Examples of Lets encrypt scripts for virtualmin generate and auto renew certificates

1 post / 0 new
#1 Sun, 01/03/2016 - 19:27
Chris sutu

Examples of Lets encrypt scripts for virtualmin generate and auto renew certificates

Hi all,

I worked on some scripts for virtualmin and let's encrypt.
http://en.sutublog.com/virtualmin-lets-encrypt-how-to-automate-script-it...

On A and B script (below) I use "dirty" way to recover some infos like username and path of virtualhost with API.
I think there are (really verry) better ways to do this.
If you think this little script helpfull I can publishit on github.
Maybe not necessary as virtualmin may support letsencrypt natively soon ?

Anyway, hope this can help, on my side I use it with success on many debian installations.
Be carrefull as there are limitation due to the beta
https://community.letsencrypt.org/t/quick-start-guide/1631

A) Script who activate ssl on a domain
Usage:
[code]/PathToLetsencrypt/letsencrypt/sslactivate.sh MYDOMAIN.TLD[/code]
This will
1) Activate ssl for MYDOMAIN.TLD
2) Generate a ssl certificate using lets encrypt
3) Install the certificate

[code]#!/bin/bash
LETSENCRYPT_DIRECTORY=">/PathToLetsencrypt/letsencrypt/"
CONFIG_PATH=">/PathToLetsencrypt/letsencrypt/cli.ini"
LETSENCRYPT_CERTS_PATH="/etc/letsencrypt/live/"

cd LETSENCRYPT_DIRECTORY

domain=$1
echo -e "\nDomain $domain : \n############################################"

#Enable SSL
echo -e "\nEnable SSL \n############################################"
virtualmin enable-feature --domain ${domain} --ssl

#Generate certificate
#####################
echo -e "\nGenerate certificate \n############################################"

#Grab domain infos
domaininfos=$(virtualmin list-domains --simple-multiline --domain ${domain})
#domain path, don't know a better way to find it
path=$(echo "${domaininfos}" | grep "HTML directory:" | cut -d' ' -f7)
#Username, don't know a better way to find it
username=$(echo "${domaininfos}" | grep "Username:" | cut -d' ' -f6)

#All domains with same username, alias only
#echo "virtualmin list-domains --alias --user ${username}" --name-only
aliases=$(virtualmin list-domains --alias --user "${username}" --name-only)
domains=${domain}
if [ "${aliases}" ]
then
echo -e "\nAliases : \n############################################"
for j in ${aliases}
do
domains="${domains} -d ${j}"
done
fi

#display command
echo "./letsencrypt-auto --config ${CONFIG_PATH} -d ${domains} --authenticator webroot --webroot-path ${path} auth";
#run command
result=$(./letsencrypt-auto --config ${CONFIG_PATH} -d ${domains} --authenticator webroot --webroot-path ${path} auth)
echo "${result}"

echo -e "\nApply certificate \n############################################"
#Install certificate
echo "virtualmin install-cert --domain ${domain} --cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem --key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem --ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem"
virtualmin install-cert --domain ${domain} --cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem --key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem --ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem
[/code]

B) A similar script install lets encrypt certificate on all virtualhost with SSL activated
You may use it for auto renew certificate too

[code]#!/bin/bash
LETSENCRYPT_DIRECTORY=">/PathToLetsencrypt/letsencrypt/"
CONFIG_PATH=">/PathToLetsencrypt/letsencrypt/cli.ini"
LETSENCRYPT_CERTS_PATH="/etc/letsencrypt/live/"

cd LETSENCRYPT_DIRECTORY

#We list all virtualservers with ssl and without SSL
for i in $( virtualmin list-domains --name-only --no-alias --with-feature ssl)
do
#domain name
domain=$i
echo -e "\nDomain $domain : \n############################################"

#Generate certificate
#####################
echo -e "\nGenerate certificate \n############################################"

#Grab domain infos
domaininfos=$(virtualmin list-domains --simple-multiline --domain ${domain})
#domain path, don't know a better way to find it
path=$(echo "${domaininfos}" | grep "HTML directory:" | cut -d' ' -f7)
#Username, don't know a better way to find it
username=$(echo "${domaininfos}" | grep "Username:" | cut -d' ' -f6)

#All domains with same username, alias only
#echo "virtualmin list-domains --alias --user ${username}" --name-only
aliases=$(virtualmin list-domains --alias --user "${username}" --name-only)
domains=${domain}
if [ "${aliases}" ]
then
echo -e "\nAliases : \n############################################"
for j in ${aliases}
do
domains="${domains} -d ${j}"
done
fi

#display command
echo "./letsencrypt-auto --config ${CONFIG_PATH} -d ${domains} --authenticator webroot --webroot-path ${path} auth";
#run command
result=$(./letsencrypt-auto --config ${CONFIG_PATH} -d ${domains} --authenticator webroot --webroot-path ${path} auth)
echo "${result}"

echo -e "\nApply certificate \n############################################"
#Install certificate
echo "virtualmin install-cert --domain ${domain} --cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem --key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem --ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem"
virtualmin install-cert --domain ${domain} --cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem --key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem --ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem[/code]

C) Another script for auto renew certificates listed
NOT on virtualmin, you may need to modify it with parts of prevous script
B+C can be do the job for some of us
http://en.sutublog.com/bash-script-auto-renew-letsencrypt-certificate/712