From 8d78b86e684290ee7296bf7b8d526db3148dbd10 Mon Sep 17 00:00:00 2001 From: Jakob Odersky Date: Tue, 26 Dec 2017 14:07:01 +0100 Subject: Clean up debian configuration files --- debian/README | 6 - debian/README.Debian | 6 - debian/README.source | 10 -- debian/control | 13 +- debian/copyright | 12 +- debian/manpage.1.ex | 56 ------- debian/manpage.sgml.ex | 154 ------------------ debian/manpage.xml.ex | 291 ----------------------------------- debian/menu.ex | 2 - debian/nginx-letsencrypt-docs.docs | 3 - debian/nginx-letsencrypt.cron.d.ex | 4 - debian/nginx-letsencrypt.default.ex | 10 -- debian/nginx-letsencrypt.doc-base.EX | 20 --- debian/nginx-letsencrypt.install | 2 +- debian/nginx-letsencrypt.manpage.1 | 56 +++++++ debian/nginx-letsencrypt.manpages | 1 + debian/postinst | 46 ++++++ debian/postinst.ex | 39 ----- debian/postrm.ex | 37 ----- debian/preinst.ex | 35 ----- debian/prerm.ex | 38 ----- issue-certs-nginx | 30 ---- nginx-letsencrypt | 30 ++++ 23 files changed, 143 insertions(+), 758 deletions(-) delete mode 100644 debian/README delete mode 100644 debian/README.Debian delete mode 100644 debian/README.source delete mode 100644 debian/manpage.1.ex delete mode 100644 debian/manpage.sgml.ex delete mode 100644 debian/manpage.xml.ex delete mode 100644 debian/menu.ex delete mode 100644 debian/nginx-letsencrypt-docs.docs delete mode 100644 debian/nginx-letsencrypt.cron.d.ex delete mode 100644 debian/nginx-letsencrypt.default.ex delete mode 100644 debian/nginx-letsencrypt.doc-base.EX create mode 100644 debian/nginx-letsencrypt.manpage.1 create mode 100644 debian/nginx-letsencrypt.manpages create mode 100644 debian/postinst delete mode 100644 debian/postinst.ex delete mode 100644 debian/postrm.ex delete mode 100644 debian/preinst.ex delete mode 100644 debian/prerm.ex delete mode 100755 issue-certs-nginx create mode 100755 nginx-letsencrypt diff --git a/debian/README b/debian/README deleted file mode 100644 index fe0b29d..0000000 --- a/debian/README +++ /dev/null @@ -1,6 +0,0 @@ -The Debian Package nginx-letsencrypt ----------------------------- - -Comments regarding the Package - - -- Jakob Odersky Tue, 26 Dec 2017 13:05:55 +0100 diff --git a/debian/README.Debian b/debian/README.Debian deleted file mode 100644 index fff5b43..0000000 --- a/debian/README.Debian +++ /dev/null @@ -1,6 +0,0 @@ -nginx-letsencrypt for Debian ---------------------------- - - - - -- Jakob Odersky Tue, 26 Dec 2017 13:05:55 +0100 diff --git a/debian/README.source b/debian/README.source deleted file mode 100644 index 621984d..0000000 --- a/debian/README.source +++ /dev/null @@ -1,10 +0,0 @@ -nginx-letsencrypt for Debian ---------------------------- - - - - - - -- Jakob Odersky Tue, 26 Dec 2017 13:05:55 +0100 - diff --git a/debian/control b/debian/control index 18cf817..d74c635 100644 --- a/debian/control +++ b/debian/control @@ -1,15 +1,14 @@ Source: nginx-letsencrypt -Section: unknown +Section: utils Priority: optional Maintainer: Jakob Odersky Build-Depends: debhelper (>= 9) -Standards-Version: 3.9.8 -Homepage: -#Vcs-Git: https://anonscm.debian.org/collab-maint/nginx-letsencrypt.git -#Vcs-Browser: https://anonscm.debian.org/cgit/collab-maint/nginx-letsencrypt.git +Standards-Version: 4.1.2 +Vcs-Git: https://github.com/jodersky/nginx-letsencrypt.git Package: nginx-letsencrypt Architecture: all Depends: ${misc:Depends} -Description: - +Description: Issue certificates by letsencrypt for nginx virtual hosts. + Simplify the process by which letsencrypt certificates are issued for virtual + hosts controlled by nginx. diff --git a/debian/copyright b/debian/copyright index c9c4962..84508dc 100644 --- a/debian/copyright +++ b/debian/copyright @@ -1,10 +1,9 @@ Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: nginx-letsencrypt -Source: +Source: https://github.com/jodersky/nginx-letsencrypt Files: * -Copyright: - +Copyright: 2017 Jakob Odersky License: GPL-3.0+ Files: debian/* @@ -26,9 +25,4 @@ License: GPL-3.0+ along with this program. If not, see . . On Debian systems, the complete text of the GNU General - Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". - -# Please also look if there are files or directories which have a -# different copyright/license attached and list them here. -# Please avoid picking licenses with terms that are more restrictive than the -# packaged work, as it may make Debian's contributions unacceptable upstream. + Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". \ No newline at end of file diff --git a/debian/manpage.1.ex b/debian/manpage.1.ex deleted file mode 100644 index 125478e..0000000 --- a/debian/manpage.1.ex +++ /dev/null @@ -1,56 +0,0 @@ -.\" Hey, EMACS: -*- nroff -*- -.\" (C) Copyright 2017 Jakob Odersky , -.\" -.\" First parameter, NAME, should be all caps -.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection -.\" other parameters are allowed: see man(7), man(1) -.TH Nginx-letsencrypt SECTION "December 26 2017" -.\" Please adjust this date whenever revising the manpage. -.\" -.\" Some roff macros, for reference: -.\" .nh disable hyphenation -.\" .hy enable hyphenation -.\" .ad l left justify -.\" .ad b justify to both left and right margins -.\" .nf disable filling -.\" .fi enable filling -.\" .br insert line break -.\" .sp insert n+1 empty lines -.\" for manpage-specific macros, see man(7) -.SH NAME -nginx-letsencrypt \- program to do something -.SH SYNOPSIS -.B nginx-letsencrypt -.RI [ options ] " files" ... -.br -.B bar -.RI [ options ] " files" ... -.SH DESCRIPTION -This manual page documents briefly the -.B nginx-letsencrypt -and -.B bar -commands. -.PP -.\" TeX users may be more comfortable with the \fB\fP and -.\" \fI\fP escape sequences to invode bold face and italics, -.\" respectively. -\fBnginx-letsencrypt\fP is a program that... -.SH OPTIONS -These programs follow the usual GNU command line syntax, with long -options starting with two dashes (`-'). -A summary of options is included below. -For a complete description, see the Info files. -.TP -.B \-h, \-\-help -Show summary of options. -.TP -.B \-v, \-\-version -Show version of program. -.SH SEE ALSO -.BR bar (1), -.BR baz (1). -.br -The programs are documented fully by -.IR "The Rise and Fall of a Fooish Bar" , -available via the Info system. diff --git a/debian/manpage.sgml.ex b/debian/manpage.sgml.ex deleted file mode 100644 index 0b1ba9c..0000000 --- a/debian/manpage.sgml.ex +++ /dev/null @@ -1,154 +0,0 @@ - manpage.1'. You may view - the manual page with: `docbook-to-man manpage.sgml | nroff -man | - less'. A typical entry in a Makefile or Makefile.am is: - -manpage.1: manpage.sgml - docbook-to-man $< > $@ - - - The docbook-to-man binary is found in the docbook-to-man package. - Please remember that if you create the nroff version in one of the - debian/rules file targets (such as build), you will need to include - docbook-to-man in your Build-Depends control field. - - --> - - - FIRSTNAME"> - SURNAME"> - - December 26 2017"> - - SECTION"> - jakob@odersky.com"> - - Nginx-letsencrypt"> - - - Debian"> - GNU"> - GPL"> -]> - - - -
- &dhemail; -
