X-Git-Url: https://plomlompom.com/repos/foo.html?a=blobdiff_plain;ds=inline;f=all_new_2018%2Fletsencrypt.sh;h=5fdf7036b5596c5267f653094826e2e6cb028357;hb=d69e799e8f4a684cb41c6f0168e16927d18e1484;hp=01f8a813c02f4b66ea675e9af7257e672737bce3;hpb=395d9b2fbde8811206b26fab39eee609c14f4fd1;p=config

diff --git a/all_new_2018/letsencrypt.sh b/all_new_2018/letsencrypt.sh
index 01f8a81..5fdf703 100755
--- a/all_new_2018/letsencrypt.sh
+++ b/all_new_2018/letsencrypt.sh
@@ -1,31 +1,29 @@
 #!/bin/sh
 set -e
 
-# Ensure we have a server name as argument.
-if [ ! $# -eq 2 ]; then
-    echo "Need server and action as argument."
+# Ensure we have a mail address as argument.
+if [ $# -lt 1 ]; then
+    echo "Need mail address as argument."
     false
 fi
-server="$1"
-action="$2"
+mail_address="$1"
 
-# So we only get asked once for decrypting our key.
-eval $(ssh-agent)
-ssh-add ~/.ssh/id_rsa
+# We need certbot to get LetsEncrypt certificates.
+apt install -y certbot
 
-if [ "${action}" = "set" ]; then
-    # Install certificate.
-    ssh -t plom@${server} "su -c 'apt -y install certbot && certbot certonly --standalone -d ${server}$'"
-elif [ "${action}" = "get" ]; then
-    # Get /etc/letsencrypt/ as tar file.
-    ssh -t plom@${server} 'su -c "cd /etc/ && tar cf letsencrypt.tar letsencrypt && chown plom:plom letsencrypt.tar && mv letsencrypt.tar /home/plom/"'
-    scp plom@${server}:~/letsencrypt.tar .
-elif [ "${action}" = "put" ]; then
-    # Expand letsencrypt.tar to /etc/letsencrypt/ on server.
-    scp letsencrypt.tar plom@${server}:~/
-    ssh -t plom@${server} 'su -c "rmdir /etc/letsencrypt && mv letsencrypt.tar /etc/ && cd /etc/ && tar xf letsencrypt.tar && rm letsencrypt.tar"'
-else
-    echo "Action must be 'set', 'get', or 'put'."
-    false
+# If port 80 blocked by iptables, open it.
+set +e
+iptables -C INPUT -p tcp --dport 80 -j ACCEPT
+open_iptables="$?"
+set -e
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -A INPUT -p tcp --dport 80 -j ACCEPT
 fi
 
+# Create new certificate and copy it to /etc/letsencrypt.
+certbot certonly --standalone --agree-tos -m "${mail_address}" -d "$(hostname -f)"
+
+# Remove iptables rule to open port 80 if we added it.
+if [ "${open_iptables}" -eq "1" ]; then
+    iptables -D INPUT -p tcp --dport 80 -j ACCEPT
+fi