/ uberspace

setup wizard for let's encrypt on uberspace

update: please see my setup for let's encrypt on uberspace (update)

perhaps you followed the instructions in my post let's encrypt on uberspace to set up let's encrypt for your own domains. a few days ago i noticed, that a list of all dns-names is included in the certificate, which is not what i want. this post is about, what i did then.


i created a script for my two uberspace accounts and all their domains. it will:

  • create an own certificate for each domain name
  • create a script, to add a new domain to my existing setup
  • automatically renew all my certificates once a month

and this is my script uberspace-letsencrypt-wizard.sh:

#!/bin/bash

# (c) 2016 • https://nerd.one • Florian Knapp

echo ""
echo "This script will guide you through the installation process of Let's Encrypt certificates for your Uberspace."
echo "Press [ENTER] to continue, or [CTRL]-[C] to exit."

read


### Prepare Uberspace for Let's Encrypt
if [ -d $HOME/.config/letsencrypt ];
then
	echo "[1/4] Found existing Let's Encrypt config folder ($HOME/.config/letsencrypt)"
else
	echo "[1/4] Preparing your Uberspace for Let's Encrypt"
	uberspace-letsencrypt
fi

sleep 2

echo ""
echo "[2/4] Creating scripts for obtaining and renewing certificates."


### Creating ~/bin directory if it does not already exist
if [ -d $HOME/bin ];
then
	sleep 1
else
	mkdir $HOME/bin
	sleep 1
fi


### Create script to manually add domains for Let's Encrypt
if [ -e $HOME/bin/letsencrypt-add-domain.sh ];
then
	rm $HOME/bin/letsencrypt-add-domain.sh
fi
cat <<__EOF__ >> $HOME/bin/letsencrypt-add-domain.sh
#!/bin/bash

echo ""
echo "Type you domain name (like example.com or subdomain.example.com), followed by [ENTER]:"

read DOMAIN

echo ""
echo "Obtaining certificates for \$DOMAIN"

letsencrypt certonly -d \$DOMAIN

echo ""
echo "Preparing certifictes"
echo ""

uberspace-prepare-certificate -k \$HOME/.config/letsencrypt/live/\$DOMAIN/privkey.pem -c \$HOME/.config/letsencrypt/live/\$DOMAIN/cert.pem

echo ""
echo "done."
__EOF__

chmod +x $HOME/bin/letsencrypt-add-domain.sh


### Create script to renew certificates
if [ -e $HOME/bin/letsencrypt-renew-certs.sh ];
then
		rm $HOME/bin/letsencrypt-renew-certs.sh
fi
cat <<__EOF__ >> $HOME/bin/letsencrypt-renew-certs.sh
#!/bin/bash

# renew certificates
/usr/local/bin/letsencrypt-renewer --config-dir \$HOME/.config/letsencrypt --logs-dir \$HOME/.config/letsencrypt/logs --work-dir \$HOME/tmp/

# prepare certificates
( if [ -d \$HOME/.config/letsencrypt/live ]; then find \$HOME/.config/letsencrypt/live/ -mindepth 1 -maxdepth 1 -print0 ; fi )| while read -d $'\0' -r DIR ;
do
	DOMAIN=\${DIR#*".config/letsencrypt/live/"}
	/usr/local/bin/uberspace-prepare-certificate -k \$HOME/.config/letsencrypt/live/\$DOMAIN/privkey.pem -c \$HOME/.config/letsencrypt/live/\$DOMAIN/cert.pem
done
__EOF__

chmod +x $HOME/bin/letsencrypt-renew-certs.sh

echo "Done creating scripts."


sleep 2


### Ask user to add domains
echo ""
echo "[3/4] Add domain"
sleep 1
sh $HOME/bin/letsencrypt-add-domain.sh


sleep 1


echo "[4/4] Please enter 'crontab -e' and insert this line:"
echo "0 4 10 */2 * ~/bin/letsencrypt-renew-certs.sh"
echo ""
echo "You can add more domains by running: $PWD/letsencrypt-add-domain.sh"
main picture by Zachary Staines, license