From: Christian Heller Date: Sun, 2 Dec 2018 00:09:36 +0000 (+0100) Subject: Rename letsencrypt scripts. X-Git-Url: https://plomlompom.com/repos/%7B%7Bdb.prefix%7D%7D/static/%7B%7B%20web_path%20%7D%7D/decks/tasks?a=commitdiff_plain;h=8d73bb2af6f64a557ae57c512fa2e097a52f42c1;p=config Rename letsencrypt scripts. --- diff --git a/all_new_2018/letsencrypt.sh b/all_new_2018/letsencrypt.sh index 18f9aa4..5fdf703 100755 --- a/all_new_2018/letsencrypt.sh +++ b/all_new_2018/letsencrypt.sh @@ -1,35 +1,29 @@ #!/bin/sh -# Install or copy LetsEncrypt certificates on/from server. -# -# First argument: server -# Second argument: "get" or "put" -# -# "get" copies the server's /etc/letsencrypt to a local letsencrypt.tar. -# -# "set" copies a local letsencrypt.tar to the server's /etc/letsencrypt. set -e -# Ensure we have a server name as argument. -if [ $# -lt 2 ]; then - echo "Need server and action as arguments." +# Ensure we have a mail address as argument. +if [ $# -lt 1 ]; then + echo "Need mail address as argument." false fi -server="$1" -action="$2" +mail_address="$1" -# So we only get asked once for decrypting our key. -eval $(ssh-agent) -ssh-add ~/.ssh/id_rsa +# We need certbot to get LetsEncrypt certificates. +apt install -y certbot -if [ "${action}" = "get" ]; then - # Get /etc/letsencrypt/ as tar file. - ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' - scp plom@${server}:~/letsencrypt.tar . -elif [ "${action}" = "put" ]; then - # Expand letsencrypt.tar to /etc/letsencrypt/ on server. - scp letsencrypt.tar plom@${server}:~/ - ssh -t plom@${server} 'su -c "rmdir /etc/letsencrypt && mv letsencrypt.tar /etc/ && cd /etc/ && tar xf letsencrypt.tar && rm letsencrypt.tar"' -else - echo "Action must be 'get', or 'put'." - false +# If port 80 blocked by iptables, open it. +set +e +iptables -C INPUT -p tcp --dport 80 -j ACCEPT +open_iptables="$?" +set -e +if [ "${open_iptables}" -eq "1" ]; then + iptables -A INPUT -p tcp --dport 80 -j ACCEPT +fi + +# Create new certificate and copy it to /etc/letsencrypt. +certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" + +# Remove iptables rule to open port 80 if we added it. +if [ "${open_iptables}" -eq "1" ]; then + iptables -D INPUT -p tcp --dport 80 -j ACCEPT fi diff --git a/all_new_2018/letsencrypt_local_set.sh b/all_new_2018/letsencrypt_local_set.sh deleted file mode 100755 index 5fdf703..0000000 --- a/all_new_2018/letsencrypt_local_set.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -set -e - -# Ensure we have a mail address as argument. -if [ $# -lt 1 ]; then - echo "Need mail address as argument." - false -fi -mail_address="$1" - -# We need certbot to get LetsEncrypt certificates. -apt install -y certbot - -# If port 80 blocked by iptables, open it. -set +e -iptables -C INPUT -p tcp --dport 80 -j ACCEPT -open_iptables="$?" -set -e -if [ "${open_iptables}" -eq "1" ]; then - iptables -A INPUT -p tcp --dport 80 -j ACCEPT -fi - -# Create new certificate and copy it to /etc/letsencrypt. -certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)" - -# Remove iptables rule to open port 80 if we added it. -if [ "${open_iptables}" -eq "1" ]; then - iptables -D INPUT -p tcp --dport 80 -j ACCEPT -fi diff --git a/all_new_2018/letsencrypt_remote.sh b/all_new_2018/letsencrypt_remote.sh new file mode 100755 index 0000000..18f9aa4 --- /dev/null +++ b/all_new_2018/letsencrypt_remote.sh @@ -0,0 +1,35 @@ +#!/bin/sh +# Install or copy LetsEncrypt certificates on/from server. +# +# First argument: server +# Second argument: "get" or "put" +# +# "get" copies the server's /etc/letsencrypt to a local letsencrypt.tar. +# +# "set" copies a local letsencrypt.tar to the server's /etc/letsencrypt. +set -e + +# Ensure we have a server name as argument. +if [ $# -lt 2 ]; then + echo "Need server and action as arguments." + false +fi +server="$1" +action="$2" + +# So we only get asked once for decrypting our key. +eval $(ssh-agent) +ssh-add ~/.ssh/id_rsa + +if [ "${action}" = "get" ]; then + # Get /etc/letsencrypt/ as tar file. + ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"' + scp plom@${server}:~/letsencrypt.tar . +elif [ "${action}" = "put" ]; then + # Expand letsencrypt.tar to /etc/letsencrypt/ on server. + scp letsencrypt.tar plom@${server}:~/ + ssh -t plom@${server} 'su -c "rmdir /etc/letsencrypt && mv letsencrypt.tar /etc/ && cd /etc/ && tar xf letsencrypt.tar && rm letsencrypt.tar"' +else + echo "Action must be 'get', or 'put'." + false +fi