commit
3ee49ef3f3
6 changed files with 150 additions and 0 deletions
@ -0,0 +1,20 @@
|
||||
-----BEGIN CERTIFICATE----- |
||||
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ |
||||
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT |
||||
DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow |
||||
PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD |
||||
Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB |
||||
AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O |
||||
rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq |
||||
OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b |
||||
xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw |
||||
7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD |
||||
aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV |
||||
HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG |
||||
SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 |
||||
ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr |
||||
AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz |
||||
R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 |
||||
JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo |
||||
Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ |
||||
-----END CERTIFICATE----- |
@ -0,0 +1,11 @@
|
||||
<IfModule alias_module> |
||||
Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge" |
||||
|
||||
<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge"> |
||||
Options FollowSymlinks |
||||
AllowOverride None |
||||
Order allow,deny |
||||
Allow from all |
||||
#Require all granted |
||||
</Directory> |
||||
</IfModule> |
@ -0,0 +1,12 @@
|
||||
# Proxy method of letsencrypt auth |
||||
# a2enmod proxy proxy_http |
||||
<IfModule mod_proxy.c> |
||||
ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1 |
||||
ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" |
||||
ProxyPreserveHost On |
||||
<Location "/.well-known/acme-challenge/"> |
||||
Order allow,deny |
||||
Allow from all |
||||
#Require all granted |
||||
</Location> |
||||
</IfModule> |
@ -0,0 +1,68 @@
|
||||
#!/bin/bash |
||||
# Easy letsencrypt certs using a bash script. |
||||
# v1.2 - 12/13/2015 |
||||
# By Brielle Bruns <bruns@2mbit.com> |
||||
# http://www.sosdg.org |
||||
|
||||
|
||||
# Use like: gen-cert.sh -d domain1.com -d domain2.com |
||||
# |
||||
# There are three options for authentication: |
||||
# |
||||
# 1) Webroot (normal) |
||||
# Specify -r flag with -d and -e flags. |
||||
# gen-cert.sh -d domain1.com -r /var/www/domain1.com |
||||
# |
||||
# 2) Webroot (alias) |
||||
# Same as #1, but also include an alias directive in apache like in: |
||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf |
||||
# And: |
||||
# mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge |
||||
# gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge |
||||
# |
||||
# 3) Proxy auth |
||||
# This auth method uses the standalone authenticator with a mod_proxy |
||||
# http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf |
||||
# Original proxy idea from: |
||||
# http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/ |
||||
|
||||
PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999" |
||||
|
||||
while getopts "d:r:e:" opt; do |
||||
case $opt in |
||||
d) domains+=("$OPTARG");; |
||||
r) webroot=("$OPTARG");; |
||||
e) email=("$OPTARG");; |
||||
esac |
||||
done |
||||
|
||||
if [[ ! -z ${email} ]]; then |
||||
email="--email ${email}" |
||||
else |
||||
email="" |
||||
fi |
||||
|
||||
# Webroot auth method, activated with -r |
||||
WEBAUTH="-a webroot --webroot-path ${webroot}" |
||||
|
||||
if [[ -z ${webroot} ]]; then |
||||
AUTH=${PROXYAUTH} |
||||
else |
||||
AUTH=${WEBAUTH} |
||||
fi |
||||
|
||||
shift $((OPTIND -1)) |
||||
for val in "${domains[@]}"; do |
||||
DOMAINS="${DOMAINS} -d ${val} " |
||||
done |
||||
|
||||
|
||||
|
||||
cd /usr/src/letsencrypt |
||||
./letsencrypt-auto ${email} \ |
||||
--server https://acme-v01.api.letsencrypt.org/directory \ |
||||
--agree-tos \ |
||||
--renew-by-default \ |
||||
${AUTH} \ |
||||
${DOMAINS} \ |
||||
certonly |
@ -0,0 +1,39 @@
|
||||
#!/usr/bin/env bash |
||||
# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh |
||||
# Modified by: Brielle Bruns <bruns@2mbit.com> |
||||
# Last Changed: 2/2/2016 |
||||
# Changed: Fixed some errors with key export/import, removed lame |
||||
# docker requirements |
||||
DOMAIN="unifi.xxxx.xxxxx" |
||||
EMAIL="email@here" |
||||
EXTRACERT="/root/DSTROOTCAX3.txt" |
||||
TEMPFILE=$(mktemp) |
||||
service unifi stop |
||||
/usr/src/letsencrypt/letsencrypt-auto \ |
||||
--email ${EMAIL} \ |
||||
--server https://acme-v01.api.letsencrypt.org/directory \ |
||||
--agree-tos \ |
||||
--renew-by-default \ |
||||
-d ${DOMAIN} \ |
||||
--standalone --standalone-supported-challenges tls-sni-01 \ |
||||
certonly |
||||
openssl pkcs12 -export -passout pass:aircontrolenterprise \ |
||||
-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \ |
||||
-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \ |
||||
-out ${TEMPFILE} -name unifi \ |
||||
-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root |
||||
keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \ |
||||
-deststorepass aircontrolenterprise |
||||
keytool -trustcacerts -importkeystore \ |
||||
-deststorepass aircontrolenterprise \ |
||||
-destkeypass aircontrolenterprise \ |
||||
-destkeystore /usr/lib/unifi/data/keystore \ |
||||
-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \ |
||||
-srcstorepass aircontrolenterprise \ |
||||
-alias unifi |
||||
rm -f ${TEMPFILE} |
||||
java -jar /usr/lib/unifi/lib/ace.jar import_cert \ |
||||
/etc/letsencrypt/live/${DOMAIN}/cert.pem \ |
||||
/etc/letsencrypt/live/${DOMAIN}/chain.pem \ |
||||
${EXTRACERT} |
||||
service unifi start |
Loading…
Reference in new issue