Scripts semi-automating settings up LetsEncrypt for Acquia Stage environments (see http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/)

set-up-letsencrypt-acquia-stage.sh

#!/bin/bash
#
# Script semi-automating the process of adding LetsEncrypt certificates to
# serve Acquia staging sites in HTTPS.
# See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/
#
set -e

BASE="$PWD"

echo ' **** '
echo " SET UP LET'S ENCRYPT ON MY ACQUIA STAGE SITE"
echo " See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/"
echo " See https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a"
echo " (requires Docker)"
echo ' **** '

echo 'See https://redfinsolutions.com/blog/installing-free-lets-encrypt-ssl-certificates-acquia'
echo 'You might want to change this if https://www.drupal.org/project/letsencrypt_challenge has been ported to D8.'

LOCALCONFIG="$BASE"/acquia-stage-letsencrypt-environments

if ls "$LOCALCONFIG"/environment-*.source 1> /dev/null 2>&1; then
  echo "We have at least one file in $LOCALCONFIG/environment-*.source"
  echo "Moving on."
else
  >&2 echo  "You need to have at least one file in $LOCALCONFIG/environment-*.source"
  echo "For example:"
  echo ''
  echo "$LOCALCONFIG/environment-my-site.source"
  echo ''
  echo "It should contain:"
  echo ''
  echo '# This file describes an Acquia environment for which we want to set'
  echo '# up LetsEncrypt https via the set-up-letsencrypt-acquia-stage.sh'
  echo '# script.'
  echo '#'
  echo '# Project description'
  echo 'NAME="My Project"'
  echo '# The main project dashboard'
  echo 'DASHBOARD=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID'
  echo '# normally "test", can also be "dev". Prod might not work because we'
  echo '# to be able to put the target environment into live mode, at least'
  echo '# until https://www.drupal.org/project/letsencrypt_challenge or some'
  echo '# other mechanism exists to put challenges into environments via the'
  echo '# database'
  echo 'ENVTYPE=test'
  echo '# SSH access to the server'
  echo 'SSH=mywebsite.test@staging-12345.prod.hosting.acquia.com'
  echo '# Domain for which we want to set up HTTPS, without the protocol.'
  echo 'URL=mywebsitestg.prod.acquia-sites.com'
  echo '# The project namespace on Acquia. This should be the string just'
  echo '# before "test" in the ssh connection string.'
  echo 'NAMESPACE=mywebsite'
  echo '# URL to the dashboard where you can insert an SSL certificate'
  echo 'SSLINSTALL=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID/ssl/install'
  echo ''
  exit 1
fi

for f in "$LOCALCONFIG"/environment-*.source
do
  echo "Processing $f file..."
  source "$f"

  if [ -z "$NAME" ]; then
    >&2 echo "Make sure $f has NAME=..."
    exit 1;
  fi
  if [ -z "$DASHBOARD" ]; then
    >&2 echo "Make sure $f has DASHBOARD=..."
    exit 1;
  fi
  if [ -z "$ENVTYPE" ]; then
    >&2 echo "Make sure $f has ENVTYPE=..."
    exit 1;
  fi
  if [ -z "$SSH" ]; then
    >&2 echo "Make sure $f has SSH=..."
    exit 1;
  fi
  if [ -z "$URL" ]; then
    >&2 echo "Make sure $f has URL=..."
    exit 1;
  fi
  if [ -z "$NAMESPACE" ]; then
    >&2 echo "Make sure $f has NAMESPACE=..."
    exit 1;
  fi
  if [ -z "$SSLINSTALL" ]; then
    >&2 echo "Make sure $f has SSLINSTALL=..."
    exit 1;
  fi
done

for f in "$LOCALCONFIG"/environment-*.source
do
  echo "Processing $f file..."
  source "$f"

  echo -e "\n----\nNOW MANAGING $NAME\n--"

  echo -e "\nPlease make sure your site is in LIVE DEV mode at $DASHBOARD and hit any key\n"
  read -p "Press enter to continue"

  echo ''
  echo 'You will be now be using the certbot to help you generate a cert.'
  echo 'Enter Y, then when you prompted to create a file on the server'
  echo 'run these commands in a separate terminal window before hitting enter'
  echo ''
  echo '    DATA=[enter data here]'
  echo '    FILENAME=[file name here]'
  echo ''
  echo '    (ssh '"$SSH"' "mkdir -p /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge"; ssh '"$SSH"' "echo $''DATA > /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge/$''FILENAME")'
  echo ''

  mkdir -p "$BASE"/do-not-commit/certs
  docker run --rm -it -v "$BASE"/do-not-commit/certs:/etc/letsencrypt -p 443:443 certbot/certbot certonly -d "$URL" --manual

  echo -e "\nOpen $SSLINSTALL\n"
  read -p "Press enter to continue"

  DATE=$(date +%Y%m%d)
  echo -e "\nType 'LE$DATE' in the LABEL field\n"
  read -p "Press enter to continue"

  echo ''
  cat ./do-not-commit/certs/live/"$URL"/cert.pem
  echo ''

  echo -e "\nPLACE The above in the SSL certificate field\n"
  read -p "Press enter to continue"

  echo ''
  cat ./do-not-commit/certs/live/"$URL"/privkey.pem
  echo ''

  echo -e "\nPLACE The above in the SSL private key field\n"
  read -p "Press enter to continue"

  echo ''
  cat ./do-not-commit/certs/live/"$URL"/chain.pem
  echo ''

  echo -e "\nPLACE The above in the CA intermediate certificates field\n"
  read -p "Press enter to continue"

  echo -e "\nClick the INSTALL button\n"
  read -p "Press enter to continue"

  echo -e "\nPlease make sure your site is NOT in LIVE DEV mode at $DASHBOARD and hit any key\n"
  read -p "Press enter to continue"
done

for f in "$LOCALCONFIG"/environment-*.source
do
  echo "Processing $f file..."
  source "$f"

  echo -e "\nOpen $DASHBOARD/ssl\n"
  read -p "Press enter to continue"

  echo -e "\nClick ACTIVATE next to the certificate you just created.\n"
  read -p "Press enter to continue"
done

for f in "$LOCALCONFIG"/environment-*.source
do
  echo "Processing $f file..."
  source "$f"

  echo -e "\nTest https://$URL\n"
  echo -e "\n(Note that this can take UP TO AN HOUR to work, leave a comment at https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a with your findings.\n"
  read -p "Press enter to continue"
done

echo "-----"
echo "All done!"
echo "'Till next time"
echo "-----"