2 # Certify current server with LetsEncrypt.
3 # Uses hostname -f for the domain we want to certify.
6 # Ensure we have a mail address as argument.
8 echo "Need mail address as argument."
13 # We need certbot to get LetsEncrypt certificates.
14 apt install -y certbot
16 # If port 80 blocked by iptables, open it.
18 iptables -C INPUT -p tcp --dport 80 -j ACCEPT
21 if [ "${open_iptables}" -eq "1" ]; then
22 iptables -A INPUT -p tcp --dport 80 -j ACCEPT
25 # Create new certificate and copy it to /etc/letsencrypt.
26 certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)"
28 # Remove iptables rule to open port 80 if we added it.
29 if [ "${open_iptables}" -eq "1" ]; then
30 iptables -D INPUT -p tcp --dport 80 -j ACCEPT