@@ -67,58 +67,103 @@ setup_letsencrypt () {
6767 if [ " ${LETSENCRYPT_CONFIG_ARCHIVE} " == " 1" ; then
6868 tar -C /etc -xvf ${ARCHIVES_DIR} /letsencrypt.tar
6969 sed --in-place " s/^Header edit Set-Cookie/# Header edit Set-Cookie/"
70- fi
70+ case ${DIST_ID} in
71+ Debian)
72+ case ${DIST_RELEASE} in
73+ 8.* )
74+ sed --in-place " s/^max-log-backups/# max-log-backups/"
75+ sed --in-place " s/^SSLOpenSSLConfCmd ECDHParameters/# SSLOpenSSLConfCmd ECDHParameters/"
76+ sed --in-place " s/^SSLOpenSSLConfCmd Curves/# SSLOpenSSLConfCmd Curves/"
77+ sed --in-place " s/^SSLSessionTickets/# SSLSessionTickets/"
78+ ;;
79+ * )
80+ ;;
81+ esac
82+ ;;
83+ * )
84+ ;;
85+ esac
7186
72- letsencrypt --authenticator webroot --webroot-path /var/www/html --installer apache --non-interactive --agree-tos --hsts --uir --email ${MY_EMAIL} --rsa-key-size ${MY_KEY_SIZE} -d ${MY_FQDN}
87+ letsencrypt --authenticator webroot --webroot-path /var/www/html --installer apache --non-interactive --agree-tos --hsts --uir --email ${MY_EMAIL} --rsa-key-size ${MY_KEY_SIZE} -d ${MY_FQDN}
7388
74- if [ " ${LETSENCRYPT_CONFIG_ARCHIVE} " == " 1" ; then
7589 sed --in-place " s/^# Header edit Set-Cookie/Header edit Set-Cookie/"
90+
91+ case ${DIST_ID} in
92+ Debian)
93+ ;;
94+ * )
95+ sed --in-place " s/# max-log-backups/max-log-backups/"
96+ sed --in-place " s/# SSLOpenSSLConfCmd ECDHParameters/SSLOpenSSLConfCmd ECDHParameters/"
97+ sed --in-place " s/# SSLOpenSSLConfCmd Curves/SSLOpenSSLConfCmd Curves/"
98+ sed --in-place " s/# SSLSessionTickets/SSLSessionTickets/"
99+ ;;
100+ esac
76101 else
102+ letsencrypt --authenticator webroot --webroot-path /var/www/html --installer apache --non-interactive --agree-tos --hsts --uir --email ${MY_EMAIL} --rsa-key-size ${MY_KEY_SIZE} -d ${MY_FQDN}
103+
77104 patch /etc/letsencrypt/options-ssl-apache.conf ${PATCH_DIR} /etc.letsencrypt.options-ssl-apache.conf.patch
78- fi
79105
80- case ${DIST_ID} in
81- Debian)
82- sed --in-place " s/^SSLOpenSSLConfCmd ECDHParameters/# SSLOpenSSLConfCmd ECDHParameters/"
83- sed --in-place " s/^SSLOpenSSLConfCmd Curves/# SSLOpenSSLConfCmd Curves/"
84- sed --in-place " s/^SSLSessionTickets/# SSLSessionTickets/"
85- ;;
86- * )
87- sed --in-place " s/# SSLOpenSSLConfCmd ECDHParameters/SSLOpenSSLConfCmd ECDHParameters/"
88- sed --in-place " s/# SSLOpenSSLConfCmd Curves/SSLOpenSSLConfCmd Curves/"
89- sed --in-place " s/# SSLSessionTickets/SSLSessionTickets/"
90- ;;
91- esac
106+ case ${DIST_ID} in
107+ Debian)
108+ case ${DIST_RELEASE} in
109+ 8.* )
110+ sed --in-place " s/^SSLOpenSSLConfCmd ECDHParameters/# SSLOpenSSLConfCmd ECDHParameters/"
111+ sed --in-place " s/^SSLOpenSSLConfCmd Curves/# SSLOpenSSLConfCmd Curves/"
112+ sed --in-place " s/^SSLSessionTickets/# SSLSessionTickets/"
113+ ;;
114+ * )
115+ ;;
116+ esac
117+ ;;
118+ * )
119+ ;;
120+ esac
121+
122+ echo " # This is an example of the kind of things you can do in a configuration file." > /etc/letsencrypt/cli.ini
123+ echo " # All flags used by the client can be configured here. Run Let's Encrypt with" >> /etc/letsencrypt/cli.ini
124+ echo " # " " to learn more about the available options." >> /etc/letsencrypt/cli.ini
125+ echo " " >> /etc/letsencrypt/cli.ini
126+ echo " # Use a 4096 bit RSA key instead of 2048" >> /etc/letsencrypt/cli.ini
127+ echo " rsa-key-size = ${MY_KEY_SIZE} " >> /etc/letsencrypt/cli.ini
128+ echo " " >> /etc/letsencrypt/cli.ini
129+ echo " # Uncomment and update to register with the specified e-mail address" >> /etc/letsencrypt/cli.ini
130+ echo " email = ${MY_EMAIL} " >> /etc/letsencrypt/cli.ini
131+ echo " " >> /etc/letsencrypt/cli.ini
132+ echo " # Uncomment and update to generate certificates for the specified" >> /etc/letsencrypt/cli.ini
133+ echo " # domains." >> /etc/letsencrypt/cli.ini
134+ echo " # domains = example.com, www.example.com" >> /etc/letsencrypt/cli.ini
135+ echo " " >> /etc/letsencrypt/cli.ini
