Automated Let's Encrypt SSL installation script

In this short article, I will share an automated script, which will issue free SSL certificate from Let's Encrypt and place automated cronjob for automated renewal afterwards. Let's Encrypt is a free SSL provider, which is growing in popularity quite fast. Issuing an SSL is painless and takes just few minutes. This script will install the necessary tools such as git and python modules to your system and create a custom cronjob that will automatically renew the SSL certificate. Note that this script does not handle automatic web server configuration due to the nature of that topic. There are many web servers available as well as many configurations possible, which cannot be predicted. Still, this script can be useful to some of you.

You can download the script via the following direct link:

wget https://dzhorov.com/scripts/letsencrypt_automated.sh

and can be used simply by:

chmod +x letsencrypt_automated.sh
./letsencrypt_automated.sh

You can view the direct source here:

#!/bin/bash
############
#Copyright (C) 2017 Valentin Dzhorov
#This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. 
#This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
#You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
############

printf "This automated script will install git, download letsencrypt, 
issue SSL certificate on existing domain and set up automated cronjob. 
Please enter Y if you want to continue or N to cancel this action.\n"

yesno () {
        if [ "$VIRTUALMIN_NONINTERACTIVE" != "" ]; then
                return 1
        fi
        while read line; do
                case $line in
                        y|Y|Yes|YES|yes|yES|yEs|YeS|yeS) return 0
                        ;;
                        n|N|No|NO|no|nO) return 1
                        ;;
                        *)
                        printf "\nPlease enter y or n: "
                        ;;
                esac
        done
}
if [ -f /usr/bin/yum ]; then
installer=yum
elif [ -f /usr/bin/apt-get ]; then
installer=apt
fi

crontab=`which crontab 2>/dev/null`
if [ ! yesno ]
then
    printf "Canceled. The script will not continue.\n"
    exit
else 
    if [ `whoami` != 'root' ]
    then
        printf "You are required to rund this script as root. Not continuing\n"
        exit
    fi

    if [ "$installer" = 'yum' ]; then
    yum -y install git
    elif [ "$installer" = 'apt' ]; then
    apt-get install git -y
    fi

    cd /opt
    git clone https://github.com/certbot/certbot.git

    printf "Please input your domain name for which you wish to issue SSL: "
    read domain

    printf "Please input the domain name's root folder. (Example: /home/domain.com/public_html/): "
    read domain_root

    if [ ! -d $domain_root ]; then
        printf "Domain root folder does not exists. Not continuing\n"; exit
    fi

    if [ ! -f /etc/letsencrypt/live/$domain/cert.pem ]; then
    printf "Issuing the certificate...\n"
    /opt/certbot/letsencrypt-auto certonly --debug --webroot -w $domain_root -d $domain -d www.$domain
    fi

    if [ ! -f /etc/letsencrypt/live/$domain/cert.pem ]; then
        printf "The SSL was NOT issues for unknown reason. Please check that your domain name is resolvable or your www. part is working.\nCheck the letsencrypt debug log for more information. Not continuing.\n"; exit
    else
        printf "SSL Installed successfully! Continuing...\n"
    fi

    printf "Setting up cronjob...\n"

    if [ $crontab = '' ]; then
        printf "Crontab not installed. Please install crontab package according to your distribution and start again."; exit
    fi


    if [ -f /var/spool/cron/root ]; then
    echo "#automatic letsencrypt cron" >>/var/spool/cron/root
    echo "0 0 */30 * * /opt/certbot/letsencrypt-auto certonly --webroot -w $domain_root -d $domain -d www.$domain" >> /var/spool/cron/root
    elif [ -f /var/spool/cron/crontabs/root ]; then
    echo "#automatic letsencrypt cron" >> /var/spool/cron/crontabs/root
    echo "0 0 */30 * * /opt/certbot/letsencrypt-auto certonly --webroot -w $domain_root -d $domain -d www.$domain" >> /var/spool/cron/crontabs/root
    fi

    printf "Cronjob installed succesfully!
    Please configure your server to use the newly added certificate. 
    This script does not cover automatic web server configuration
    since there are many configuration options available.

    Your new certificates are located in the following directory:

    For Apache users:
    Certificate: /etc/letsencrypt/live/$domain/cert.pem
    Certificate Key: /etc/letsencrypt/live/$domain/privkey.pem
    Certificate Intermediate Chain: /etc/letsencrypt/live/$domain/chain.pem

    For NGinx users:
    Certificate + Intermediate chain: /etc/letsencrypt/live/$domain/fullchain.pem
    Certificate Key: /etc/letsencrypt/live/$domain/privkey.pem

    Enjoy!\n"

fi

Do not hesitate to leave any feedback to this!

Comments