51 lines
		
	
	
		
			974 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			51 lines
		
	
	
		
			974 B
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #!/usr/bin/env bash
 | |
| set -ex
 | |
| 
 | |
| [[ $(uname) = Linux ]] || exit 1
 | |
| [[ $USER = root ]] || exit 1
 | |
| 
 | |
| apt install -y certbot
 | |
| 
 | |
| cat > /certbot-restore.sh <<'EOF'
 | |
| #!/usr/bin/env bash
 | |
| set -e
 | |
| 
 | |
| domain=$1
 | |
| email=$2
 | |
| 
 | |
| if [[ $USER != root ]]; then
 | |
|   echo "Run as root"
 | |
|   exit 1
 | |
| fi
 | |
| 
 | |
| if [[ -f /.cert.pem ]]; then
 | |
|   echo "Certificate already initialized"
 | |
|   exit 0
 | |
| fi
 | |
| 
 | |
| set -x
 | |
| if [[ -r letsencrypt.tgz ]]; then
 | |
|   tar -C / -zxf letsencrypt.tgz
 | |
| fi
 | |
| 
 | |
| cd /
 | |
| rm -f letsencrypt.tgz
 | |
| 
 | |
| maybeDryRun=
 | |
| # Uncomment during testing to avoid hitting LetsEncrypt API limits while iterating
 | |
| #maybeDryRun="--dry-run"
 | |
| 
 | |
| certbot certonly --standalone -d "$domain" --email "$email" --agree-tos -n $maybeDryRun
 | |
| 
 | |
| tar zcf letsencrypt.tgz /etc/letsencrypt
 | |
| ls -l letsencrypt.tgz
 | |
| 
 | |
| # Copy certificates to / for easy access without knowing the value of "$domain"
 | |
| rm -f /.key.pem /.cert.pem
 | |
| cp /etc/letsencrypt/live/$domain/privkey.pem /.key.pem
 | |
| cp /etc/letsencrypt/live/$domain/cert.pem /.cert.pem
 | |
| 
 | |
| EOF
 | |
| 
 | |
| chmod +x /certbot-restore.sh
 |