os1ma · July 3, 2019 14:07
diff --git a/setup_lightsail_wordpress_letsencrypt.sh b/setup_lightsail_wordpress_letsencrypt.sh
 #!/bin/bash
 #
 # Lightsail WordPress の Let's Encrypt による SSL 化スクリプト
 #
 # 第 1 引数: ドメイン
 # 第 2 引数: メールアドレス
 #
 # 使用例) ./setup_lightsail_wordpress_letsencrypt.sh example.com [email protected]
 #

 set -o errexit
 set -o nounset
 set -o pipefail
 set -o xtrace

 readonly DOMAIN_NAME="$1"
 readonly EMAIL="$2"

 readonly SCRIPT_DIR="$(cd "$(dirname "$0")"; pwd)"

 #
 # パッケージロックファイルを削除
 #
 delete_package_lock_files() {
  local package_lock_files=(
    '/var/lib/apt/lists/lock'
    '/var/cache/apt/archives/lock'
    '/var/lib/dpkg/lock'
    '/var/lib/dpkg/lock-frontend'
  )

  for lock_file in "${package_lock_files[@]}"; do
    if [[ -e "${lock_file}" ]]; then
      sudo rm "${lock_file}"
    fi
  done
  sudo dpkg --configure -a
 }

 #
 # Let's Encrypt で SSL 証明書をセットアップ
 #
 setup_cert_with_letsencrypt() {
  local letsencrypt_home="${SCRIPT_DIR}/letsencrypt"

  if [[ ! -e "${letsencrypt_home}" ]]; then
    git clone https://github.com/letsencrypt/letsencrypt
  fi

  "${letsencrypt_home}/letsencrypt-auto" certonly \
    --webroot \
    -w /opt/bitnami/apps/wordpress/htdocs/ \
    -d "${DOMAIN_NAME}" \
    -m "${EMAIL}" \
    --agree-tos \
    --non-interactive
  
  sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" /opt/bitnami/apache2/conf/server.crt
  sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" /opt/bitnami/apache2/conf/server.key

  sudo /opt/bitnami/ctlscript.sh restart apache
 }

 #
 # 証明書更新用スクリプトを作成し、cron で毎週日曜日の朝4時に実行されるよう設定
 #
 set_cert_update_cron() {
  local cert_update_script_dir="${HOME}/bin"
  local cert_update_script="${cert_update_script_dir}/update_cert.sh"

  mkdir -p "${cert_update_script_dir}"

  cat << EOT > "${cert_update_script}"
 #!/bin/bash

 # --force-renewal をつけていないため、期限まで30日以内の場合に更新される
 sudo /home/bitnami/letsencrypt/certbot-auto renew
 sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /opt/bitnami/apache2/conf/server.crt
 sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /opt/bitnami/apache2/conf/server.key
 sudo /opt/bitnami/ctlscript.sh restart apache
 EOT

  chmod +x "${cert_update_script}"
  echo "0 4 * * 0 ${cert_update_script}" | crontab
 }

 #
 # Really Simple SSL プラグインのインストール
 #
 install_ssl_plugin() {
  local wp_config="${HOME}/apps/wordpress/htdocs/wp-config.php"

  chmod g+w "${wp_config}"
  wp plugin install really-simple-ssl
  wp plugin activate really-simple-ssl
 }

 #
 # Main
 #
 main() {
  delete_package_lock_files

  setup_cert_with_letsencrypt

  set_cert_update_cron

  install_ssl_plugin
 }

 main "$@"
	#!/bin/bash
	#
	# Lightsail WordPress の Let's Encrypt による SSL 化スクリプト
	#
	# 第 1 引数: ドメイン
	# 第 2 引数: メールアドレス
	#
	# 使用例) ./setup_lightsail_wordpress_letsencrypt.sh example.com [email protected]
	#

	set -o errexit
	set -o nounset
	set -o pipefail
	set -o xtrace

	readonly DOMAIN_NAME="$1"
	readonly EMAIL="$2"

	readonly SCRIPT_DIR="$(cd "$(dirname "$0")"; pwd)"

	#
	# パッケージロックファイルを削除
	#
	delete_package_lock_files() {
	local package_lock_files=(
	'/var/lib/apt/lists/lock'
	'/var/cache/apt/archives/lock'
	'/var/lib/dpkg/lock'
	'/var/lib/dpkg/lock-frontend'
	)

	for lock_file in "${package_lock_files[@]}"; do
	if [[ -e "${lock_file}" ]]; then
	sudo rm "${lock_file}"
	fi
	done
	sudo dpkg --configure -a
	}

	#
	# Let's Encrypt で SSL 証明書をセットアップ
	#
	setup_cert_with_letsencrypt() {
	local letsencrypt_home="${SCRIPT_DIR}/letsencrypt"

	if [[ ! -e "${letsencrypt_home}" ]]; then
	git clone https://github.com/letsencrypt/letsencrypt
	fi

	"${letsencrypt_home}/letsencrypt-auto" certonly \
	--webroot \
	-w /opt/bitnami/apps/wordpress/htdocs/ \
	-d "${DOMAIN_NAME}" \
	-m "${EMAIL}" \
	--agree-tos \
	--non-interactive

	sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem" /opt/bitnami/apache2/conf/server.crt
	sudo cp "/etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem" /opt/bitnami/apache2/conf/server.key

	sudo /opt/bitnami/ctlscript.sh restart apache
	}

	#
	# 証明書更新用スクリプトを作成し、cron で毎週日曜日の朝4時に実行されるよう設定
	#
	set_cert_update_cron() {
	local cert_update_script_dir="${HOME}/bin"
	local cert_update_script="${cert_update_script_dir}/update_cert.sh"

	mkdir -p "${cert_update_script_dir}"

	cat << EOT > "${cert_update_script}"
	#!/bin/bash

	# --force-renewal をつけていないため、期限まで30日以内の場合に更新される
	sudo /home/bitnami/letsencrypt/certbot-auto renew
	sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem /opt/bitnami/apache2/conf/server.crt
	sudo cp /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem /opt/bitnami/apache2/conf/server.key
	sudo /opt/bitnami/ctlscript.sh restart apache
	EOT

	chmod +x "${cert_update_script}"
	echo "0 4 * * 0 ${cert_update_script}" \| crontab
	}

	#
	# Really Simple SSL プラグインのインストール
	#
	install_ssl_plugin() {
	local wp_config="${HOME}/apps/wordpress/htdocs/wp-config.php"

	chmod g+w "${wp_config}"
	wp plugin install really-simple-ssl
	wp plugin activate really-simple-ssl
	}

	#
	# Main
	#
	main() {
	delete_package_lock_files

	setup_cert_with_letsencrypt

	set_cert_update_cron

	install_ssl_plugin
	}

	main "$@"