136+ echo " # Uncomment to use a text interface instead of ncurses" >> /etc/letsencrypt/cli.ini
137+ echo " # text = True" >> /etc/letsencrypt/cli.ini
138+ echo " " >> /etc/letsencrypt/cli.ini
139+ echo " # Uncomment to use the standalone authenticator on port 443" >> /etc/letsencrypt/cli.ini
140+ echo " # authenticator = standalone" >> /etc/letsencrypt/cli.ini
141+ echo " # standalone-supported-challenges = tls-sni-01" >> /etc/letsencrypt/cli.ini
142+ echo " " >> /etc/letsencrypt/cli.ini
143+ echo " # Uncomment to use the webroot authenticator. Replace webroot-path with the" >> /etc/letsencrypt/cli.ini
144+ echo " # path to the public_html / webroot folder being served by your web server." >> /etc/letsencrypt/cli.ini
145+ echo " # authenticator = webroot" >> /etc/letsencrypt/cli.ini
146+ echo " # webroot-path = /usr/share/nginx/html" >> /etc/letsencrypt/cli.ini
147+ echo " " >> /etc/letsencrypt/cli.ini
148+ echo " # Because we are using logrotate for greater flexibility, disable the" >> /etc/letsencrypt/cli.ini
149+ echo " # internal certbot logrotation." >> /etc/letsencrypt/cli.ini
92150
93- echo " # This is an example of the kind of things you can do in a configuration file." > /etc/letsencrypt/cli.ini
94- echo " # All flags used by the client can be configured here. Run Let's Encrypt with" >> /etc/letsencrypt/cli.ini
95- echo " # " " to learn more about the available options." >> /etc/letsencrypt/cli.ini
96- echo " " >> /etc/letsencrypt/cli.ini
97- echo " # Use a 4096 bit RSA key instead of 2048" >> /etc/letsencrypt/cli.ini
98- echo " rsa-key-size = ${MY_KEY_SIZE} " >> /etc/letsencrypt/cli.ini
99- echo " " >> /etc/letsencrypt/cli.ini
100- echo " # Uncomment and update to register with the specified e-mail address" >> /etc/letsencrypt/cli.ini
101- echo " email = ${MY_EMAIL} " >> /etc/letsencrypt/cli.ini
102- echo " " >> /etc/letsencrypt/cli.ini
103- echo " # Uncomment and update to generate certificates for the specified" >> /etc/letsencrypt/cli.ini
104- echo " # domains." >> /etc/letsencrypt/cli.ini
105- echo " # domains = example.com, www.example.com" >> /etc/letsencrypt/cli.ini
106- echo " " >> /etc/letsencrypt/cli.ini
107- echo " # Uncomment to use a text interface instead of ncurses" >> /etc/letsencrypt/cli.ini
108- echo " # text = True" >> /etc/letsencrypt/cli.ini
109- echo " " >> /etc/letsencrypt/cli.ini
110- echo " # Uncomment to use the standalone authenticator on port 443" >> /etc/letsencrypt/cli.ini
111- echo " # authenticator = standalone" >> /etc/letsencrypt/cli.ini
112- echo " # standalone-supported-challenges = tls-sni-01" >> /etc/letsencrypt/cli.ini
113- echo " " >> /etc/letsencrypt/cli.ini
114- echo " # Uncomment to use the webroot authenticator. Replace webroot-path with the" >> /etc/letsencrypt/cli.ini
115- echo " # path to the public_html / webroot folder being served by your web server." >> /etc/letsencrypt/cli.ini
116- echo " # authenticator = webroot" >> /etc/letsencrypt/cli.ini
117- echo " # webroot-path = /usr/share/nginx/html" >> /etc/letsencrypt/cli.ini
118- echo " " >> /etc/letsencrypt/cli.ini
119- echo " # Because we are using logrotate for greater flexibility, disable the" >> /etc/letsencrypt/cli.ini
120- echo " # internal certbot logrotation." >> /etc/letsencrypt/cli.ini
121- echo " max-log-backups = 0" >> /etc/letsencrypt/cli.ini
151+ case ${DIST_ID} in
152+ Debian)
153+ case ${DIST_RELEASE} in
154+ 8.* )
155+ echo " # max-log-backups = 0" >> /etc/letsencrypt/cli.ini
156+ ;;
157+ * )
158+ echo " max-log-backups = 0" >> /etc/letsencrypt/cli.ini
159+ ;;
160+ esac
161+ ;;
162+ * )
163+ echo " max-log-backups = 0" >> /etc/letsencrypt/cli.ini
164+ ;;
165+ esac
166+ fi
122167
123168 patch /etc/apache2/conf-available/security.conf ${PATCH_DIR} /etc.apache2.conf-available.security.conf.patch
124169 patch /etc/apache2/conf-available/apache2-doc.conf ${PATCH_DIR} /etc.apache2.conf-available.apache2-doc.conf.patch
0 commit comments