├── VERSION ├── vendor └── .gitignore ├── alwaysdata-certificate-admin.png ├── LICENSE ├── bin └── letsencrypt-alwaysdata └── README.md /VERSION: -------------------------------------------------------------------------------- 1 | v1.2 2 | -------------------------------------------------------------------------------- /vendor/.gitignore: -------------------------------------------------------------------------------- 1 | * 2 | -------------------------------------------------------------------------------- /alwaysdata-certificate-admin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/thom4parisot/letsencrypt-alwaysdata/HEAD/alwaysdata-certificate-admin.png -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2016 Thomas Parisot 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /bin/letsencrypt-alwaysdata: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | CURRENT_DIRECTORY=$(dirname $(readlink -f $0)) 4 | SIMP_LE="python2.7 -m simp_le" 5 | JQ="$CURRENT_DIRECTORY/../vendor/jq" 6 | ACTION="update" 7 | 8 | set -e 9 | 10 | # Use > 1 to consume two arguments per pass in the loop (e.g. each 11 | # argument has a corresponding value to go with it). 12 | # Use > 0 to consume one or more arguments per pass in the loop (e.g. 13 | # some arguments don't have a corresponding value to go with it such 14 | # as in the --default example). 15 | # note: if this is set to > 0 the /etc/hosts part is not recognized ( may be a bug ) 16 | while [[ $# > 0 ]] 17 | do 18 | key="$1" 19 | 20 | case $key in 21 | --create) 22 | ACTION="create" 23 | ;; 24 | -c|--cert-name) 25 | CERTIFICATE_NAME="$2" 26 | shift # past argument 27 | ;; 28 | -s|--site-dir) 29 | SITE_DIR="$2" 30 | shift # past argument 31 | ;; 32 | -l|--letsencrypt-options) 33 | LETSENCRYPT_OPTIONS="$2" 34 | shift # past argument 35 | ;; 36 | *) 37 | # unknown option 38 | ;; 39 | esac 40 | shift # past argument or value 41 | done 42 | 43 | # 44 | # Functions 45 | # 46 | 47 | # 48 | # Usage: get_certificate_id 'cert_name' 49 | # Example: get_certificate_id 'sudweb.fr' 50 | # > 1442 51 | function get_certificate_id { 52 | echo $(curl -sS --basic --user "$ALWAYSDATA_API_AUTH" https://api.alwaysdata.com/v1/ssl/ | 53 | $JQ -r --arg name $1 '.[] | if .name == $name then .id else empty end') 54 | } 55 | 56 | # 57 | # Usage: 58 | # Example: 59 | # > 1442 60 | function generate_certificate { 61 | STDOUT=$($SIMP_LE --email abuse@alwaysdata.com -f account_key.json -f fullchain.pem -f key.pem \ 62 | --tos_sha256 6373439b9f29d67a5cd4d18cbc7f264809342dbf21cb2ba2fc7588df987a6221 \ 63 | --default_root $SITE_DIR $LETSENCRYPT_OPTIONS) 64 | 65 | STDOUT=$(openssl pkcs8 -topk8 -inform pem -in key.pem -outform pem -nocrypt -out private-key.pem) 66 | } 67 | 68 | function create_certificate { 69 | PAYLOAD=$($JQ -n -c -r \ 70 | --arg certificate "$(=1.5 was not found within \$PATH" 105 | exit 78 106 | fi; 107 | 108 | # check for AUTH 109 | if [ "$ALWAYSDATA_API_AUTH" == "" ]; then 110 | echo "ALWAYSDATA_API_AUTH environment variable was not found." 111 | exit 78 112 | fi 113 | 114 | # check existence of certificate 115 | if [ $ACTION == "update" -a "$(get_certificate_id $CERTIFICATE_NAME)" == "" ]; then 116 | echo "Could not find certificate for $CERTIFICATE_NAME." 117 | exit 78 118 | fi 119 | } 120 | 121 | # 122 | # Run All 123 | # 124 | run_pretests 125 | 126 | CERTIFICATE_ID=$(get_certificate_id $CERTIFICATE_NAME) 127 | 128 | generate_certificate 129 | ${ACTION}_certificate $CERTIFICATE_ID 130 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # letsencrypt-alwaysdata 2 | 3 | > Create or update your SSL certs on alwaysdata shared hosting via their REST API. 4 | 5 | # ⚡️⚡️⚡️ This repo is no longer relevant ⚡️⚡️⚡️ 6 | 7 | [Thanks to alwaysdata for making this a native feature in 2016](https://blog.alwaysdata.com/2016/11/28/https-native-support-for-lets-encrypt/). 8 | 9 | The repo stays here to showcase how to use [alwaysdata API](https://help.alwaysdata.com/api/), which is quite neat. 10 | 11 | # Install 12 | 13 | The initial setup pulls the source code of this repository as well as its two dependencies: 14 | 15 | - [`simp_le`](https://github.com/kuba/simp_le) (to call letsencrypt API); 16 | - [`jq`](https://stedolan.github.io/jq/) (to parse and builds REST payloads). 