Skip to content

Instantly share code, notes, and snippets.

@peledies

peledies/LetsEncrypt Quick Setup

Created February 20, 2017 19:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save peledies/2b7ef3a4f63d03f8b662a68b21152fb5 to your computer and use it in GitHub Desktop.
Save peledies/2b7ef3a4f63d03f8b662a68b21152fb5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
LetsEncrypt Quick Setup
#!/bin/bash
########################################################
# letsEncrypt.sh -- Script to set up SSL encryption on #
# your server and configure your apache virtualhost to #
# accomodate SSL encryption via letsencrypt #
# #
# Author: Deac Karns #
# Email: peledies@gmail.com #
# #
# Configure: Change the variable in the top of script #
# #
# Requirements: Apache2, Ubuntu >= 16 #
# #
# #
# Usage: sudo ./letsEncrypt.sh #
# #
########################################################
pushd $(dirname $0) > /dev/null; SCRIPTPATH=$(pwd); popd > /dev/null
#######################
# SET THESE VARIABLES #
#######################
URL='example.com'
WEBROOT='/var/www/html/example.com/public/'
PROJECTROOT='/var/www/html/example.com/'
ADMIN_EMAIL='admin@example.com'
#######################
# DO NOT MODIFY BELOW #
#######################
green=$(tput setaf 2)
gold=$(tput setaf 3)
magenta=$(tput setaf 5)
cyan=$(tput setaf 6)
red=$(tput setaf 1)
default=$(tput sgr0)
BOOTUP=color
RES_COL=0
RES_COL_B=20
MOVE_TO_COL_B="echo -en \\033[${RES_COL_B}G"
MOVE_TO_COL="echo -en \\033[${RES_COL}G"
SETCOLOR_SUCCESS="echo -en \\033[1;32m"
SETCOLOR_FAILURE="echo -en \\033[1;31m"
SETCOLOR_WARNING="echo -en \\033[1;33m"
SETCOLOR_NORMAL="echo -en \\033[0;39m"
echo_start() {
[ "$BOOTUP" = "color" ] && $MOVE_TO_COL
echo -n "["
[ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
echo -n $"..."
[ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
echo -n "]"
$MOVE_TO_COL_B
return 0
}
echo_success() {
[ "$BOOTUP" = "color" ] && $MOVE_TO_COL
echo -n "["
[ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
echo -n $" OK "
[ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
echo -n "]"
echo -ne "\n"
return 0
}
echo_done() {
[ "$BOOTUP" = "color" ] && $MOVE_TO_COL
echo -n "["
[ "$BOOTUP" = "color" ] && $SETCOLOR_SUCCESS
echo -n $" DONE "
[ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
echo -n "]"
echo -ne "\n"
return 0
}
echo_failure() {
[ "$BOOTUP" = "color" ] && $MOVE_TO_COL
echo -n "["
[ "$BOOTUP" = "color" ] && $SETCOLOR_FAILURE
echo -n $"FAILED"
[ "$BOOTUP" = "color" ] && $SETCOLOR_NORMAL
echo -n "]"
echo -ne "\n"
return 1
}
test_for_success() {
rc=$1
if [[ $rc -eq 0 ]]; then
echo_success
elif [ "$2" = "allow" ]; then
echo_failure
else
echo_failure
exit $rc
fi
}
##########################
# Ensure Root privileges #
##########################
if [ "$(whoami)" != "root" ]; then
echo "${gold} !- You will need to run this with root, or sudo. -!"
exit 1
fi
echo_start
echo -n "${gold}Updating aptitude${default}"
sudo apt update > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Installing LetsEncrypt${default}"
sudo apt install python-letsencrypt-apache -y > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Enable Apache ssl module${default}"
sudo a2enmod ssl > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Restart Apache${default}"
sudo systemctl restart apache2 > /dev/null 2>&1
test_for_success $?
# Write access rule to allow letsencrypt to verify certs
echo_start
echo -n "${gold}Creating allow rule for letsencrypt to check cert${default}"
cat <<EOF > $WEBROOT.well-known/.htaccess
order allow,deny
allow from all
EOF
test_for_success $?
if [ ! -d "$WEBROOT/.well-known/acme-challenge" ]; then
sudo letsencrypt certonly \
--agree-tos \
--keep-until-expiring \
--email $ADMIN_EMAIL
-d $URL \
-a webroot \
--webroot-path $WEBROOT
fi
#disable the existing virtual host
echo_start
echo -n "${gold}Disable existing Virtualhost $URL ${default}"
a2dissite $URL > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Writing new Virtualhost file with SSL redirect${default}"
cat <<EOF > /etc/apache2/sites-available/$URL.conf
<VirtualHost *:80>
ServerAdmin $ADMIN_EMAIL
ServerName $URL
Redirect permanent / https://$URL
</VirtualHost>
<VirtualHost *:443>
ServerName $URL
DocumentRoot $WEBROOT
UseCanonicalName Off
<Directory $PROJECTROOT>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/$URL-error_log
CustomLog /var/log/apache2/$URL-access_log common
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/$URL/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/$URL/privkey.pem
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript
DeflateCompressionLevel 9
</VirtualHost>
EOF
test_for_success $?
#enable the new virtual host
echo_start
echo -n "${gold}Enabling new SSL configuration for $URL ${default}"
a2ensite $URL > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Reloading Apache Virtualhost files${default}"
service apache2 reload > /dev/null 2>&1
test_for_success $?
echo_start
echo -n "${gold}Creating LestEncrypt renew log at /var/log/le-renew.log${default}"
sudo touch /var/log/le-renew.log && sudo chmod 666 /var/log/le-renew.log
test_for_success $?
if grep -Fxq "30 2 * * 1 echo -- \$(date) -- >> /var/log/le-renew.log && /usr/bin/letsencrypt renew >> /var/log/le-renew.log" /var/spool/cron/crontabs/root
then
echo_start
echo -n "${gold}Skipping LetsEncrypt Renewal crontab addition, line exists ${default}"
test_for_success $?
else
echo_start
echo -n "${gold}Adding LetsEncrypt Renewal line to root crontab ${default}"
#write out current crontab
crontab -l > ohmycron
#echo new cron into cron file
echo "30 2 * * 1 echo -- \$(date) -- >> /var/log/le-renew.log && /usr/bin/letsencrypt renew >> /var/log/le-renew.log" >> ohmycron
#install new cron file
crontab ohmycron
rm ohmycron
test_for_success $?
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment