Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba
alo wrote:Hey Luterra, did you happen to find a solution here? Still looking myself...
zypper in socat
wget -O - https://get.acme.sh | sh
#!/bin/bash
while getopts ":e:d:" options; do
case "${options}" in
e)
EMAIL=${OPTARG} ;;
d)
DOMAIN=${OPTARG} ;;
:) echo "Error: -${OPTARG} requires an argument."; exit 1;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
if [ -z "$EMAIL" ]
then
echo "Missing -e Email option!"
exit 1
fi
if [ -z "$DOMAIN" ]
then
echo "Missing -d Domain option!"
exit 1
fi
mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL
sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart
echo " If this is a telephony server you will need to modify the 'Web Socket URL'"
echo " field for this server under the Admin --> Servers section. It will need to be"
echo " changed to :"
echo " wss://$DOMAIN:8089/ws"
echo
echo " You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo " section. You want to change the following options under the "
echo " 'Template Contents' :"
echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"
testhost:/opt # ./ssl.sh -e some@email.com -d vicidial.testdomain.com
[Sun Feb 23 13:50:01 CET 2020] Create account key ok.
[Sun Feb 23 13:50:01 CET 2020] Registering account
[Sun Feb 23 13:50:03 CET 2020] Registered
[Sun Feb 23 13:50:03 CET 2020] ACCOUNT_THUMBPRINT='KNgA6G-ytHlwJ5KMVbfXccqazt0e8Lnx7gwAv8zhRKc'
[Sun Feb 23 13:50:03 CET 2020] Creating domain key
[Sun Feb 23 13:50:03 CET 2020] The domain key is here: /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:03 CET 2020] Single domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:03 CET 2020] Getting domain auth token for each domain
[Sun Feb 23 13:50:06 CET 2020] Getting webroot for domain='vicidial.testdomain.com'
[Sun Feb 23 13:50:06 CET 2020] Verifying: vicidial.testdomain.com
[Sun Feb 23 13:50:10 CET 2020] Success
[Sun Feb 23 13:50:10 CET 2020] Verify finished, start to sign.
[Sun Feb 23 13:50:10 CET 2020] Lets finalize the order, Le_OrderFinalize: https://acme-v02.api.letsencrypt.org/ac ... 2421054695
[Sun Feb 23 13:50:12 CET 2020] Download cert, Le_LinkCert: https://acme-v02.api.letsencrypt.org/ac ... ac33691ed0
[Sun Feb 23 13:50:12 CET 2020] Cert success.
-----BEGIN CERTIFICATE-----
**redacted**
-----END CERTIFICATE-----
[Sun Feb 23 13:50:12 CET 2020] Your cert is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.cer
[Sun Feb 23 13:50:12 CET 2020] Your cert key is in /root/.acme.sh/vicidial.testdomain.com/vicidial.testdomain.com.key
[Sun Feb 23 13:50:12 CET 2020] The intermediate CA cert is in /root/.acme.sh/vicidial.testdomain.com/ca.cer
[Sun Feb 23 13:50:12 CET 2020] And the full chain certs is there: /root/.acme.sh/vicidial.testdomain.com/fullchain.cer
[Sun Feb 23 13:50:12 CET 2020] Installing cert to:/etc/certbot/live/vicidial.testdomain.com/cert.pem
./ssl.sh: line 27: /etc/certbot/live/vicidial.testdomain.com/privkey.pem: No such file or directory
sed: no input files
./ssl.sh: line 31: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
sed: no input files
./ssl.sh: line 33: /etc/apache2/vhosts.d/1111-default-ssl.conf: Permission denied
Module 'http' reloaded successfully.
Job for apache2.service failed because the control process exited with error code.
See "systemctl status apache2.service" and "journalctl -xe" for details.
If this is a telephony server you will need to modify the 'Web Socket URL'
field for this server under the Admin --> Servers section. It will need to be
changed to :
wss://vicidial.testdomain.com:8089/ws
You will also need to modify the 'webRTC' template under the Admin --> Templates
section. You want to change the following options under the
'Template Contents' :
dtlscertfile=/etc/certbot/live/vicidial.testdomain.com/cert.pem
dtlsprivatekey=/etc/certbot/live/vicidial.testdomain.com/privkey.pem
Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:
run this:
- Code: Select all
zypper in socat
wget -O - https://get.acme.sh | sh
Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com
- Code: Select all
#!/bin/bash
while getopts ":e:d:" options; do
case "${options}" in
e)
EMAIL=${OPTARG} ;;
d)
DOMAIN=${OPTARG} ;;
:) echo "Error: -${OPTARG} requires an argument."; exit 1;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
if [ -z "$EMAIL" ]
then
echo "Missing -e Email option!"
exit 1
fi
if [ -z "$DOMAIN" ]
then
echo "Missing -d Domain option!"
exit 1
fi
mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL
sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart
echo " If this is a telephony server you will need to modify the 'Web Socket URL'"
echo " field for this server under the Admin --> Servers section. It will need to be"
echo " changed to :"
echo " wss://$DOMAIN:8089/ws"
echo
echo " You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo " section. You want to change the following options under the "
echo " 'Template Contents' :"
echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"
Acidshock wrote:Just realized that client isnt ACME2 compatible. I recommend you do the following:
run this:
- Code: Select all
zypper in socat
wget -O - https://get.acme.sh | sh
Then create this script and run it. Syntax is -e some@email.com -d vicidial.testdomain.com
- Code: Select all
#!/bin/bash
while getopts ":e:d:" options; do
case "${options}" in
e)
EMAIL=${OPTARG} ;;
d)
DOMAIN=${OPTARG} ;;
:) echo "Error: -${OPTARG} requires an argument."; exit 1;;
*) echo "Internal error!" ; exit 1 ;;
esac
done
if [ -z "$EMAIL" ]
then
echo "Missing -e Email option!"
exit 1
fi
if [ -z "$DOMAIN" ]
then
echo "Missing -d Domain option!"
exit 1
fi
mkdir /etc/certbot/live/$DOMAIN
/root/.acme.sh/acme.sh --issue -d $DOMAIN -w /srv/www/htdocs/ --cert-file /etc/certbot/live/$DOMAIN/cert.pem --key-file /etc/certbot/live/$DOMAIN/privkey.pem --fullchain-file /etc/certbot/live/$DOMAIN/fullchain.pem --accountemail $EMAIL
sed -i "/SSLCertificateFile/c\\\tSSLCertificateFile /etc/certbot/live/$DOMAIN/cert.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCertificateKeyFile/c\\\tSSLCertificateKeyFile /etc/certbot/live/$DOMAIN/privkey.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/SSLCACertificateFile/c\\\tSSLCACertificateFile /etc/certbot/live/$DOMAIN/fullchain.pem" /etc/apache2/vhosts.d/1111-default-ssl.conf
sed -i "/tlscertfile=/c\\tlscertfile=/etc/certbot/live/$DOMAIN/cert.pem" /etc/asterisk/http.conf
sed -i "/tlsprivatekey=/c\\tlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem" /etc/asterisk/http.conf
/usr/sbin/rasterisk -x 'module reload http'
/sbin/service apache2 restart
echo " If this is a telephony server you will need to modify the 'Web Socket URL'"
echo " field for this server under the Admin --> Servers section. It will need to be"
echo " changed to :"
echo " wss://$DOMAIN:8089/ws"
echo
echo " You will also need to modify the 'webRTC' template under the Admin --> Templates"
echo " section. You want to change the following options under the "
echo " 'Template Contents' :"
echo " dtlscertfile=/etc/certbot/live/$DOMAIN/cert.pem"
echo " dtlsprivatekey=/etc/certbot/live/$DOMAIN/privkey.pem"
Return to ViciBox Server Install and Demo
Users browsing this forum: No registered users and 22 guests