NextIT
Verified User
I know that Lets Encrypt integration is an upcoming official feature, but I wanted to implement something in the mean time. For those of you who also can't wait I wrote a small shell script which allows a root user to enable Lets encrypt for a specific user or for all users at once. I run this script every night to ensure SSL certificates are created for new domains and SSL certificates that are going to expire are renewed automatically.
Before you can get started, you need to install the letsencrypt software. I have installed it in
Use at your own risk! You possibly need to modify the script for your exact configuration. Test it in a testing environment first!
Before you can get started, you need to install the letsencrypt software. I have installed it in
Code:
/opt/letsencrypt/letsencrypt-auto
Use at your own risk! You possibly need to modify the script for your exact configuration. Test it in a testing environment first!
Code:
#!/bin/bash
if [ -z "$1" ]
then
echo "Usage $0 username | all"
exit 1
fi
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root"
exit 1
fi
if [ "$1" = "all" ]
then
USERLIST=$(ls /usr/local/directadmin/data/users/)
else
USERLIST=$1
fi
#Enumerate all users
for user in $USERLIST
#Enumerate all domains for each user
do
for domain in $(cat /usr/local/directadmin/data/users/$user/domains.list)
do
echo "Generating cert for $domain..."
#Prepare letsencrypt command line
CNLIST="-d $domain -d www.$domain"
#Also include pointers if applicable
if [ -e "/usr/local/directadmin/data/users/$user/domains/$domain.pointers" ]
then
for pointer in $(cat /usr/local/directadmin/data/users/$user/domains/$domain.pointers | cut -d'=' -f1)
do CNLIST="$CNLIST -d $pointer -d www.$pointer"
done
fi
#Call letsencrypt
/opt/letsencrypt/letsencrypt-auto certonly --expand --keep-until-expiring --agree-tos --webroot -w /home/$user/domains/$domain/public_html $CNLIST
if [ $? -eq 0 ]
then
#Update domain Directadmin configuration
echo "Activating SSL for $domain."
SUCCESS="$SUCCESS\n$domain"
CONF=/usr/local/directadmin/data/users/$user/domains/$domain.conf
sed -i 's/^ssl=.*/ssl=ON/' $CONF
grep -q '^SSLCACertificateFile' $CONF && sed -i "s/^SSLCACertificateFile.*/SSLCACertificateFile=\/etc\/letsencrypt\/live\/$domain\/chain.pem/" $CONF || echo "SSLCACertificateFile=/etc/letsencrypt/live/$domain/chain.pem" >> $CONF
grep -q '^SSLCertificateFile' $CONF && sed -i "s/^SSLCertificateFile.*/SSLCertificateFile=\/etc\/letsencrypt\/live\/$domain\/cert.pem/" $CONF || echo "SSLCertificateFile=/etc/letsencrypt/live/$domain/cert.pem" >> $CONF
grep -q '^SSLCertificateKeyFile' $CONF && sed -i "s/^SSLCertificateKeyFile.*/SSLCertificateKeyFile=\/etc\/letsencrypt\/live\/$domain\/privkey.pem/" $CONF || echo "SSLCertificateKeyFile=/etc/letsencrypt/live/$domain/privkey.pem" >> $CONF
fi
done
done
#Rewrite httpd config
echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
echo -e "Successfully activated/renewed SSL cert for:\n$SUCCESS"