- - &dhfirstname; - &dhsurname; - - - 2003 - &dhusername; - - &dhdate; - - - &dhucpackage; - - &dhsection; - - - &dhpackage; - - program to do something - - - - &dhpackage; - - - - - - - - DESCRIPTION - - This manual page documents briefly the - &dhpackage; and bar - commands. - - This manual page was written for the &debian; distribution - because the original program does not have a manual page. - Instead, it has documentation in the &gnu; - Info format; see below. - - &dhpackage; is a program that... - - - - OPTIONS - - These programs follow the usual &gnu; command line syntax, - with long options starting with two dashes (`-'). A summary of - options is included below. For a complete description, see the - Info files. - - - - - - - - Show summary of options. - - - - - - - - Show version of program. - - - - - - SEE ALSO - - bar (1), baz (1). - - The programs are documented fully by The Rise and - Fall of a Fooish Bar available via the - Info system. - - - AUTHOR - - This manual page was written by &dhusername; &dhemail; for - the &debian; system (and may be used by others). Permission is - granted to copy, distribute and/or modify this document under - the terms of the &gnu; General Public License, Version 2 any - later version published by the Free Software Foundation. - - - On Debian systems, the complete text of the GNU General Public - License can be found in /usr/share/common-licenses/GPL. - - - - - - diff --git a/debian/manpage.xml.ex b/debian/manpage.xml.ex deleted file mode 100644 index a5549f5..0000000 --- a/debian/manpage.xml.ex +++ /dev/null @@ -1,291 +0,0 @@ - -.
will be generated. You may view the -manual page with: nroff -man .
| less'. A typical entry -in a Makefile or Makefile.am is: - -DB2MAN = /usr/share/sgml/docbook/stylesheet/xsl/docbook-xsl/manpages/docbook.xsl -XP = xsltproc -''-nonet -''-param man.charmap.use.subset "0" - -manpage.1: manpage.xml - $(XP) $(DB2MAN) $< - -The xsltproc binary is found in the xsltproc package. The XSL files are in -docbook-xsl. A description of the parameters you can use can be found in the -docbook-xsl-doc-* packages. Please remember that if you create the nroff -version in one of the debian/rules file targets (such as build), you will need -to include xsltproc and docbook-xsl in your Build-Depends control field. -Alternatively use the xmlto command/package. That will also automatically -pull in xsltproc and docbook-xsl. - -Notes for using docbook2x: docbook2x-man does not automatically create the -AUTHOR(S) and COPYRIGHT sections. In this case, please add them manually as - ... . - -To disable the automatic creation of the AUTHOR(S) and COPYRIGHT sections -read /usr/share/doc/docbook-xsl/doc/manpages/authors.html. This file can be -found in the docbook-xsl-doc-html package. - -Validation can be done using: `xmllint -''-noout -''-valid manpage.xml` - -General documentation about man-pages and man-page-formatting: -man(1), man(7), http://www.tldp.org/HOWTO/Man-Page/ - ---> - - - - - - - - - - - - - -]> - - - - &dhtitle; - &dhpackage; - - - &dhfirstname; - &dhsurname; - Wrote this manpage for the Debian system. -
- &dhemail; -
- - - - 2007 - &dhusername; - - - This manual page was written for the Debian system - (and may be used by others). - Permission is granted to copy, distribute and/or modify this - document under the terms of the GNU General Public License, - Version 2 or (at your option) any later version published by - the Free Software Foundation. - On Debian systems, the complete text of the GNU General Public - License can be found in - /usr/share/common-licenses/GPL. - - - - &dhucpackage; - &dhsection; - - - &dhpackage; - program to do something - - - - &dhpackage; - - - - - - - - - this - - - - - - - - this - that - - - - - &dhpackage; - - - - - - - - - - - - - - - - - - - DESCRIPTION - This manual page documents briefly the - &dhpackage; and bar - commands. - This