Browse Source

Initial import

Brielle Bruns 2 years ago
commit
3ee49ef3f3
6 changed files with 150 additions and 0 deletions
  1. 20
    0
      DSTROOTCAX3.txt
  2. 0
    0
      README.md
  3. 11
    0
      apache-le-alias.conf
  4. 12
    0
      apache-le-proxy.conf
  5. 68
    0
      gen-cert.sh
  6. 39
    0
      gen-unifi-cert.sh

+ 20
- 0
DSTROOTCAX3.txt View File

@@ -0,0 +1,20 @@
1
+-----BEGIN CERTIFICATE-----
2
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
3
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
4
+DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
5
+PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
6
+Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
7
+AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
8
+rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
9
+OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
10
+xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
11
+7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
12
+aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
13
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
14
+SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
15
+ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
16
+AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
17
+R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
18
+JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
19
+Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
20
+-----END CERTIFICATE-----

+ 0
- 0
README.md View File


+ 11
- 0
apache-le-alias.conf View File

@@ -0,0 +1,11 @@
1
+<IfModule alias_module>
2
+	Alias /.well-known/acme-challenge "/var/www/letsencrypt-root/.well-known/acme-challenge"
3
+
4
+	<Directory "/var/www/letsencrypt-root/.well-known/acme-challenge">
5
+		Options FollowSymlinks
6
+		AllowOverride None
7
+		Order allow,deny
8
+		Allow from all
9
+		#Require all granted
10
+	</Directory>
11
+</IfModule>

+ 12
- 0
apache-le-proxy.conf View File

@@ -0,0 +1,12 @@
1
+# Proxy method of letsencrypt auth
2
+# a2enmod proxy proxy_http
3
+<IfModule mod_proxy.c>
4
+	ProxyPass "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/" retry=1
5
+	ProxyPassReverse "/.well-known/acme-challenge/" "http://127.0.0.1:9999/.well-known/acme-challenge/"
6
+         ProxyPreserveHost On
7
+	<Location "/.well-known/acme-challenge/">
8
+          Order allow,deny
9
+          Allow from all
10
+          #Require all granted
11
+	</Location>
12
+</IfModule>

+ 68
- 0
gen-cert.sh View File

@@ -0,0 +1,68 @@
1
+#!/bin/bash
2
+# Easy letsencrypt certs using a bash script.
3
+# v1.2 - 12/13/2015
4
+# By Brielle Bruns <bruns@2mbit.com>
5
+# http://www.sosdg.org
6
+
7
+
8
+# Use like:  gen-cert.sh -d domain1.com -d domain2.com
9
+#
10
+# There are three options for authentication:
11
+#
12
+# 1) Webroot (normal)
13
+#	Specify -r flag with -d and -e flags.
14
+#	gen-cert.sh -d domain1.com -r /var/www/domain1.com
15
+#
16
+# 2) Webroot (alias)
17
+#	Same as #1, but also include an alias directive in apache like in:
18
+#	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-alias.conf
19
+#	And:
20
+#	mkdir -p /var/www/letsencrypt-root/.well-known/acme-challenge
21
+#	gen-cert.sh -d domain1.com -d domain2.com -r /var/www/letsencrypt-root/.well-known/acme-challenge
22
+#
23
+# 3) Proxy auth
24
+#	This auth method uses the standalone authenticator with a mod_proxy
25
+# 	http://users.sosdg.org/~bruns/lets-encrypt/apache-le-proxy.conf
26
+#	Original proxy idea from:
27
+#	http://evolvedigital.co.uk/how-to-get-letsencrypt-working-with-ispconfig-3/
28
+
29
+PROXYAUTH="--standalone --standalone-supported-challenges http-01 --http-01-port 9999"
30
+
31
+while getopts "d:r:e:" opt; do
32
+    case $opt in
33
+        d) domains+=("$OPTARG");;
34
+	r) webroot=("$OPTARG");;
35
+	e) email=("$OPTARG");;
36
+    esac
37
+done
38
+
39
+if [[ ! -z ${email} ]]; then
40
+	email="--email ${email}"
41
+else
42
+	email=""
43
+fi
44
+
45
+# Webroot auth method, activated with -r
46
+WEBAUTH="-a webroot --webroot-path ${webroot}"
47
+
48
+if [[ -z ${webroot} ]]; then
49
+	AUTH=${PROXYAUTH}
50
+else
51
+	AUTH=${WEBAUTH}
52
+fi
53
+
54
+shift $((OPTIND -1))
55
+for val in "${domains[@]}"; do
56
+        DOMAINS="${DOMAINS} -d ${val} "
57
+done
58
+
59
+
60
+
61
+cd /usr/src/letsencrypt
62
+./letsencrypt-auto ${email} \
63
+        --server https://acme-v01.api.letsencrypt.org/directory \
64
+        --agree-tos \
65
+        --renew-by-default \
66
+        ${AUTH} \
67
+        ${DOMAINS} \
68
+         certonly

+ 39
- 0
gen-unifi-cert.sh View File

@@ -0,0 +1,39 @@
1
+#!/usr/bin/env bash
2
+# Modified script from here: https://github.com/FarsetLabs/letsencrypt-helper-scripts/blob/master/letsencrypt-unifi.sh
3
+# Modified by: Brielle Bruns <bruns@2mbit.com>
4
+# Last Changed: 2/2/2016
5
+# Changed: Fixed some errors with key export/import, removed lame
6
+# docker requirements
7
+DOMAIN="unifi.xxxx.xxxxx"
8
+EMAIL="email@here"
9
+EXTRACERT="/root/DSTROOTCAX3.txt"
10
+TEMPFILE=$(mktemp)
11
+service unifi stop
12
+/usr/src/letsencrypt/letsencrypt-auto \
13
+	--email ${EMAIL} \
14
+	--server https://acme-v01.api.letsencrypt.org/directory \
15
+        --agree-tos \
16
+        --renew-by-default \
17
+        -d ${DOMAIN} \
18
+	--standalone --standalone-supported-challenges tls-sni-01 \
19
+         certonly
20
+openssl pkcs12 -export  -passout pass:aircontrolenterprise \
21
+    -in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
22
+    -inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
23
+    -out ${TEMPFILE} -name unifi \
24
+    -CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
25
+keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
26
+	-deststorepass aircontrolenterprise
27
+keytool -trustcacerts -importkeystore \
28
+    -deststorepass aircontrolenterprise \
29
+    -destkeypass aircontrolenterprise \
30
+    -destkeystore /usr/lib/unifi/data/keystore \
31
+    -srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
32
+    -srcstorepass aircontrolenterprise \
33
+    -alias unifi
34
+rm -f ${TEMPFILE}
35
+java -jar /usr/lib/unifi/lib/ace.jar import_cert \
36
+    /etc/letsencrypt/live/${DOMAIN}/cert.pem \
37
+    /etc/letsencrypt/live/${DOMAIN}/chain.pem \
38
+    ${EXTRACERT}
39
+service unifi start