This is to enable Let's Encrypt on Device Hub

le-devhub.sh

#!/bin/sh
#
# It is written and tested for Ubuntu 16.04 on Binary Lane using a $4/month Linux VPS.
#
# It does the following:
# 1) Kills Nginx as DeviceHub does not start it as a service
# 2) Uses Certbot to request a Lets Encrypt Certificate
# 3) Modifies the Nginx config to disable HTTP access and reference the new certificates
# 4) Writes out an automatic renewal cron for Lets Encrypt (as the certs expire every 3 months)
#
# I recommend running it from /opt on your server. In my installation I called it 'le-devhub.sh'
# Run it with the following:
# bash /opt/le-devhub.sh
#
# Alternatively you can make it executable and run it without specifying bash, but this is a one
# time script, so it seems unnecessary.
#
# Built based on these resources below:
# https://gist.github.com/hisnameisjimmy/56f9414076ca39a79bfa07eefa89759e
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, 
# INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR 
# PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 
# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE 
# OR OTHER DEALINGS IN THE SOFTWARE.
# 

RED='\033[0;31m'
CYAN='\033[0;36m'
NC='\033[0m'

# Gathering variables to use for the rest of the script
echo -en "${CYAN}Enter your domain name [my.fqdn.com]: ${NC}"
read name
NAME="${name,,}"
echo -en "${CYAN}Enter your email address [[email protected]]: ${NC}"
read email
EMAIL="${email,,}"
echo "These parameters are used exclusively by LetsEncrypt to register your SSL certificate and provide notifications:"
echo "Domain: $NAME"
echo "E-Mail: $EMAIL"
read -p "$(echo -e ${CYAN}"Does this look OK?  [Y/N]: "${NC})" -n 1 REPLY
echo    # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    echo -e "${RED}Please re-run $0 and re-enter the params.${NC}"
    exit 1
fi

# Install relevant packages
echo -e "${CYAN}Updating and installing relevant packages${NC}"
apt-get update
echo y | apt-get upgrade
apt-get -f install
echo y | apt-get install software-properties-common
echo y | add-apt-repository universe
echo y | add-apt-repository ppa:certbot/certbot
apt-get update
echo y | apt-get install certbot

# Lets Encrypt certificate request, run it non-interactively (-n) so we don't have to agree to anything
echo -e "${CYAN}Requesting Certificate for $NAME${NC}"
pkill nginx
certbot -n certonly -d $NAME --standalone --agree-tos --preferred-challenges http-01 --email $EMAIL


echo -e "${CYAN}Disabling Device Hub HTTP due to Lets Encrypt conflicts and adding certificate to Device Hub for $NAME${NC}"
sed -i "/listen       80 default_server;/c\#   listen       80 default_server;" /clouddata/server/nginx/conf/vhosts/default.conf
sed -i "/ssl_certificate /c\        ssl_certificate /etc/letsencrypt/live/$NAME/fullchain.pem;" /clouddata/server/nginx/conf/vhosts/default.conf
sed -i "/ssl_certificate_key /c\    ssl_certificate_key /etc/letsencrypt/live/$NAME/privkey.pem;" /clouddata/server/nginx/conf/vhosts/default.conf

echo -e "${CYAN}Starting Device Hub server${NC}"
/clouddata/server/nginx/sbin/nginx -c /clouddata/server/nginx/conf/nginx.conf

# Automatic LE Certificate renewals - This creates a crontab for you
echo -e "${CYAN}Writing Crontab for LetsEncrypt renewals to /etc/cron.monthly/le-devicehub-renew${NC}"
echo -e "#!/bin/sh\n\
pkill nginx\n\
echo y | certbot renew --standalone --preferred-challenges http-01\n\
/clouddata/server/nginx/sbin/nginx -c /clouddata/server/nginx/conf/nginx.conf\n\
" > /etc/cron.monthly/le-devicehub-renew
chmod +x /etc/cron.monthly/le-devicehub-renew

echo -e "${CYAN}\n\n\n\nINSTALLATION COMPLETE! \n${NC}"
echo -e "${CYAN}If the bad gateway persists for longer than a couple minutes, try restarting the server${NC}"