17 | 18 | ```bash 19 | cd /home/$USER 20 | 21 | git clone https://github.com/oncletom/letsencrypt-alwaysdata.git 22 | 23 | cd /home/$USER/letsencrypt-alwaysdata 24 | 25 | # installing jq 26 | wget -qO vendor/jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 27 | chmod +x vendor/jq 28 | 29 | # installing simp_le 30 | python2.7 -m pip install --user git+https://github.com/kuba/simp_le 31 | 32 | # extending `.profile` 33 | echo "export PATH=\"/home/\${USER}/letsencrypt-alwaysdata/bin:\${PATH}\"" >> /home/$USER/.profile 34 | ``` 35 | 36 | # Configure 37 | 38 | ## Alwaysdata API Key 39 | 40 | `ALWAYSDATA_API_AUTH` environment variable must be set prior to running the script (and can be found under the [Profile section](https://admin.alwaysdata.com/admin/details/)). This way we avoid leaking the API key in your `history` logs. 41 | 42 | ```bash 43 | echo "export ALWAYSDATA_API_AUTH=\" account=:\"" >> /home/$USER/.profile 44 | 45 | # e.g for oncletom.alwaysdata.net: 46 | echo "export ALWAYSDATA_API_AUTH=\"db7db0047d09458a4b422e0156eb46cb account=oncletom:\"" >> /home/$USER/.profile 47 | ``` 48 | 49 | ## HTTP redirects 50 | 51 | You will have to exempt the `.well-known/acme-challenge` folder from any redirections 52 | if you want the `letsencrypt` client to be able to verify the authenticity of your request. 53 | 54 | It can be the case if you have configured Apache to *redirect various domains* and *insecure traffic* 55 | to a secured one, for example. 56 | 57 | ```apache 58 | 59 | 60 | # vvvvvvvvvvvvvvvvvv 61 | RewriteCond %{REQUEST_URI} ^/.well-known/acme-challenge [NC] 62 | RewriteRule .* - [L] 63 | # ^^^^^^^^^^^^^^^^^^ 64 | 65 | # redirects all vhosts pointing to the same directory to a single domain 66 | RewriteCond %{HTTP_HOST} !^YOUR-DOMAIN.TLD [NC] 67 | RewriteRule ^ https://YOUR-DOMAIN.TLD%{REQUEST_URI} [L,R=301,NE] 68 | 69 | # redirects all non-https requests to a single domain 70 | RewriteCond %{HTTP:X-Forwarded-Proto} !https 71 | RewriteRule ^ https://YOUR-DOMAIN.TLD%{REQUEST_URI} [R=301,L,NE] 72 | 73 | ``` 74 | 75 | # Update 76 | 77 | You may want to update this software if it had received some changes or fixed some bugs: 78 | 79 | ```bash 80 | cd /home/$USER/letsencrypt-alwaysdata && git reset --hard && git pull 81 | ``` 82 | 83 | ## Cronjob 84 | 85 | TBD. 86 | 87 | # Use 88 | 89 | ```bash 90 | source /home/$USER/.profile 91 | 92 | letsencrypt-alwaysdata \ 93 | --cert-name example.com \ 94 | --site-dir /home/$USER/www \ 95 | --letsencrypt-options "-d example.com -d www.example.com" 96 | ``` 97 | 98 | ## `--create` 99 | 100 | Optionally you can create a certificate from scratch. The value of the first `-d` will become your certificate name on alwaysdata. 101 | 102 | ```bash 103 | source /home/$USER/.profile 104 | 105 | letsencrypt-alwaysdata \ 106 | --create \ 107 | --cert-name example.com \ 108 | --site-dir /home/$USER/www \ 109 | --letsencrypt-options "-d example.com -d www.example.com" 110 | ``` 111 | 112 | ## `--cert-name` 113 | 114 | This is the name of the certificate as found [in the Alwaysdata admin interface](https://admin.alwaysdata.com/ssl/). 115 | 116 | Example: `--cert-name sudweb.fr`. 117 | 118 | ![](alwaysdata-certificate-admin.png) 119 | 120 | ## `--site-dir` 121 | 122 | This is the location of the website served by the certificate. 123 | 124 | Example: `--site-dir /home/$USER/www`. 125 | 126 | ## `--letsencrypt-options` 127 | 128 | Any other option you would like to pass to letsencrypt, like your domains and eventually their individual mapping. 129 | 130 | Example: `--letsencrypt-options "-d sudweb.fr -d www.sudweb.fr -d estcequecestientot.sudweb.fr:/home/$USER/estcequecestbientot"`. 131 | 132 | # License 133 | 134 | > The MIT License (MIT) 135 | > Copyright (c) 2016 Thomas Parisot 136 | > 137 | > Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 138 | > 139 | > The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 140 | > 141 | > THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 142 | --------------------------------------------------------------------------------