Ark74 · January 10, 2018 10:39
diff --git a/posbox-ssl.sh b/posbox-ssl.sh
 #!/bin/bash
 # POSBOX SSL for ISPConfig DNS API
 # This is an early approach, it is NOT suitable for production, yet. ;)
 #
 # ToDo
 # Bypass RAM disk for apache2 configuration 
 # otherwise certs configuration is lost on reboot.
 # mount -o remount, rw /

 # ========== ACME.SH (Let's Encrypt) Installation ==========
 # Was tempted to include it on the base image, but new support or fixes
 # could be integrated on later releases.
 if [ -d /root/.acme.sh ]; then
 	echo "acme.sh already exist!"
 	echo "Do you want do force reinstall??: ( yes or no )"
 		while [[ $FORCEACME != yes && $FORCEACME != no ]]
 		do
 			read FORCEACME
 		if [ $FORCEACME == no ]; then
 			echo "Using existing acme.sh installation..."
 		elif [ $FORCEACME == yes ]; then
 			echo "Forcing reinstall!"
 			wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
 			unzip -o /root/acme.zip -d /root
 			cd /root
 			mv acme.sh-master acme.sh
 			rm acme.zip
 			cd acme.sh
 			./acme.sh --install
 		else
 			echo "Please check this, there is only a yes || no response."
 		fi
 		done
 	else
 	echo "Installing acme.sh..."
 	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
 	unzip /root/acme.zip -d /root
 	cd /root
 	mv acme.sh-master acme.sh
 	rm acme.zip
 	cd acme.sh
 	./acme.sh --install
 fi
 # ========== POSBOX SSL Cert adquisition - ISPConfig DNS API ========== #

 # **** Modify this values to your owns, see acme.sh documentation **** #
 export DNS_API=dns_ispconfig
 export ISPC_User="YOURUSER"
 export ISPC_Password="YOURPASSWORD"
 export ISPC_Api="https://domain.ltd:8080/remote/json.php"
 export ISPC_Api_Insecure=1

 export DOMAIN="your.domain.ltd"
 # ******************************************************************** #

 bash /root/.acme.sh/acme.sh --issue --dns $DNS_API -d $DOMAIN

 if [ -d /root/.acme.sh/$DOMAIN ]; then
 	echo "Everything seems to be in place."
 else
 	echo "Something went wrong. Please check. Exiting..."
 	exit
 fi

 # ========== Setup proxy Apache2 ==========

 export _IP=$(hostname -I) || true
 export KEY="/root/.acme.sh/$DOMAIN/${DOMAIN}.key"
 export CERT="/root/.acme.sh/$DOMAIN/fullchain.cer"
 export A2CONF="/etc/apache2/sites-available/000-default.conf"

 envsubst < $A2CONF | tee $A2CONF

 systemctl daemon-reload
 service apache2 restart

 # ========== DNS resolution ==========

 echo "
 address=/$DOMAIN/$_IP" | tee -a /etc/dnsmasq.conf
 service dnsmasq restart

 mount -o remount, ro /

 echo "##########################################################"
 echo "Finally put the POSBOX ip as the primary DNS server on"
 echo "your (wireless) router and you are good to go."
 echo "##########################################################"
	#!/bin/bash
	# POSBOX SSL for ISPConfig DNS API
	# This is an early approach, it is NOT suitable for production, yet. ;)
	#
	# ToDo
	# Bypass RAM disk for apache2 configuration
	# otherwise certs configuration is lost on reboot.
	# mount -o remount, rw /

	# ========== ACME.SH (Let's Encrypt) Installation ==========
	# Was tempted to include it on the base image, but new support or fixes
	# could be integrated on later releases.
	if [ -d /root/.acme.sh ]; then
	echo "acme.sh already exist!"
	echo "Do you want do force reinstall??: ( yes or no )"
	while [[ $FORCEACME != yes && $FORCEACME != no ]]
	do
	read FORCEACME
	if [ $FORCEACME == no ]; then
	echo "Using existing acme.sh installation..."
	elif [ $FORCEACME == yes ]; then
	echo "Forcing reinstall!"
	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
	unzip -o /root/acme.zip -d /root
	cd /root
	mv acme.sh-master acme.sh
	rm acme.zip
	cd acme.sh
	./acme.sh --install
	else
	echo "Please check this, there is only a yes \|\| no response."
	fi
	done
	else
	echo "Installing acme.sh..."
	wget https://github.com/Neilpang/acme.sh/archive/master.zip -O /root/acme.zip
	unzip /root/acme.zip -d /root
	cd /root
	mv acme.sh-master acme.sh
	rm acme.zip
	cd acme.sh
	./acme.sh --install
	fi
	# ========== POSBOX SSL Cert adquisition - ISPConfig DNS API ========== #

	# ** Modify this values to your owns, see acme.sh documentation ** #
	export DNS_API=dns_ispconfig
	export ISPC_User="YOURUSER"
	export ISPC_Password="YOURPASSWORD"
	export ISPC_Api="https://domain.ltd:8080/remote/json.php"
	export ISPC_Api_Insecure=1

	export DOMAIN="your.domain.ltd"
	# ******************************************************************** #

	bash /root/.acme.sh/acme.sh --issue --dns $DNS_API -d $DOMAIN

	if [ -d /root/.acme.sh/$DOMAIN ]; then
	echo "Everything seems to be in place."
	else
	echo "Something went wrong. Please check. Exiting..."
	exit
	fi

	# ========== Setup proxy Apache2 ==========

	export _IP=$(hostname -I) \|\| true
	export KEY="/root/.acme.sh/$DOMAIN/${DOMAIN}.key"
	export CERT="/root/.acme.sh/$DOMAIN/fullchain.cer"
	export A2CONF="/etc/apache2/sites-available/000-default.conf"

	envsubst < $A2CONF \| tee $A2CONF

	systemctl daemon-reload
	service apache2 restart

	# ========== DNS resolution ==========

	echo "
	address=/$DOMAIN/$_IP" \| tee -a /etc/dnsmasq.conf
	service dnsmasq restart

	mount -o remount, ro /

	echo "##########################################################"
	echo "Finally put the POSBOX ip as the primary DNS server on"
	echo "your (wireless) router and you are good to go."
	echo "##########################################################"