Commit c7235a32 authored by Andy Mayhew's avatar Andy Mayhew

Added useful comments and more in the Readme.

parent 9907eea0
## [GitLab](https://gitlab.com/)/[Certbot](https://certbot.eff.org/lets-encrypt/) SSL Renewal
A set of shell scripts to automate Let's Encrypt SSL certificate renew and GitLab pages certificate updates.
**Requirements:**
* [jq v1.5](https://stedolan.github.io/jq/) - a lightweight and flexible command-line JSON processor.
* [CertBot v0.25.1](https://certbot.eff.org/) – Automatically enable HTTPS on your website with EFF's Certbot, deploying [Let's Encrypt](https://letsencrypt.org/) certificates.
* [Curl v7.54](https://curl.haxx.se/) - command line tool and library for transferring data with URLs
**Usage:** `certbot certonly --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --config-dir ./ --work-dir ./ --manual-auth-hook ./gitlab-auth-hook.sh --manual-cleanup-hook ./gitlab-put-certs.sh --config [CERTBOT.ini]`
**Example:** `certbot certonly --config autonomic-guru.ini --manual-auth-hook ./gitlab-auth-hook.sh --manual --preferred-challenges=http -n --manual-public-ip-logging-ok --work-dir /Users/andy/tmp/certbot/ --config-dir ./ --manual-cleanup-hook ./gitlab-put-certs.sh`
\ No newline at end of file
#!/bin/bash
baseDir="[DIRw/oTrailingSlash]"
GLDir="${baseDir}/[pages clone]"
## gitlab-auth-hook.sh
## CertBot manual-auth-hook script used for http-based domain
## validation and authorization. Script will attempt to publish
## CertBot nonce values to GitLab pages repository. While loop
## performs the task of waiting for the publishing to complete before
## ending to allow CertBot to continue its validation step.
##
## GLDirectory is the location on local disk where the GitLab pages repository
## is currently cloned. e.g. GLDir="/home/andy/gitlab/my-awesome-blog"
GLDir="[pages clone]"
## SaveDir where in the repo path to save the CertBot validation/token files.
SaveDir="${GLDir}/le"
## URI path that CertBot looks in your domain for the validation/token files.
CertPath="/.well-known/acme-challenge/"
## validation/token file writing, commit, and push to git.
echo ${CERTBOT_VALIDATION} > ${SaveDir}/${CERTBOT_TOKEN}
cd ${SaveDir}
git add -- ${CERTBOT_TOKEN}
git commit -m "certbot token" -- ${CERTBOT_TOKEN}
git commit -m "add certbot token" -- ${CERTBOT_TOKEN}
git push
## waiting for CI/CD publishing to happen
while true; do
resp=`curl -s -I "http://${CERTBOT_DOMAIN}${CertPath}${CERTBOT_TOKEN}" | grep HTTP | awk '{print $2 }'`
if [ "${resp}" = "200" ]; then
......@@ -18,3 +31,4 @@ while true; do
fi
sleep 15
done
#!/bin/bash
baseDir="[ssl-renew-directory]"
certDir="${baseDir}/live/[1st-domain]"
## gitlab-put-certs.sh
## Requires jq (https://stedolan.github.io/jq/)
## Utilize GitLab API to update pages certificates.
## Can be run as a CertBot manual-cleanup-hook or manually.
## certDir is the location where CertBot wrote the "live" certificates
certDir="[someplace/live/1st-domain]"
## ProjectID and API token for the GitLab
glProjectId="[pages Project ID]"
glToken="[GitLab API Token]"
## Pages/Domain API URI for the project. Shouldn't need edit.
glAPI="https://gitlab.com/api/v4/projects/${glProjectId}/pages/domains"
## Cycle through domains for a GitLab project and update their certificates.
for i in `curl -s --header "PRIVATE-TOKEN: ${glToken}" ${glAPI} | jq ".[].domain" | sed 's/"//g'`; do
echo "Updating certificate for: $i"
curl -s --request PUT --header "PRIVATE-TOKEN: ${glToken}" --form "[email protected]${certDir}/fullchain.pem" --form "[email protected]${certDir}/privkey.pem" ${glAPI}/$i | jq .
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment