thejimnicholson/letsencrypt-dns.sh

## letsencrypt-dns.sh
#!/bin/bash
#
# Run this on your Zentyal server from an ssh session as root.
#
# Inject your AWS credentials here
export AWS_ACCESS_KEY_ID=""
export AWS_SECRET_ACCESS_KEY=""
export HOST_FQDN="my.domain.com"
export ACCOUNT_EMAIL="your@email.co"

apt install -y git socat
cd /tmp
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh
./acme.sh --install --accountemail ${ACCOUNT_EMAIL}
# Restart your root shell at this point, by (for example) logging out and back in.
# Set the default CA to letsencrypt
acme.sh --set-default-ca --server letsencryptacme.sh
acme.sh --issue -d ${HOST_FQDN} --dns dns_aws --ocsp-must-staple --keylength 4096  --force --log
acme.sh --install-cert -d ${HOST_FQDN} \
  --reloadcmd "cat /root/.acme.sh/${HOST_FQDN}/${HOST_FQDN}.cer /root/.acme.sh/${HOST_FQDN}/${HOST_FQDN}.key > /var/lib/zentyal/conf/ssl/ssl.pem && systemctl restart zentyal.webadmin-nginx.service"
	#!/bin/bash
	#
	# Run this on your Zentyal server from an ssh session as root.
	#
	# Inject your AWS credentials here
	export AWS_ACCESS_KEY_ID=""
	export AWS_SECRET_ACCESS_KEY=""
	export HOST_FQDN="my.domain.com"
	export ACCOUNT_EMAIL="your@email.co"

	apt install -y git socat
	cd /tmp
	git clone https://github.com/acmesh-official/acme.sh.git
	cd acme.sh
	./acme.sh --install --accountemail ${ACCOUNT_EMAIL}
	# Restart your root shell at this point, by (for example) logging out and back in.
	# Set the default CA to letsencrypt
	acme.sh --set-default-ca --server letsencryptacme.sh
	acme.sh --issue -d ${HOST_FQDN} --dns dns_aws --ocsp-must-staple --keylength 4096 --force --log
	acme.sh --install-cert -d ${HOST_FQDN} \
	--reloadcmd "cat /root/.acme.sh/${HOST_FQDN}/${HOST_FQDN}.cer /root/.acme.sh/${HOST_FQDN}/${HOST_FQDN}.key > /var/lib/zentyal/conf/ssl/ssl.pem && systemctl restart zentyal.webadmin-nginx.service"