admin: deb/apache-letsencrypt.bash@b524ac24e926 (annotated)

28 47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	1	#!/bin/bash
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	2
35 b524ac24e926 Avoid warning about existing dir. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 34 diff changeset	3	mkdir -p /srv/www/letsencrypt
28 47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	4
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	5	# service apache2 stop
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	6	# --standalone
33 7b602d7f98cd Added commend about alias. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 31 diff changeset	7
7b602d7f98cd Added commend about alias. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 31 diff changeset	8	# Command requires Apache or Lighttpd running and aliasing (no need to stop Apache!):
7b602d7f98cd Added commend about alias. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 31 diff changeset	9	# Alias "/.well-known/acme-challenge/" "/srv/www/letsencrypt/.well-known/acme-challenge/"
29 74c62c0d1f64 apache user is no longer used on Debian. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 28 diff changeset	10	certbot certonly --webroot \
28 47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	11	--agree-tos --non-interactive \
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	12	-m gavenkoa@gmail.com \
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	13	-w /srv/www/letsencrypt \
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	14	--cert-name defun.work \
31 461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	15	-d defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	16	-d 2048.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	17	-d blog.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	18	-d cooking.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	19	-d gadict.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	20	-d hg.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	21	-d resume.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	22	-d stat.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	23	-d test.defun.work \
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	24	-d tips.defun.work
461eed8e7463 Activating Let's Encrypt webroot renewal for all my sites. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 29 diff changeset	25
28 47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	26	# service apache2 start
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	27
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	28	# https://wiki.debian.org/LetsEncrypt
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	29	# python3-certbot-apache - Apache plugin for Certbot
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	30
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	31	# systemctl reload apache2
47f47ba80e8d Let's Encrypt webroot renewal method. Oleksandr Gavenko <gavenkoa@gmail.com> parents: diff changeset	32	# sudo certbot --apache --agree-tos --redirect -m youremail@email.com -d domainname.com -d www.domainname.com
34 68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	33
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	34	cat >/srv/www/letsencrypt/apache-ssl-options.conf <<EOF
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	35	SSLEngine on
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	36	SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	37	SSLOptions +StrictRequire
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	38
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	39	# Add vhost name to log entries:
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	40	LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	41	LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	42	EOF
68975e7d5237 Recreate Apache settings for Lets Encrypt SSL. Oleksandr Gavenko <gavenkoa@gmail.com> parents: 33 diff changeset	43

author	Oleksandr Gavenko <gavenkoa@gmail.com>
	Thu, 02 May 2024 15:50:52 +0300
changeset 35	b524ac24e926
parent 34	68975e7d5237
child 36	dc0a281349d1
permissions	-rw-r--r--