| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 |
- #!/usr/bin/env bash
- set -ex
- [[ $(uname) = Linux ]] || exit 1
- [[ $USER = root ]] || exit 1
- apt install -y certbot
- cat > /certbot-restore.sh <<'EOF'
- #!/usr/bin/env bash
- set -e
- domain=$1
- email=$2
- if [[ $USER != root ]]; then
- echo "Run as root"
- exit 1
- fi
- if [[ -f /.cert.pem ]]; then
- echo "Certificate already initialized"
- exit 0
- fi
- set -x
- if [[ -r letsencrypt.tgz ]]; then
- tar -C / -zxf letsencrypt.tgz
- fi
- cd /
- rm -f letsencrypt.tgz
- maybeDryRun=
- # Uncomment during testing to avoid hitting LetsEncrypt API limits while iterating
- #maybeDryRun="--dry-run"
- certbot certonly --standalone -d "$domain" --email "$email" --agree-tos -n $maybeDryRun
- tar zcf letsencrypt.tgz /etc/letsencrypt
- ls -l letsencrypt.tgz
- # Copy certificates to / for easy access without knowing the value of "$domain"
- rm -f /.key.pem /.cert.pem
- cp /etc/letsencrypt/live/$domain/privkey.pem /.key.pem
- cp /etc/letsencrypt/live/$domain/cert.pem /.cert.pem
- EOF
- chmod +x /certbot-restore.sh
|