From 5fdcec534ae16fe749d596559b99b9dc92fc902d Mon Sep 17 00:00:00 2001 From: fro Date: Tue, 28 Oct 2025 14:07:58 -0500 Subject: [PATCH] + / 4_acmesh.sh --- scr/0_download_scripts.sh | 1 + scr/4_acmesh.sh | 49 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100755 scr/4_acmesh.sh diff --git a/scr/0_download_scripts.sh b/scr/0_download_scripts.sh index 3ee055b..c5a81a2 100755 --- a/scr/0_download_scripts.sh +++ b/scr/0_download_scripts.sh @@ -29,6 +29,7 @@ wget ${base_url_scr}/1_upd_install.sh wget ${base_url_scr}/2a_postgrest_install.sh wget ${base_url_scr}/2b_postgrest_service.sh wget ${base_url_scr}/3_create_user.sh +wget ${base_url_scr}/4_acmesh.sh diff --git a/scr/4_acmesh.sh b/scr/4_acmesh.sh new file mode 100755 index 0000000..39c6f8f --- /dev/null +++ b/scr/4_acmesh.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - +# acme.sh - ssl cert - https - let's encrypt setup - part one / frode klevstul / oct 2025 +# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + +if [ "$EUID" -ne 0 ] + then echo "error: run as 'root'" + exit +fi + +this_file_name=`basename "$0"` + +if [ $# -ne 1 ]; then + echo usage: $this_file_name [E-MAIL] + exit 1 +fi + +email=$1 + +# --- +# let's encrypt ssl/https +# --- +apt -y install git-core bc +cd /tmp/ +git clone https://github.com/acmesh-official/acme.sh.git +cd acme.sh/ +./acme.sh --install -m $email + +# --- +# manual steps +# --- +echo "------------------------------------------------------------------" +echo "MANUAL INSTRUCTIONS TO FOLLOW:" +echo "------------------------------------------------------------------" +echo "::: If DNS @ DigitalOcean :::" +echo "visit https://cloud.digitalocean.com/account/api/tokens?i=d0165a" +echo " - generate new token" +echo " - token name: 'acme.sh' scope: 'r+w'" +echo "::: If DNS @ Hetzner :::" +echo "visit https://console.hetzner.cloud/projects/1330055/security/tokens" +echo " - generate api token" +echo " - description: 'acme.sh' permissions: 'read & write'" +echo "::: ALL:::" +echo " - save token to clipboard, as you'll need it later, for setting" +echo " up https (using '5_https.sh')" +echo " - (save token to password manager)" +echo "- log out of the server and back in again (for acme.sh to be activated)" +echo "------------------------------------------------------------------"