Commit b372bb9a authored by Andy Mayhew's avatar Andy Mayhew

Readme fleshed out and more comments.

parent 9192210f
......@@ -2,12 +2,103 @@
A set of shell scripts to automate Let's Encrypt SSL certificate renew and GitLab pages certificate updates.
**Requirements:**
See [Using Let's Encrypt on GitLabs](https://autonomic.guru/using-letsencrypt-on-gitlabs/)
* [jq v1.5](https://stedolan.github.io/jq/) - a lightweight and flexible command-line JSON processor.
### Setup
**Requirements**
* [jq v1.5](https://stedolan.github.io/jq/) – a lightweight and flexible command-line JSON processor.
* [CertBot v0.25.1](https://certbot.eff.org/) – Automatically enable HTTPS on your website with EFF's Certbot, deploying [Let's Encrypt](https://letsencrypt.org/) certificates.
* [Curl v7.54](https://curl.haxx.se/) - command line tool and library for transferring data with URLs
* [Curl v7.54](https://curl.haxx.se/) – command line tool and library for transferring data with URLs
**Configuration**
Before running, you'll need to modify the following 3 files:
* `certbot-example.ini` – Certbot configuration. Update domain(s) and email address.
* `gitlab-auth-hook.sh` – Authorization and validation hook. Update git repository and Let's Encrypt validation path settings.
* `gitlab-put-certs.sh` – Certificate publishing hook. Update with CertBot live certificate path, your GitLab pages project id, and GitLab API token.
----
### Usage
```
certbot certonly --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --config-dir ./ --work-dir ./ --manual-auth-hook ./gitlab-auth-hook.sh --manual-cleanup-hook ./gitlab-put-certs.sh --config [CERTBOT.ini]
```
Replace `[CERTBOT.ini]` with the CertBot configuration file for your domain(s) hosted on GitLab pages. Above and the example below assume that you are running certbot from the directory where the hooks are stored. When run a several directories will be created and populated by certbot.
**Example Run**
```bash
$ certbot certonly --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --config-dir ./ --work-dir ./ --manual-auth-hook ./gitlab-auth-hook.sh --manual-cleanup-hook ./gitlab-put-certs.sh --config example-com.ini
Saving debug log to /tmp/certbot/logs/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for example.com
http-01 challenge for www.example.com
Output from gitlab-auth-hook.sh:
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
Error output from gitlab-auth-hook.sh:
Everything up-to-date
Output from gitlab-auth-hook.sh:
On branch master
Your branch is up to date with 'origin/master'.
nothing to commit, working tree clean
Error output from gitlab-auth-hook.sh:
Everything up-to-date
Waiting for verification...
Cleaning up challenges
Output from gitlab-put-certs.sh:
Updating certificate for: example.com
{
"domain": "example.com",
"url": "https://example.com",
"verified": true,
"verification_code": "47969277390e60fddc22a4e2efd46f83",
"enabled_until": "2018-06-29T03:45:36.047Z",
"certificate": {
[OUTPUT TRUNCATED]
}
}
Updating certificate for: www.example.com
{
"domain": "www.example.com",
"url": "https://www.example.com",
"verified": true,
"verification_code": "bae004a790b116f18f54fc25dab9a983",
"enabled_until": "2018-06-29T23:00:31.921Z",
"certificate": {
[OUTPUT TRUNCATED]
}
}
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/Users/andy/Documents/personal/gitlab/ssl-renew/live/autonomic.guru/fullchain.pem
Your key file has been saved at:
/Users/andy/Documents/personal/gitlab/ssl-renew/live/autonomic.guru/privkey.pem
Your cert will expire on 2018-09-22. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
**Usage:** `certbot certonly --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --config-dir ./ --work-dir ./ --manual-auth-hook ./gitlab-auth-hook.sh --manual-cleanup-hook ./gitlab-put-certs.sh --config [CERTBOT.ini]`
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
```
**Example:** `certbot certonly --config autonomic-guru.ini --manual-auth-hook ./gitlab-auth-hook.sh --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --work-dir /Users/andy/tmp/certbot/ --config-dir ./ --manual-cleanup-hook ./gitlab-put-certs.sh`
\ No newline at end of file
logs-dir = /tmp/certbot/logs/
text = True
domains = example.com, www.example.com
email = [email protected]
......
......@@ -11,9 +11,12 @@
## GLDirectory is the location on local disk where the GitLab pages repository
## is currently cloned. e.g. GLDir="/home/andy/gitlab/my-awesome-blog"
GLDir="[pages clone]"
## SaveDir where in the repo path to save the CertBot validation/token files.
SaveDir="${GLDir}/le"
## URI path that CertBot looks in your domain for the validation/token files.
## Probably won't need a change.
CertPath="/.well-known/acme-challenge/"
## validation/token file writing, commit, and push to git.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment