kentasaito/deno_getssl_bot.sh

## deno_getssl_bot.sh
# 1. Create deno user and install Deno
useradd deno -m -s /bin/bash
rm /home/deno/.*
apt install unzip
sudo -u deno bash -c 'curl -fsSL https://deno.land/x/install/install.sh | sh'

# 2. Create a process that runs on systemd
mkdir /home/deno/deno_getssl_bot
cat <<'EOL' > /home/deno/deno_getssl_bot/deno_getssl_bot.service
[Service]
User=deno
WorkingDirectory=/home/deno/deno_getssl_bot
AmbientCapabilities=CAP_NET_BIND_SERVICE
ExecStart=/home/deno/deno_getssl_bot/run.sh
[Install]
WantedBy=multi-user.target
EOL
cat <<'EOL' > /home/deno/deno_getssl_bot/run.sh
#!/bin/bash
/home/deno/.deno/bin/deno run --watch --allow-read --allow-net main.ts
EOL
chmod 755 /home/deno/deno_getssl_bot/run.sh
cat <<'EOL' > /home/deno/deno_getssl_bot/main.ts
import { serve } from 'https://deno.land/std@0.166.0/http/server.ts';
function handler(request) {
	const url = new URL(request.url);
	if (url.pathname.startsWith('/.well-known/acme-challenge/')) {
		try {
			return new Response(Deno.readFileSync('.' + url.pathname));
		} catch (error) {
			return new Response('Not Found', {
				status: 404,
			});
		}
	} else {
		return Response.redirect(request.url.replace(/^http:/, 'https:'));
	}
}
serve(handler, {
	port: 80,
});
EOL
chown -R deno:deno /home/deno/deno_getssl_bot
ln -s /home/deno/deno_getssl_bot/deno_getssl_bot.service /etc/systemd/system/deno_getssl_bot.service
systemctl enable deno_getssl_bot
systemctl start deno_getssl_bot

# 3. Download getssl and execute
sudo -u deno -i bash -c 'curl --silent https://raw.githubusercontent.com/srvrco/getssl/v2.47/getssl > getssl ; chmod 700 getssl'
sudo -u deno -i ./getssl -c $FQDN
cat <<'EOL' > /home/deno/.getssl/getssl.cfg
CA="https://acme-staging-v02.api.letsencrypt.org"
ACCOUNT_KEY_LENGTH=4096
ACCOUNT_KEY="/home/deno/.getssl/account.key"
PRIVATE_KEY_ALG="rsa"
RENEW_ALLOW="30"
SERVER_TYPE="https"
CHECK_REMOTE="true"
EOL
cat <<'EOL' > /home/deno/.getssl/$FQDN/getssl.cfg
ACL=('/home/deno/deno_getssl_bot/.well-known/acme-challenge')
EOL
sudo -u deno -i ./getssl $FQDN

# 4. Create a crontab
sudo -u deno bash -c '(crontab -l; echo "23 5 * * * /home/deno/getssl -u -a -q") | crontab -'
	# 1. Create deno user and install Deno
	useradd deno -m -s /bin/bash
	rm /home/deno/.*
	apt install unzip
	sudo -u deno bash -c 'curl -fsSL https://deno.land/x/install/install.sh \| sh'

	# 2. Create a process that runs on systemd
	mkdir /home/deno/deno_getssl_bot
	cat <<'EOL' > /home/deno/deno_getssl_bot/deno_getssl_bot.service
	[Service]
	User=deno
	WorkingDirectory=/home/deno/deno_getssl_bot
	AmbientCapabilities=CAP_NET_BIND_SERVICE
	ExecStart=/home/deno/deno_getssl_bot/run.sh
	[Install]
	WantedBy=multi-user.target
	EOL
	cat <<'EOL' > /home/deno/deno_getssl_bot/run.sh
	#!/bin/bash
	/home/deno/.deno/bin/deno run --watch --allow-read --allow-net main.ts
	EOL
	chmod 755 /home/deno/deno_getssl_bot/run.sh
	cat <<'EOL' > /home/deno/deno_getssl_bot/main.ts
	import { serve } from 'https://deno.land/std@0.166.0/http/server.ts';
	function handler(request) {
	const url = new URL(request.url);
	if (url.pathname.startsWith('/.well-known/acme-challenge/')) {
	try {
	return new Response(Deno.readFileSync('.' + url.pathname));
	} catch (error) {
	return new Response('Not Found', {
	status: 404,
	});
	}
	} else {
	return Response.redirect(request.url.replace(/^http:/, 'https:'));
	}
	}
	serve(handler, {
	port: 80,
	});
	EOL
	chown -R deno:deno /home/deno/deno_getssl_bot
	ln -s /home/deno/deno_getssl_bot/deno_getssl_bot.service /etc/systemd/system/deno_getssl_bot.service
	systemctl enable deno_getssl_bot
	systemctl start deno_getssl_bot

	# 3. Download getssl and execute
	sudo -u deno -i bash -c 'curl --silent https://raw.githubusercontent.com/srvrco/getssl/v2.47/getssl > getssl ; chmod 700 getssl'
	sudo -u deno -i ./getssl -c $FQDN
	cat <<'EOL' > /home/deno/.getssl/getssl.cfg
	CA="https://acme-staging-v02.api.letsencrypt.org"
	ACCOUNT_KEY_LENGTH=4096
	ACCOUNT_KEY="/home/deno/.getssl/account.key"
	PRIVATE_KEY_ALG="rsa"
	RENEW_ALLOW="30"
	SERVER_TYPE="https"
	CHECK_REMOTE="true"
	EOL
	cat <<'EOL' > /home/deno/.getssl/$FQDN/getssl.cfg
	ACL=('/home/deno/deno_getssl_bot/.well-known/acme-challenge')
	EOL
	sudo -u deno -i ./getssl $FQDN

	# 4. Create a crontab
	sudo -u deno bash -c '(crontab -l; echo "23 5 * * * /home/deno/getssl -u -a -q") \| crontab -'