add get-ssl-certs.sh scripts

EFISS-Capstone-SU23 · Jul 15, 2023 · eff0b10 · eff0b10
1 parent be1bbf4
commit eff0b10
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 1 deletion.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,4 @@
 secret.yaml
-tls-cert.yaml
+tls-cert.yaml
+cloudflare-certbot.ini
+*.pem
diff --git a/scripts/get-ssl-certs.sh b/scripts/get-ssl-certs.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+set -x
+set -e
+
+if [ "$EUID" -ne 0 ]
+  then echo "Please run as root"
+  exit
+fi
+
+if [ ! -f ./cloudflare-certbot.ini ]; then
+    echo "Please create cloudflare-certbot.ini"
+    exit
+fi
+
+# check if certbot is installed
+if ! [ -x "$(command -v certbot)" ]; then
+    echo "Certbot is not installed. Installing..."
+    sudo apt install snapd -y
+    sudo snap install core; sudo snap refresh core
+    sudo snap install --classic certbot
+    sudo ln -s /snap/bin/certbot /usr/bin/certbot
+    sudo snap set certbot trust-plugin-with-root=ok
+    sudo snap install certbot-dns-cloudflare
+fi
+
+cat <<EOF > ./cloudflare-certbot.ini
+# Cloudflare API credentials used by Certbot
+dns_cloudflare_api_token = abcxyz
+EOF
+
+sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials \
+    ./cloudflare-certbot.ini -d '*.efiss.tech' -d 'efiss.tech'
+
+mkdir -p certs/
+sudo cp -L /etc/letsencrypt/live/efiss.tech/fullchain.pem certs/
+sudo cp -L /etc/letsencrypt/live/efiss.tech/privkey.pem certs/
+
+sudo chown -R $USER:$USER certs
+sudo chmod -R 755 certs