manual page was written for the Debian distribution - because the original program does not have a manual page. - Instead, it has documentation in the GNU - info - 1 - format; see below. - &dhpackage; is a program that... - - - OPTIONS - The program follows the usual GNU command line syntax, - with long options starting with two dashes (`-'). A summary of - options is included below. For a complete description, see the - - info - 1 - files. - - - - - - - Does this and that. - - - - - - - Show summary of options. - - - - - - - Show version of program. - - - - - - FILES - - - /etc/foo.conf - - The system-wide configuration file to control the - behaviour of &dhpackage;. See - - foo.conf - 5 - for further details. - - - - ${HOME}/.foo.conf - - The per-user configuration file to control the - behaviour of &dhpackage;. See - - foo.conf - 5 - for further details. - - - - - - ENVIRONMENT - - - FOO_CONF - - If used, the defined file is used as configuration - file (see also ). - - - - - - DIAGNOSTICS - The following diagnostics may be issued - on stderr: - - - Bad configuration file. Exiting. - - The configuration file seems to contain a broken configuration - line. Use the option, to get more info. - - - - - &dhpackage; provides some return codes, that can - be used in scripts: - - Code - Diagnostic - - 0 - Program exited successfully. - - - 1 - The configuration file seems to be broken. - - - - - - BUGS - The program is currently limited to only work - with the foobar library. - The upstreams BTS can be found - at . - - - SEE ALSO - - - bar - 1 - , - baz - 1 - , - foo.conf - 5 - - The programs are documented fully by The Rise and - Fall of a Fooish Bar available via the - info - 1 - system. - - - diff --git a/debian/menu.ex b/debian/menu.ex deleted file mode 100644 index e243ff5..0000000 --- a/debian/menu.ex +++ /dev/null @@ -1,2 +0,0 @@ -?package(nginx-letsencrypt):needs="X11|text|vc|wm" section="Applications/see-menu-manual"\ - title="nginx-letsencrypt" command="/usr/bin/nginx-letsencrypt" diff --git a/debian/nginx-letsencrypt-docs.docs b/debian/nginx-letsencrypt-docs.docs deleted file mode 100644 index 0f7a894..0000000 --- a/debian/nginx-letsencrypt-docs.docs +++ /dev/null @@ -1,3 +0,0 @@ -README.Debian -README -README.source diff --git a/debian/nginx-letsencrypt.cron.d.ex b/debian/nginx-letsencrypt.cron.d.ex deleted file mode 100644 index fbda0ce..0000000 --- a/debian/nginx-letsencrypt.cron.d.ex +++ /dev/null @@ -1,4 +0,0 @@ -# -# Regular cron jobs for the nginx-letsencrypt package -# -0 4 * * * root [ -x /usr/bin/nginx-letsencrypt_maintenance ] && /usr/bin/nginx-letsencrypt_maintenance diff --git a/debian/nginx-letsencrypt.default.ex b/debian/nginx-letsencrypt.default.ex deleted file mode 100644 index 262ebdf..0000000 --- a/debian/nginx-letsencrypt.default.ex +++ /dev/null @@ -1,10 +0,0 @@ -# Defaults for nginx-letsencrypt initscript -# sourced by /etc/init.d/nginx-letsencrypt -# installed at /etc/default/nginx-letsencrypt by the maintainer scripts - -# -# This is a POSIX shell fragment -# - -# Additional options that are passed to the Daemon. -DAEMON_OPTS="" diff --git a/debian/nginx-letsencrypt.doc-base.EX b/debian/nginx-letsencrypt.doc-base.EX deleted file mode 100644 index cd603a0..0000000 --- a/debian/nginx-letsencrypt.doc-base.EX +++ /dev/null @@ -1,20 +0,0 @@ -Document: nginx-letsencrypt -Title: Debian nginx-letsencrypt Manual -Author: -Abstract: This manual describes what nginx-letsencrypt is - and how it can be used to - manage online manuals on Debian systems. -Section: unknown - -Format: debiandoc-sgml -Files: /usr/share/doc/nginx-letsencrypt/nginx-letsencrypt.sgml.gz - -Format: