Skip to content

Instantly share code, notes, and snippets.

@jrotello

jrotello/README.md

Last active January 5, 2021 13:07
Show Gist options
  • Save jrotello/51542b817290c6f9a376f5986bcb41b7 to your computer and use it in GitHub Desktop.
Save jrotello/51542b817290c6f9a376f5986bcb41b7 to your computer and use it in GitHub Desktop.
Download ZIP
Scripts for automating a Let's Encrypt certificate on a Ubiquiti CloudKey
Raw
deploy-letsencrypt-cert.sh
#!/bin/bash
# export var so that the dehdrated script can find it
export CONTACT_EMAIL=$LE_EMAIL
DEHYDRATED_ROOT="/root/dehydrated"
DEHYDRATED_CERTS="${DEHYDRATED_ROOT}/certs/${LE_DOMAIN}"
cd $DEHYDRATED_ROOT
echo "Requesting certificate from Let's Encrypt..."
./dehydrated -c --register --accept-terms --domain "$LE_DOMAIN" --challenge "dns-01" --hook "${DEHYDRATED_ROOT}/hooks/cloudflare/hook.py"
echo "Stopping services (nginx, unifi)..."
service nginx stop
service unifi stop
echo "Configuring TLS (unifi)..."
echo -e "\t* Create temporary PKCS12..."
openssl pkcs12 \
-export \
-inkey $DEHYDRATED_CERTS/privkey.pem \
-in $DEHYDRATED_CERTS/fullchain.pem \
-out /etc/ssl/private/cert.p12 \
-name ubnt -password pass:temppass
echo -e "\t* Loading PKCS12 into the java keystore"
keytool \
-importkeystore \
-deststorepass aircontrolenterprise \
-destkeypass aircontrolenterprise \
-destkeystore /etc/ssl/private/unifi.keystore.jks \
-srckeystore /etc/ssl/private/cert.p12 \
-srcstoretype PKCS12 \
-srcstorepass temppass \
-alias ubnt \
-noprompt
echo -e "\t* Removing temporary PKCS12..."
rm /etc/ssl/private/cert.p12
echo "Configuring TLS (Nginx)..."
cd /etc/ssl/private
cp $DEHYDRATED_CERTS/fullchain.pem ./cloudkey.crt
cp $DEHYDRATED_CERTS/privkey.pem ./cloudkey.key
tar -cf cert.tar cloudkey.crt cloudkey.key unifi.keystore.jks
echo "Starting services (unifi, nginx)..."
service unifi start
service nginx start
cd ~
echo "Done!"
Raw
install-letsencrypt.sh
#!/bin/bash
echo "Setting up Let's Encrypt..."
echo -e "\t* Installing packages (git, python3, python3-pip, nano)..."
apt update && apt -y install git python3 python3-pip nano
echo -e "\t* Creating symlink for python->python3..."
ln -sf /usr/bin/python3 /usr/bin/python
cd /root
if [ ! -d ./dehydrated/ ]
then
echo -e "\t* Cloning 'dehydrated' from GitHub..."
git clone https://github.com/lukas2511/dehydrated.git
fi
cd dehydrated/
if [ ! -f ./deploy-letsencrypt-cert.sh ]
then
echo -e "\t* Downloading certificate deployment script..."
wget -O deploy-letsencrypt-cert.sh https://gist.github.com/jrotello/51542b817290c6f9a376f5986bcb41b7/raw/deploy-letsencrypt-cert.sh
else
echo -e "\t* Certificate deployment script already exists....skipping download"
fi
echo -e "\t* Ensuring certificate deployment script is executable..."
chmod +x deploy-letsencrypt-cert.sh
if [ ! -d ./hooks/cloudflare/ ]
then
echo -e "\t* Cloning Cloudflare hook script..."
git clone https://github.com/kappataumu/letsencrypt-cloudflare-hook.git hooks/cloudflare
else
echo "Cloudflare hook already exists....skipping"
fi
echo -e "\t* Installing python requirements for Cloudflare hook..."
python -m pip install -r hooks/cloudflare/requirements.txt
#echo -e "\t* Configuring cron job to run the certificate deployment script daily..."
# TODO: Create/update cron job
echo -e "*************************************************************"
echo -e "*************************************************************"
echo -e "ACTION REQUIRED:"
echo -e "\tThe following environment variables should be exported"
echo -e "\tfor use in your session. '~/.bashrc' is a good place"
echo -e "\tto export these values"
echo -e "\n"
echo -e "LE_DOMAIN - Let's Encrypt domain to request certificate for"
echo -e "LE_EMAIL - Let's Encrypt email to use for registration"
echo -e "CF_KEY - Cloudflare API key"
echo -e "CF_EMAIL - Cloudflare account email address"
echo -e "*************************************************************"
echo -e "*************************************************************"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment