update: please see my setup for let's encrypt on uberspace (update)
perhaps you followed the instructions in my post let's encrypt on uberspace to set up let's encrypt for your own domains. a few days ago i noticed, that a list of all dns-names is included in the certificate, which is not what i want. this post is about, what i did then.
i created a script for my two uberspace accounts and all their domains. it will:
- create an own certificate for each domain name
- create a script, to add a new domain to my existing setup
- automatically renew all my certificates once a month
and this is my script uberspace-letsencrypt-wizard.sh
:
#!/bin/bash
# (c) 2016 • https://nerd.one • Florian Knapp
echo ""
echo "This script will guide you through the installation process of Let's Encrypt certificates for your Uberspace."
echo "Press [ENTER] to continue, or [CTRL]-[C] to exit."
read
### Prepare Uberspace for Let's Encrypt
if [ -d $HOME/.config/letsencrypt ];
then
echo "[1/4] Found existing Let's Encrypt config folder ($HOME/.config/letsencrypt)"
else
echo "[1/4] Preparing your Uberspace for Let's Encrypt"
uberspace-letsencrypt
fi
sleep 2
echo ""
echo "[2/4] Creating scripts for obtaining and renewing certificates."
### Creating ~/bin directory if it does not already exist
if [ -d $HOME/bin ];
then
sleep 1
else
mkdir $HOME/bin
sleep 1
fi
### Create script to manually add domains for Let's Encrypt
if [ -e $HOME/bin/letsencrypt-add-domain.sh ];
then
rm $HOME/bin/letsencrypt-add-domain.sh
fi
cat <<__EOF__ >> $HOME/bin/letsencrypt-add-domain.sh
#!/bin/bash
echo ""
echo "Type you domain name (like example.com or subdomain.example.com), followed by [ENTER]:"
read DOMAIN
echo ""
echo "Obtaining certificates for \$DOMAIN"
letsencrypt certonly -d \$DOMAIN
echo ""
echo "Preparing certifictes"
echo ""
uberspace-prepare-certificate -k \$HOME/.config/letsencrypt/live/\$DOMAIN/privkey.pem -c \$HOME/.config/letsencrypt/live/\$DOMAIN/cert.pem
echo ""
echo "done."
__EOF__
chmod +x $HOME/bin/letsencrypt-add-domain.sh
### Create script to renew certificates
if [ -e $HOME/bin/letsencrypt-renew-certs.sh ];
then
rm $HOME/bin/letsencrypt-renew-certs.sh
fi
cat <<__EOF__ >> $HOME/bin/letsencrypt-renew-certs.sh
#!/bin/bash
# renew certificates
/usr/local/bin/letsencrypt-renewer --config-dir \$HOME/.config/letsencrypt --logs-dir \$HOME/.config/letsencrypt/logs --work-dir \$HOME/tmp/
# prepare certificates
( if [ -d \$HOME/.config/letsencrypt/live ]; then find \$HOME/.config/letsencrypt/live/ -mindepth 1 -maxdepth 1 -print0 ; fi )| while read -d $'\0' -r DIR ;
do
DOMAIN=\${DIR#*".config/letsencrypt/live/"}
/usr/local/bin/uberspace-prepare-certificate -k \$HOME/.config/letsencrypt/live/\$DOMAIN/privkey.pem -c \$HOME/.config/letsencrypt/live/\$DOMAIN/cert.pem
done
__EOF__
chmod +x $HOME/bin/letsencrypt-renew-certs.sh
echo "Done creating scripts."
sleep 2
### Ask user to add domains
echo ""
echo "[3/4] Add domain"
sleep 1
sh $HOME/bin/letsencrypt-add-domain.sh
sleep 1
echo "[4/4] Please enter 'crontab -e' and insert this line:"
echo "0 4 10 */2 * ~/bin/letsencrypt-renew-certs.sh"
echo ""
echo "You can add more domains by running: $PWD/letsencrypt-add-domain.sh"