Skip to content

Instantly share code, notes, and snippets.

@espro
Created July 9, 2020 04:19
Show Gist options
  • Save espro/33166f74f4ca9fc6621e474e2dc7a34a to your computer and use it in GitHub Desktop.
Save espro/33166f74f4ca9fc6621e474e2dc7a34a to your computer and use it in GitHub Desktop.
Replace Bitwarden's run.sh default certbot HTTP challenge method with dns-cloudflare
*** run.sh 2020-07-09 00:18:13.829515273 -0400
--- bwdata/scripts/run.sh 2020-07-09 00:18:06.925540167 -0400
*************** function install() {
*** 68,78 ****
read EMAIL
echo ""
mkdir -p $OUTPUT_DIR/letsencrypt
! docker pull certbot/certbot
! docker run -it --rm --name certbot -p 80:80 -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! certonly --standalone --noninteractive --agree-tos --preferred-challenges http \
! --email $EMAIL -d $DOMAIN --logs-dir /etc/letsencrypt/logs
fi
fi
--- 68,101 ----
read EMAIL
echo ""
+ echo -e -n "${CYAN}(!)${NC} Enter your CloudFlare email address: "
+ read CFEMAIL
+ echo ""
+
+ echo -e -n "${CYAN}(!)${NC} Enter your CloudFlare API key: "
+ read CFAPI
+ echo ""
+
+ mkdir -p "$ENV_DIR"
+ touch "$ENV_DIR/cloudflare.ini"
+ chmod 600 "$ENV_DIR/cloudflare.ini"
+ echo "dns_cloudflare_email = $CFEMAIL" > "$ENV_DIR/cloudflare.ini"
+ echo "dns_cloudflare_api_key = $CFAPI" >> "$ENV_DIR/cloudflare.ini"
+
mkdir -p $OUTPUT_DIR/letsencrypt
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! certonly \
! --dns-cloudflare \
! --dns-cloudflare-credentials "/cloudflare.ini" \
! -d "$DOMAIN" \
! --email "$EMAIL" \
! --agree-tos \
! --logs-dir /etc/letsencrypt/logs \
! --server https://acme-v02.api.letsencrypt.org/directory
!
fi
fi
*************** function dockerPrune() {
*** 141,160 ****
function updateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker pull certbot/certbot
! docker run -i --rm --name certbot -p 443:443 -p 80:80 \
! -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! renew --logs-dir /etc/letsencrypt/logs
fi
}
function forceUpdateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker pull certbot/certbot
! docker run -i --rm --name certbot -p 443:443 -p 80:80 \
! -v $OUTPUT_DIR/letsencrypt:/etc/letsencrypt/ certbot/certbot \
! renew --logs-dir /etc/letsencrypt/logs --force-renew
fi
}
--- 164,194 ----
function updateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! renew \
! --dns-cloudflare \
! --dns-cloudflare-credentials /cloudflare.ini \
! --logs-dir /etc/letsencrypt/logs
!
fi
}
function forceUpdateLetsEncrypt() {
if [ -d "${OUTPUT_DIR}/letsencrypt/live" ]
then
! docker run -ti --rm \
! -v "$OUTPUT_DIR/letsencrypt:/etc/letsencrypt/" \
! -v "$ENV_DIR/cloudflare.ini:/cloudflare.ini" \
! certbot/dns-cloudflare:latest \
! renew \
! --dns-cloudflare \
! --dns-cloudflare-credentials /cloudflare.ini \
! --logs-dir /etc/letsencrypt/logs \
! --force-renew
!
fi
}
@espro
Copy link
Author

espro commented Jul 9, 2020

This applies against ~/bwdata/scripts/run.sh. You'll likely need to run ./bitwarden.sh install to generate the initial downloads. After patching you'll need to comment out any calls to downloadRunFile in bitwarden.sh as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment