04.01.16

Virtualmin + Lets encrypt: How to automate / script it

If you use virtualmin and prefer to do it with let’s encrypt, my quick (and little dirty) script may help you.

Be sure to check this related article: Automatically renew lets encrypt script bash

In general, you can create a config file or insert this directly in bash script:
nano /PathToLetsencrypt/letsencrypt/cli.ini
Then, insert your infomation:
email=MYMAIL@MYDOMAIN.TLD
server=https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-tos

Script for activating ssl on a virtualhost
nano /PathToLetsencrypt/letsencrypt/sslactivate.sh
Script content:
#!/bin/bash
LETSENCRYPT_DIRECTORY=">/PathToLetsencrypt/letsencrypt/"
CONFIG_PATH=">/PathToLetsencrypt/letsencrypt/cli.ini"
LETSENCRYPT_CERTS_PATH="/etc/letsencrypt/live/"

cd LETSENCRYPT_DIRECTORY

domain=$1
echo -e “\nDomain $domain : \n############################################”

#Enable SSL
echo -e “\nEnable SSL \n############################################”
virtualmin enable-feature –domain ${domain} –ssl

#Generate certificate
#####################
echo -e “\nGenerate certificate \n############################################”

#Grab domain infos
domaininfos=$(virtualmin list-domains –simple-multiline –domain ${domain})
#domain path, don’t know a better way to find it
path=$(echo “${domaininfos}” | grep “HTML directory:” | cut -d’ ‘ -f7)
#Username, don’t know a better way to find it
username=$(echo “${domaininfos}” | grep “Username:” | cut -d’ ‘ -f6)

#All domains with same username, alias only
#echo “virtualmin list-domains –alias –user ${username}” –name-only
aliases=$(virtualmin list-domains –alias –user “${username}” –name-only)
domains=${domain}
if [ “${aliases}” ]
then
echo -e “\nAliases : \n############################################”
for j in ${aliases}
do
domains=”${domains} -d ${j}”
done
fi

#display command
echo “./letsencrypt-auto –config ${CONFIG_PATH} -d ${domains} –authenticator webroot –webroot-path ${path} auth”;
#run command
result=$(./letsencrypt-auto –config ${CONFIG_PATH} -d ${domains} –authenticator webroot –webroot-path ${path} auth)
echo “${result}”

echo -e “\nApply certificate \n############################################”
#Install certificate
echo “virtualmin install-cert –domain ${domain} –cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem –key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem –ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem”
virtualmin install-cert –domain ${domain} –cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem –key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem –ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem

chmod +x /PathToLetsencrypt/letsencrypt/sslactivate.sh

Now you can use by calling it
/PathToLetsencrypt/letsencrypt/sslactivate.sh MYDOMAIN.TLD

An alternative way to install ssl letsencrypt certificate for all virtualhost with activated ssl::

#!/bin/bash
LETSENCRYPT_DIRECTORY=">/PathToLetsencrypt/letsencrypt/"
CONFIG_PATH=">/PathToLetsencrypt/letsencrypt/cli.ini"
LETSENCRYPT_CERTS_PATH="/etc/letsencrypt/live/"

cd LETSENCRYPT_DIRECTORY

#We list all virtualservers with ssl and without SSL
for i in $( virtualmin list-domains –name-only –no-alias –with-feature ssl)
do
#domain name
domain=$i
echo -e “\nDomain $domain : \n############################################”

#Generate certificate
#####################
echo -e “\nGenerate certificate \n############################################”

#Grab domain infos
domaininfos=$(virtualmin list-domains –simple-multiline –domain ${domain})
#domain path, don’t know a better way to find it
path=$(echo “${domaininfos}” | grep “HTML directory:” | cut -d’ ‘ -f7)
#Username, don’t know a better way to find it
username=$(echo “${domaininfos}” | grep “Username:” | cut -d’ ‘ -f6)

#All domains with same username, alias only
#echo “virtualmin list-domains –alias –user ${username}” –name-only
aliases=$(virtualmin list-domains –alias –user “${username}” –name-only)
domains=${domain}
if [ “${aliases}” ]
then
echo -e “\nAliases : \n############################################”
for j in ${aliases}
do
domains=”${domains} -d ${j}”
done
fi

#display command
echo “./letsencrypt-auto –config ${CONFIG_PATH} -d ${domains} –authenticator webroot –webroot-path ${path} auth”;
#run command
result=$(./letsencrypt-auto –config ${CONFIG_PATH} -d ${domains} –authenticator webroot –webroot-path ${path} auth)
echo “${result}”

echo -e “\nApply certificate \n############################################”
#Install certificate
echo “virtualmin install-cert –domain ${domain} –cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem –key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem –ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem”
virtualmin install-cert –domain ${domain} –cert ${LETSENCRYPT_CERTS_PATH}${domain}/cert.pem –key ${LETSENCRYPT_CERTS_PATH}${domain}/privkey.pem –ca ${LETSENCRYPT_CERTS_PATH}${domain}/fullchain.pem

About Christophe