#!/bin/bash

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# acme.sh - ssl cert - https - let's encrypt setup - part one / frode klevstul / oct 2025
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

if [ "$EUID" -ne 0 ]
  then echo "error: run as 'root'"
  exit
fi

this_file_name=`basename "$0"`

if [ $# -ne 1 ]; then
    echo usage: $this_file_name [E-MAIL]
    exit 1
fi

email=$1

# ---
# let's encrypt ssl/https
# ---
apt -y install git-core bc
cd /tmp/
git clone https://github.com/acmesh-official/acme.sh.git
cd acme.sh/
./acme.sh --install -m $email

# ---
# manual steps
# ---
echo "------------------------------------------------------------------"
echo "MANUAL INSTRUCTIONS TO FOLLOW:"
echo "------------------------------------------------------------------"
echo "::: If DNS @ DigitalOcean :::"
echo "visit https://cloud.digitalocean.com/account/api/tokens?i=d0165a"
echo "  - generate new token"
echo "    - token name: 'acme.sh' scope: 'r+w'"
echo "::: If DNS @ Hetzner :::"
echo "visit https://console.hetzner.cloud/projects/1330055/security/tokens"
echo "  - generate api token"
echo "    - description: 'acme.sh' permissions: 'read & write'"
echo "::: ALL:::"
echo "    - save token to clipboard, as you'll need it later, for setting"
echo "      up https (using '5_https.sh')"
echo "    - (save token to password manager)"
echo "- log out of the server and back in again (for acme.sh to be activated)"
echo "------------------------------------------------------------------"