Instantly share code, notes, and snippets.

@alberto56 /set-up-letsencrypt-acquia-stage.sh
Last active Oct 12, 2018

Embed
What would you like to do?
Download ZIP
Scripts semi-automating settings up LetsEncrypt for Acquia Stage environments (see http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/)
Raw
set-up-letsencrypt-acquia-stage.sh
#!/bin/bash
#
# Script semi-automating the process of adding LetsEncrypt certificates to
# serve Acquia staging sites in HTTPS.
# See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/
#
set -e
BASE="$PWD"
echo ' **** '
echo " SET UP LET'S ENCRYPT ON MY ACQUIA STAGE SITE"
echo " See http://blog.dcycle.com/blog/2018-10-05/https-acquia-stage/"
echo " See https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a"
echo " (requires Docker)"
echo ' **** '
echo 'See https://redfinsolutions.com/blog/installing-free-lets-encrypt-ssl-certificates-acquia'
echo 'You might want to change this if https://www.drupal.org/project/letsencrypt_challenge has been ported to D8.'
LOCALCONFIG="$BASE"/acquia-stage-letsencrypt-environments
if ls "$LOCALCONFIG"/environment-*.source 1> /dev/null 2>&1; then
echo "We have at least one file in $LOCALCONFIG/environment-*.source"
echo "Moving on."
else
>&2 echo "You need to have at least one file in $LOCALCONFIG/environment-*.source"
echo "For example:"
echo ''
echo "$LOCALCONFIG/environment-my-site.source"
echo ''
echo "It should contain:"
echo ''
echo '# This file describes an Acquia environment for which we want to set'
echo '# up LetsEncrypt https via the set-up-letsencrypt-acquia-stage.sh'
echo '# script.'
echo '#'
echo '# Project description'
echo 'NAME="My Project"'
echo '# The main project dashboard'
echo 'DASHBOARD=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID'
echo '# normally "test", can also be "dev". Prod might not work because we'
echo '# to be able to put the target environment into live mode, at least'
echo '# until https://www.drupal.org/project/letsencrypt_challenge or some'
echo '# other mechanism exists to put challenges into environments via the'
echo '# database'
echo 'ENVTYPE=test'
echo '# SSH access to the server'
echo 'SSH=mywebsite.test@staging-12345.prod.hosting.acquia.com'
echo '# Domain for which we want to set up HTTPS, without the protocol.'
echo 'URL=mywebsitestg.prod.acquia-sites.com'
echo '# The project namespace on Acquia. This should be the string just'
echo '# before "test" in the ssh connection string.'
echo 'NAMESPACE=mywebsite'
echo '# URL to the dashboard where you can insert an SSL certificate'
echo 'SSLINSTALL=https://cloud.acquia.com/app/develop/applications/SITE-UUID/environments/ENV-UUID/ssl/install'
echo ''
exit 1
fi
for f in "$LOCALCONFIG"/environment-*.source
do
echo "Processing $f file..."
source "$f"
if [ -z "$NAME" ]; then
>&2 echo "Make sure $f has NAME=..."
exit 1;
fi
if [ -z "$DASHBOARD" ]; then
>&2 echo "Make sure $f has DASHBOARD=..."
exit 1;
fi
if [ -z "$ENVTYPE" ]; then
>&2 echo "Make sure $f has ENVTYPE=..."
exit 1;
fi
if [ -z "$SSH" ]; then
>&2 echo "Make sure $f has SSH=..."
exit 1;
fi
if [ -z "$URL" ]; then
>&2 echo "Make sure $f has URL=..."
exit 1;
fi
if [ -z "$NAMESPACE" ]; then
>&2 echo "Make sure $f has NAMESPACE=..."
exit 1;
fi
if [ -z "$SSLINSTALL" ]; then
>&2 echo "Make sure $f has SSLINSTALL=..."
exit 1;
fi
done
for f in "$LOCALCONFIG"/environment-*.source
do
echo "Processing $f file..."
source "$f"
echo -e "\n----\nNOW MANAGING $NAME\n--"
echo -e "\nPlease make sure your site is in LIVE DEV mode at $DASHBOARD and hit any key\n"
read -p "Press enter to continue"
echo ''
echo 'You will be now be using the certbot to help you generate a cert.'
echo 'Enter Y, then when you prompted to create a file on the server'
echo 'run these commands in a separate terminal window before hitting enter'
echo ''
echo ' DATA=[enter data here]'
echo ' FILENAME=[file name here]'
echo ''
echo ' (ssh '"$SSH"' "mkdir -p /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge"; ssh '"$SSH"' "echo $''DATA > /mnt/gfs/home/'"$NAMESPACE"'/'"$ENVTYPE"'/livedev/docroot/.well-known/acme-challenge/$''FILENAME")'
echo ''
mkdir -p "$BASE"/do-not-commit/certs
docker run --rm -it -v "$BASE"/do-not-commit/certs:/etc/letsencrypt -p 443:443 certbot/certbot certonly -d "$URL" --manual
echo -e "\nOpen $SSLINSTALL\n"
read -p "Press enter to continue"
DATE=$(date +%Y%m%d)
echo -e "\nType 'LE$DATE' in the LABEL field\n"
read -p "Press enter to continue"
echo ''
cat ./do-not-commit/certs/live/"$URL"/cert.pem
echo ''
echo -e "\nPLACE The above in the SSL certificate field\n"
read -p "Press enter to continue"
echo ''
cat ./do-not-commit/certs/live/"$URL"/privkey.pem
echo ''
echo -e "\nPLACE The above in the SSL private key field\n"
read -p "Press enter to continue"
echo ''
cat ./do-not-commit/certs/live/"$URL"/chain.pem
echo ''
echo -e "\nPLACE The above in the CA intermediate certificates field\n"
read -p "Press enter to continue"
echo -e "\nClick the INSTALL button\n"
read -p "Press enter to continue"
echo -e "\nPlease make sure your site is NOT in LIVE DEV mode at $DASHBOARD and hit any key\n"
read -p "Press enter to continue"
done
for f in "$LOCALCONFIG"/environment-*.source
do
echo "Processing $f file..."
source "$f"
echo -e "\nOpen $DASHBOARD/ssl\n"
read -p "Press enter to continue"
echo -e "\nClick ACTIVATE next to the certificate you just created.\n"
read -p "Press enter to continue"
done
for f in "$LOCALCONFIG"/environment-*.source
do
echo "Processing $f file..."
source "$f"
echo -e "\nTest https://$URL\n"
echo -e "\n(Note that this can take UP TO AN HOUR to work, leave a comment at https://gist.github.com/alberto56/80c418c656bdf218cae663c3ba227e9a with your findings.\n"
read -p "Press enter to continue"
done
echo "-----"
echo "All done!"
echo "'Till next time"
echo "-----"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment