Scripts semi-automating settings up LetsEncrypt for Acquia Stage environments (see http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/)
#!/bin/bash | |
# | |
# Script semi-automating the process of adding LetsEncrypt certificates to | |
# serve Acquia staging sites in HTTPS. | |
# See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/ | |
# | |
set -e | |
BASE="$PWD" | |
echo ' **** ' | |
echo " SET UP LET'S ENCRYPT ON MY ACQUIA STAGE SITE" | |
echo " See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/" | |
echo " See https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a" | |
echo " (requires Docker)" | |
echo ' **** ' | |
echo 'See https://redfinsolutions.com/blog/installing-free-lets-encrypt-ssl-certificates-acquia' | |
echo 'You might want to change this if https://www.drupal.org/project/letsencrypt_challenge has been ported to D8.' | |
LOCALCONFIG="$BASE"/acquia-stage-letsencrypt-environments | |
if ls "$LOCALCONFIG"/environment-*.source 1> /dev/null 2>&1; then | |
echo "We have at least one file in $LOCALCONFIG/environment-*.source" | |
echo "Moving on." | |
else | |
>&2 echo "You need to have at least one file in $LOCALCONFIG/environment-*.source" | |
echo "For example:" | |
echo '' | |
echo "$LOCALCONFIG/environment-my-site.source" | |
echo '' | |
echo "It should contain:" | |
echo '' | |
echo '# This file describes an Acquia environment for which we want to set' | |
echo '# up LetsEncrypt https via the set-up-letsencrypt-acquia-stage.sh' | |
echo '# script.' | |
echo '#' | |
echo '# Project description' | |
echo 'NAME="My Project"' | |
echo '# The main project dashboard' | |
echo 'DASHBOARD=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID' | |
echo '# normally "test", can also be "dev". Prod might not work because we' | |
echo '# to be able to put the target environment into live mode, at least' | |
echo '# until https://www.drupal.org/project/letsencrypt_challenge or some' | |
echo '# other mechanism exists to put challenges into environments via the' | |
echo '# database' | |
echo 'ENVTYPE=test' | |
echo '# SSH access to the server' | |
echo 'SSH=mywebsite.test@staging-12345.prod.hosting.acquia.com' | |
echo '# Domain for which we want to set up HTTPS, without the protocol.' | |
echo 'URL=mywebsitestg.prod.acquia-sites.com' | |
echo '# The project namespace on Acquia. This should be the string just' | |
echo '# before "test" in the ssh connection string.' | |
echo 'NAMESPACE=mywebsite' | |
echo '# URL to the dashboard where you can insert an SSL certificate' | |
echo 'SSLINSTALL=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID/ssl/install' | |
echo '' | |
exit 1 | |
fi | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
if [ -z "$NAME" ]; then | |
>&2 echo "Make sure $f has NAME=..." | |
exit 1; | |
fi | |
if [ -z "$DASHBOARD" ]; then | |
>&2 echo "Make sure $f has DASHBOARD=..." | |
exit 1; | |
fi | |
if [ -z "$ENVTYPE" ]; then | |
>&2 echo "Make sure $f has ENVTYPE=..." | |
exit 1; | |
fi | |
if [ -z "$SSH" ]; then | |
>&2 echo "Make sure $f has SSH=..." | |
exit 1; | |
fi | |
if [ -z "$URL" ]; then | |
>&2 echo "Make sure $f has URL=..." | |
exit 1; | |
fi | |
if [ -z "$NAMESPACE" ]; then | |
>&2 echo "Make sure $f has NAMESPACE=..." | |
exit 1; | |
fi | |
if [ -z "$SSLINSTALL" ]; then | |
>&2 echo "Make sure $f has SSLINSTALL=..." | |
exit 1; | |
fi | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\n----\nNOW MANAGING $NAME\n--" | |
echo -e "\nPlease make sure your site is in LIVE DEV mode at $DASHBOARD and hit any key\n" | |
read -p "Press enter to continue" | |
echo '' | |
echo 'You will be now be using the certbot to help you generate a cert.' | |
echo 'Enter Y, then when you prompted to create a file on the server' | |
echo 'run these commands in a separate terminal window before hitting enter' | |
echo '' | |
echo ' DATA=[enter data here]' | |
echo ' FILENAME=[file name here]' | |
echo '' | |
echo ' (ssh '"$SSH"' "mkdir -p /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge"; ssh '"$SSH"' "echo $''DATA > /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge/$''FILENAME")' | |
echo '' | |
mkdir -p "$BASE"/do-not-commit/certs | |
docker run --rm -it -v "$BASE"/do-not-commit/certs:/etc/letsencrypt -p 443:443 certbot/certbot certonly -d "$URL" --manual | |
echo -e "\nOpen $SSLINSTALL\n" | |
read -p "Press enter to continue" | |
DATE=$(date +%Y%m%d) | |
echo -e "\nType 'LE$DATE' in the LABEL field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/cert.pem | |
echo '' | |
echo -e "\nPLACE The above in the SSL certificate field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/privkey.pem | |
echo '' | |
echo -e "\nPLACE The above in the SSL private key field\n" | |
read -p "Press enter to continue" | |
echo '' | |
cat ./do-not-commit/certs/live/"$URL"/chain.pem | |
echo '' | |
echo -e "\nPLACE The above in the CA intermediate certificates field\n" | |
read -p "Press enter to continue" | |
echo -e "\nClick the INSTALL button\n" | |
read -p "Press enter to continue" | |
echo -e "\nPlease make sure your site is NOT in LIVE DEV mode at $DASHBOARD and hit any key\n" | |
read -p "Press enter to continue" | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\nOpen $DASHBOARD/ssl\n" | |
read -p "Press enter to continue" | |
echo -e "\nClick ACTIVATE next to the certificate you just created.\n" | |
read -p "Press enter to continue" | |
done | |
for f in "$LOCALCONFIG"/environment-*.source | |
do | |
echo "Processing $f file..." | |
source "$f" | |
echo -e "\nTest https://$URL\n" | |
echo -e "\n(Note that this can take UP TO AN HOUR to work, leave a comment at https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a with your findings.\n" | |
read -p "Press enter to continue" | |
done | |
echo "-----" | |
echo "All done!" | |
echo "'Till next time" | |
echo "-----" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment