os1ma/setup_lightsail_wordpress_letsencrypt.sh

## setup_lightsail_wordpress_letsencrypt.sh
#!/bin/bash
#
# Lightsail WordPress の Let's Encrypt による SSL 化スクリプト
#
# 第 1 引数: ドメイン
# 第 2 引数: メールアドレス
#
# 使用例) ./setup_lightsail_wordpress_letsencrypt.sh example.com mail@example.com
#

set -o errexit
set -o nounset
set -o pipefail
set -o xtrace

readonly DOMAIN_NAME="$1"
readonly EMAIL="$2"

readonly SCRIPT_DIR="$(cd "$(dirname "$0")"; pwd)"

#
# パッケージロックファイルを削除
#
delete_package_lock_files() {
  local package_lock_files=(
    '/var/lib/apt/lists/lock'
    '/var/cache/apt/archives/lock'
    '/var/lib/dpkg/lock'
    '/var/lib/dpkg/lock-frontend'
  )

  for lock_file in "${package_lock_files[@]}"; do
    if [[ -e "${lock_file}" ]]; then
      sudo rm "${lock_file}"
    fi
  done
  sudo dpkg --configure -a
}

#
# Let's Encrypt で SSL 証明書をセットアップ
#
setup_cert_with_letsencrypt() {
  local letsencrypt_home="${SCRIPT_DIR}/letsencrypt"

  if [[ ! -e "${letsencrypt_home}" ]]; then
    git clone https://github.com/letsencrypt/letsencrypt
  fi

  "${letsencrypt_home}/letsencrypt-auto" certonly \
    --webroot \
    -w /opt/bitnami/apps/wordpress/htdocs/ \
    -d "${DOMAIN_NAME}" \
    -m "${EMAIL}" \
    --agree-tos \
    --non-interactive

  sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" /opt/bitnami/apache2/conf/server.crt
  sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" /opt/bitnami/apache2/conf/server.key

  sudo /opt/bitnami/ctlscript.sh restart apache
}

#
# 証明書更新用スクリプトを作成し、cron で毎週日曜日の朝4時に実行されるよう設定
#
set_cert_update_cron() {
  local cert_update_script_dir="${HOME}/bin"
  local cert_update_script="${cert_update_script_dir}/update_cert.sh"

  mkdir -p "${cert_update_script_dir}"

  cat << EOT > "${cert_update_script}"
#!/bin/bash

# --force-renewal をつけていないため、期限まで30日以内の場合に更新される
sudo /home/bitnami/letsencrypt/certbot-auto renew
sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /opt/bitnami/apache2/conf/server.crt
sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /opt/bitnami/apache2/conf/server.key
sudo /opt/bitnami/ctlscript.sh restart apache
EOT

  chmod +x "${cert_update_script}"
  echo "0 4 * * 0 ${cert_update_script}" | crontab
}

#
# Really Simple SSL プラグインのインストール
#
install_ssl_plugin() {
  local wp_config="${HOME}/apps/wordpress/htdocs/wp-config.php"

  chmod g+w "${wp_config}"
  wp plugin install really-simple-ssl
  wp plugin activate really-simple-ssl
}

#
# Main
#
main() {
  delete_package_lock_files

  setup_cert_with_letsencrypt

  set_cert_update_cron

  install_ssl_plugin
}

main "$@"
	#!/bin/bash
	#
	# Lightsail WordPress の Let's Encrypt による SSL 化スクリプト
	#
	# 第 1 引数: ドメイン
	# 第 2 引数: メールアドレス
	#
	# 使用例) ./setup_lightsail_wordpress_letsencrypt.sh example.com mail@example.com
	#

	set -o errexit
	set -o nounset
	set -o pipefail
	set -o xtrace

	readonly DOMAIN_NAME="$1"
	readonly EMAIL="$2"

	readonly SCRIPT_DIR="$(cd "$(dirname "$0")"; pwd)"

	#
	# パッケージロックファイルを削除
	#
	delete_package_lock_files() {
	local package_lock_files=(
	'/var/lib/apt/lists/lock'
	'/var/cache/apt/archives/lock'
	'/var/lib/dpkg/lock'
	'/var/lib/dpkg/lock-frontend'
	)

	for lock_file in "${package_lock_files[@]}"; do
	if [[ -e "${lock_file}" ]]; then
	sudo rm "${lock_file}"
	fi
	done
	sudo dpkg --configure -a
	}

	#
	# Let's Encrypt で SSL 証明書をセットアップ
	#
	setup_cert_with_letsencrypt() {
	local letsencrypt_home="${SCRIPT_DIR}/letsencrypt"

	if [[ ! -e "${letsencrypt_home}" ]]; then
	git clone https://github.com/letsencrypt/letsencrypt
	fi

	"${letsencrypt_home}/letsencrypt-auto" certonly \
	--webroot \
	-w /opt/bitnami/apps/wordpress/htdocs/ \
	-d "${DOMAIN_NAME}" \
	-m "${EMAIL}" \
	--agree-tos \
	--non-interactive

	sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" /opt/bitnami/apache2/conf/server.crt
	sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" /opt/bitnami/apache2/conf/server.key

	sudo /opt/bitnami/ctlscript.sh restart apache
	}

	#
	# 証明書更新用スクリプトを作成し、cron で毎週日曜日の朝4時に実行されるよう設定
	#
	set_cert_update_cron() {
	local cert_update_script_dir="${HOME}/bin"
	local cert_update_script="${cert_update_script_dir}/update_cert.sh"

	mkdir -p "${cert_update_script_dir}"

	cat << EOT > "${cert_update_script}"
	#!/bin/bash

	# --force-renewal をつけていないため、期限まで30日以内の場合に更新される
	sudo /home/bitnami/letsencrypt/certbot-auto renew
	sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /opt/bitnami/apache2/conf/server.crt
	sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /opt/bitnami/apache2/conf/server.key
	sudo /opt/bitnami/ctlscript.sh restart apache
	EOT

	chmod +x "${cert_update_script}"
	echo "0 4 * * 0 ${cert_update_script}" \| crontab
	}

	#
	# Really Simple SSL プラグインのインストール
	#
	install_ssl_plugin() {
	local wp_config="${HOME}/apps/wordpress/htdocs/wp-config.php"

	chmod g+w "${wp_config}"
	wp plugin install really-simple-ssl
	wp plugin activate really-simple-ssl
	}

	#
	# Main
	#
	main() {
	delete_package_lock_files

	setup_cert_with_letsencrypt

	set_cert_update_cron

	install_ssl_plugin
	}

	main "$@"