How to create a shell script to Install Let’s Encrypt SSL

Let’s Encrypt provides free SSL certificates for securing websites. Automating the installation of these certificates can save time and ensure your sites are always secure. This tutorial will guide you through creating a script to install Let’s Encrypt SSL certificates on a server.

Prerequisites

1. A server running a Unix-based operating system (e.g., Ubuntu, Debian, CentOS).
2. Root or sudo access to the server.
3. A domain name pointing to your server.

Step 1: Install Certbot

Certbot is the official Let’s Encrypt client that automates the installation of SSL certificates.

1. Update your package list:

   sudo apt update

2. Install Certbot and the required web server plugin: For Apache:

   sudo apt install certbot python3-certbot-apache

For Nginx:

   sudo apt install certbot python3-certbot-nginx

Step 2: Create the Installation Script

1. Open your text editor:

   sudo nano /usr/local/bin/install-letsencrypt.sh

2. Add the following script to the file:

   #!/bin/bash

   DOMAIN=$1
   EMAIL=$2

   if [ -z "$DOMAIN" ] || [ -z "$EMAIL" ]; then
     echo "Usage: $0 domain email"
     exit 1
   fi

   # Install Certbot if not installed
   if ! command -v certbot &> /dev/null; then
     echo "Certbot not found, installing..."
     sudo apt update
     sudo apt install certbot -y
   fi

   # Install web server plugins if not installed
   if command -v apache2 &> /dev/null; then
     if ! dpkg -l | grep -q python3-certbot-apache; then
       sudo apt install python3-certbot-apache -y
     fi
     WEB_SERVER="apache"
   elif command -v nginx &> /dev/null; then
     if ! dpkg -l | grep -q python3-certbot-nginx; then
       sudo apt install python3-certbot-nginx -y
     fi
     WEB_SERVER="nginx"
   else
     echo "No supported web server found. Install Apache or Nginx."
     exit 1
   fi

   # Obtain SSL certificate
   echo "Obtaining SSL certificate for $DOMAIN..."
   sudo certbot --$WEB_SERVER -d $DOMAIN --non-interactive --agree-tos -m $EMAIL

   # Set up automatic renewal
   echo "Setting up automatic renewal..."
   sudo systemctl enable certbot.timer
   sudo systemctl start certbot.timer

   echo "SSL certificate installation and renewal setup complete for $DOMAIN."

3. Save and close the file: Press CTRL + X, then Y, and ENTER.
4. Make the script executable:

   sudo chmod +x /usr/local/bin/install-letsencrypt.sh

Step 3: Run the Script

Use the script to install Let’s Encrypt SSL for your domain:

sudo /usr/local/bin/install-letsencrypt.sh yourdomain.com youremail@example.com

Replace yourdomain.com with your actual domain and youremail@example.com with your email address.

Step 4: Verify the Installation

1. Check that Certbot has obtained a certificate:

   sudo certbot certificates

2. Verify that your web server is using the new certificate: Open your website in a browser and check for the secure padlock icon in the address bar.

Step 5: Automatic renewal

The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

The command to renew certbot is installed in one of the following locations:

• /etc/crontab/
• /etc/cron.*/*
• systemctl list-timers

If you see this message Congratulations, all simulated renewals succeeded the cerbot auto-renew is enabled.

Conclusion

You’ve now created a script to automate the installation of Let’s Encrypt SSL certificates. This will help ensure your website remains secure without manual intervention.