postscript -Files: /usr/share/doc/nginx-letsencrypt/nginx-letsencrypt.ps.gz - -Format: text -Files: /usr/share/doc/nginx-letsencrypt/nginx-letsencrypt.text.gz - -Format: HTML -Index: /usr/share/doc/nginx-letsencrypt/html/index.html -Files: /usr/share/doc/nginx-letsencrypt/html/*.html diff --git a/debian/nginx-letsencrypt.install b/debian/nginx-letsencrypt.install index 593101f..995b7ac 100644 --- a/debian/nginx-letsencrypt.install +++ b/debian/nginx-letsencrypt.install @@ -1,3 +1,3 @@ -issue-certs-nginx usr/bin +nginx-letsencrypt usr/bin letsencrypt etc/nginx letsencryptdomains etc/nginx diff --git a/debian/nginx-letsencrypt.manpage.1 b/debian/nginx-letsencrypt.manpage.1 new file mode 100644 index 0000000..3294828 --- /dev/null +++ b/debian/nginx-letsencrypt.manpage.1 @@ -0,0 +1,56 @@ +.\" Hey, EMACS: -*- nroff -*- +.\" (C) Copyright 2017 Jakob Odersky , +.\" +.\" First parameter, NAME, should be all caps +.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection +.\" other parameters are allowed: see man(7), man(1) +.TH NGINX-LETSENCRYPT 1 "December 26 2017" +.\" Please adjust this date whenever revising the manpage. +.\" +.\" Some roff macros, for reference: +.\" .nh disable hyphenation +.\" .hy enable hyphenation +.\" .ad l left justify +.\" .ad b justify to both left and right margins +.\" .nf disable filling +.\" .fi enable filling +.\" .br insert line break +.\" .sp insert n+1 empty lines +.\" for manpage-specific macros, see man(7) +.SH NAME +nginx-letsencrypt \- program to do something +.SH SYNOPSIS +.B nginx-letsencrypt +.RI [ options ] " files" ... +.br +.B bar +.RI [ options ] " files" ... +.SH DESCRIPTION +This manual page documents briefly the +.B nginx-letsencrypt +and +.B bar +commands. +.PP +.\" TeX users may be more comfortable with the \fB\fP and +.\" \fI\fP escape sequences to invode bold face and italics, +.\" respectively. +\fBnginx-letsencrypt\fP is a program that... +.SH OPTIONS +These programs follow the usual GNU command line syntax, with long +options starting with two dashes (`-'). +A summary of options is included below. +For a complete description, see the Info files. +.TP +.B \-h, \-\-help +Show summary of options. +.TP +.B \-v, \-\-version +Show version of program. +.SH SEE ALSO +.BR bar (1), +.BR baz (1). +.br +The programs are documented fully by +.IR "The Rise and Fall of a Fooish Bar" , +available via the Info system. diff --git a/debian/nginx-letsencrypt.manpages b/debian/nginx-letsencrypt.manpages new file mode 100644 index 0000000..8860cd8 --- /dev/null +++ b/debian/nginx-letsencrypt.manpages @@ -0,0 +1 @@ +debian/nginx-letsencrypt.manpage.1 \ No newline at end of file diff --git a/debian/postinst b/debian/postinst new file mode 100644 index 0000000..80ca174 --- /dev/null +++ b/debian/postinst @@ -0,0 +1,46 @@ +#!/bin/sh +# postinst script for nginx-letsencrypt +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + if [ ! -e /etc/letsencrypt/live/nginx/fullchain.pem ]; then + mkdir -p /etc/letsencypt/live/nginx + cp /etc/ssl/certs/ssl-cert-snakeoil.pem \ + /etc/letsencrypt/live/nginx/fullchain.pem + cp /etc/ssl/private/ssl-cert-snakeoil.key \ + /etc/letsencrypt/live/nginx/privkey.pem + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/debian/postinst.ex b/debian/postinst.ex deleted file mode 100644 index d8eef1b..0000000 --- a/debian/postinst.ex +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# postinst script for nginx-letsencrypt -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian/postrm.ex b/debian/postrm.ex deleted file mode 100644 index 0e2ad97..0000000 --- a/debian/postrm.ex +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/sh -# postrm script for nginx-letsencrypt -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian/preinst.ex b/debian/preinst.ex deleted file mode 100644 index 5dbaf31..0000000 --- a/debian/preinst.ex +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# preinst script for nginx-letsencrypt -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `install' -# * `install' -# * `upgrade' -# * `abort-upgrade' -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - install|upgrade) - ;; - - abort-upgrade) - ;; - - *) - echo "preinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian/prerm.ex b/debian/prerm.ex deleted file mode 100644 index 23c80ba..0000000 --- a/debian/prerm.ex +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# prerm script for nginx-letsencrypt -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `upgrade' -# * `failed-upgrade' -# * `remove' `in-favour' -# * `deconfigure' `in-favour' -# `removing' -# -# for details, see https://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - remove|upgrade|deconfigure) - ;; - - failed-upgrade) - ;; - - *) - echo "prerm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/issue-certs-nginx b/issue-certs-nginx deleted file mode 100755 index 5db460a..0000000 --- a/issue-certs-nginx +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -# Obtain or renew certificates from letsencrypt, to be used with nginx -# webroot verification. -# -# Domains to be certified are defined in /etc/nginx/domains. -# -# The pre-hook is used to remove snakeoil certificates that are -# required to bootstrap nginx configurations (nginx fails to start -# without ssl certificates). The hook is required because certbot does -# not overwrite foreign certificates, as described in this issue -# https://github.com/certbot/certbot/issues/3396 -set -o exiterr -set -o unset - -email="jakob@odersky.com" - -extra_flags="" -if [ "$1" = --test ]; then - extra_flags="--test-cert" -fi - -certbot certonly $extra_flags \ - --noninteractive \ - --agree-tos \ - --email "$email" \ - --cert-name nginx \ - --webroot --webroot-path /var/www/letsencrypt \ - --pre-hook "sh -c '(openssl x509 -in /etc/letsencrypt/live/nginx/fullchain.pem -noout -text) | grep --quiet letsencrypt || rm -r /etc/letsencrypt/live/nginx'" \ - --post-hook "systemctl reload nginx" \ - -d "$(grep "^[^#;]" /etc/nginx/letsencryptdomains | paste --delimiter=, --serial)" diff --git a/nginx-letsencrypt b/nginx-letsencrypt new file mode 100755 index 0000000..5db460a --- /dev/null +++ b/nginx-letsencrypt @@ -0,0 +1,30 @@ +#!/bin/sh +# Obtain or renew certificates from letsencrypt, to be used with nginx +# webroot verification. +# +# Domains to be certified are defined in /etc/nginx/domains. +# +# The pre-hook is used to remove snakeoil certificates that are +# required to bootstrap nginx configurations (nginx fails to start +# without ssl certificates). The hook is required because certbot does +# not overwrite foreign certificates, as described in this issue +# https://github.com/certbot/certbot/issues/3396 +set -o exiterr +set -o unset + +email="jakob@odersky.com" + +extra_flags="" +if [ "$1" = --test ]; then + extra_flags="--test-cert" +fi + +certbot certonly $extra_flags \ + --noninteractive \ + --agree-tos \ + --email "$email" \ + --cert-name nginx \ + --webroot --webroot-path /var/www/letsencrypt \ + --pre-hook "sh -c '(openssl x509 -in /etc/letsencrypt/live/nginx/fullchain.pem -noout -text) | grep --quiet letsencrypt || rm -r /etc/letsencrypt/live/nginx'" \ + --post-hook "systemctl reload nginx" \ + -d "$(grep "^[^#;]" /etc/nginx/letsencryptdomains | paste --delimiter=, --serial)" -- cgit v1.2.3