
exit 1; | |
fi | |
if [ -z "$NAMESPACE" ]; then | |
>&2 echo "Make sure $f has NAMESPACE=..." | |
exit 1; | |
fi | |
if [ -z "$SSLINSTALL" ]; then | |
>&2 echo "Make sure $f has SSLINSTALL=..." | |
exit 1; | |
fi | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\n----\nNOW MANAGING $NAME\n--" | |
echo -e "\nPlease make sure your site is in LIVE DEV mode at $DASHBOARD and hit any key\n" | |
read -p "Press enter to continue" | |
echo '' | |
echo 'You will be now be using the certbot to help you generate a cert.' | |
echo 'Enter Y, then when you prompted to create a file on the server' | |
echo 'run these commands in a separate terminal window before hitting enter' | |
echo '' | |
echo ' DATA=[enter data here]' | |
echo ' FILENAME=[file name here]' | |
echo '' | |
echo ' (ssh '"$SSH"' "mkdir -p /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge"; ssh '"$SSH"' "echo $''DATA > /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge/$''FILENAME")' | |
echo '' | |
mkdir -p "$BASE"/do-not-commit/certs | |
docker run --rm -it -v "$BASE"/do-not-commit/certs:/etc/letsencrypt -p 443:443 certbot/certbot certonly -d "$URL" --manual | |
echo -e "\nOpen $SSLINSTALL\n" | |
read -p "Press enter to continue" | |
DATE=$(date +%Y%m%d) | |
echo -e "\nType 'LE$DATE' in the LABEL field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/cert.pem | |
echo '' | |
echo -e "\nPLACE The above in the SSL certificate field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/privkey.pem | |
echo '' | |
echo -e "\nPLACE The above in the SSL private key field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/chain.pem | |
echo '' | |
echo -e "\nPLACE The above in the CA intermediate certificates field\n" | |
read -p "Press enter to continue" | |
echo -e "\nClick the INSTALL button\n" | |
read -p "Press enter to continue" | |
echo -e "\nPlease make sure your site is NOT in LIVE DEV mode at $DASHBOARD and hit any key\n" | |
read -p "Press enter to continue" | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\nOpen $DASHBOARD/ssl\n" | |
read -p "Press enter to continue" | |
echo -e "\nClick ACTIVATE next to the certificate you just created.\n" | |
read -p "Press enter to continue" | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\nTest https://$URL\n" | |
echo -e "\n(Note that this can take UP TO AN HOUR to work, leave a comment at https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a with your findings.\n" | |
read -p "Press enter to continue" | |
done | |
echo "-----" | |
echo "All done!" | |
echo "'Till next time" | |
echo "-----" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment