mirror of
https://github.com/zulip/zulip.git
synced 2025-11-10 17:07:07 +00:00
8b6b4e043f
While this doesn't quite complete our plans for certbot support (it's not documented, etc.), this is a great stride forward.
55 lines
1.3 KiB
Bash
Executable File
55 lines
1.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -e
|
|
|
|
usage() {
|
|
echo "Usage: $0 <domain name> <email>" >&2
|
|
exit 1
|
|
}
|
|
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "Error: This script must be run as root" >&2
|
|
exit 1
|
|
fi
|
|
|
|
args="$(getopt -o '' --long help,hostname:,email: -n "$0" -- "$@")"
|
|
eval "set -- $args"
|
|
while true; do
|
|
case "$1" in
|
|
--hostname)
|
|
DOMAIN="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
--email)
|
|
EMAIL="$2"
|
|
shift
|
|
shift
|
|
;;
|
|
--help)
|
|
show_help=1
|
|
shift
|
|
;;
|
|
--)
|
|
break
|
|
;;
|
|
esac
|
|
done
|
|
|
|
if [ -n "$show_help" ]; then
|
|
usage
|
|
fi
|
|
|
|
# For reference https://certbot.eff.org/all-instructions/#debian-other-nginx
|
|
# We download to /root as a reasonably safe place with only root having access
|
|
wget https://dl.eff.org/certbot-auto -O /root/certbot-auto
|
|
chmod a+x /root/certbot-auto
|
|
|
|
/root/certbot-auto --nginx certonly -d "$DOMAIN" -m "$EMAIL" --agree-tos --non-interactive
|
|
|
|
# Link the generated cert to the path read by Zulip
|
|
ln -nsf /etc/letsencrypt/live/"$DOMAIN"/privkey.pem /etc/ssl/private/zulip.key
|
|
ln -nsf /etc/letsencrypt/live/"$DOMAIN"/fullchain.pem /etc/ssl/certs/zulip.combined-chain.crt
|
|
|
|
echo "Certbot SSL certificate configuration succeeded."
|