hajowieland · April 4, 2020 23:44
diff --git a/openvpnas-letsencrypt.sh b/openvpnas-letsencrypt.sh
 apt-get install certbot  python3-pip
 pip3 install certbot-dns-route53

 # Request Cert
 /usr/local/openvpn_as/scripts/sacli ConfigQuery | grep -qe 'cs.cert'
 LESTATUS=$?
 if [ $LESTATUS -ne 0 ]
 then
  certbot certonly --non-interactive \
    --dns-route53 \
    --preferred-challenge dns \
    --no-eff-email \
    --agree-tos \
    --domains ${host}.${hosted_zone} \
    --email "${lemail}"
 fi

 # Config OpenVPN-AS witih LetsEncrypt cert
 if [ $LESTATUS -ne 0 ]
 then
  ./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/cert.pem" ConfigPut
  ./sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/chain.pem" ConfigPut
  ./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/privkey.pem" ConfigPut
 fi


 # Crontab entry for auto-renewal
 # Every day at 04:30
 crontab -l | { cat; echo 30 4 * * * letsencrypt renew >> /var/log/letsencrypt-renew.log"; } | crontab -
 cat << 'EOF' > /etc/letsencrypt/renewal-hooks/deploy/01-configput-openvpn-and-reload
 #!/usr/bin/env bash
 set -e
 /usr/local/openvpn_as/scripts/sacli --key \"cs.cert\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/cert.pem\" ConfigPut
 echo "/usr/local/openvpn_as/scripts/sacli --key \"cs.ca_bundle\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/chain.pem\" ConfigPut
 echo "/usr/local/openvpn_as/scripts/sacli --key \"cs.priv_key\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/privkey.pem\" ConfigPut
 echo "systemctl restart openvpnas
 EOF
	apt-get install certbot python3-pip
	pip3 install certbot-dns-route53

	# Request Cert
	/usr/local/openvpn_as/scripts/sacli ConfigQuery \| grep -qe 'cs.cert'
	LESTATUS=$?
	if [ $LESTATUS -ne 0 ]
	then
	certbot certonly --non-interactive \
	--dns-route53 \
	--preferred-challenge dns \
	--no-eff-email \
	--agree-tos \
	--domains ${host}.${hosted_zone} \
	--email "${lemail}"
	fi

	# Config OpenVPN-AS witih LetsEncrypt cert
	if [ $LESTATUS -ne 0 ]
	then
	./sacli --key "cs.cert" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/cert.pem" ConfigPut
	./sacli --key "cs.ca_bundle" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/chain.pem" ConfigPut
	./sacli --key "cs.priv_key" --value_file "/etc/letsencrypt/live/"${host}"."${hosted_zone}"/privkey.pem" ConfigPut
	fi


	# Crontab entry for auto-renewal
	# Every day at 04:30
	crontab -l \| { cat; echo 30 4 * * * letsencrypt renew >> /var/log/letsencrypt-renew.log"; } \| crontab -
	cat << 'EOF' > /etc/letsencrypt/renewal-hooks/deploy/01-configput-openvpn-and-reload
	#!/usr/bin/env bash
	set -e
	/usr/local/openvpn_as/scripts/sacli --key \"cs.cert\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/cert.pem\" ConfigPut
	echo "/usr/local/openvpn_as/scripts/sacli --key \"cs.ca_bundle\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/chain.pem\" ConfigPut
	echo "/usr/local/openvpn_as/scripts/sacli --key \"cs.priv_key\" --value_file \"/etc/letsencrypt/live/${host}.${hosted_zone}/privkey.pem\" ConfigPut
	echo "systemctl restart openvpnas
	EOF