Debian/Ubuntu/Mint/ETC Simple Letsencrypt Script


NB: This script only supports debian O/S, and debian based distributions (ubuntu etc).
The script requires systemctl and apt which is present in all newer distributions.

This script will probably not work as intended on Debian below v7 and Ubuntu below 14.

A while back I created a script that will:


  1. Check if Apache and/or Nginx is running, and if running stop them.
  2. Disable UFW (firewall).
  3. Flush iptables.
  4. Check if certbot is installed, and if not, install it.
  5. Check if certificate is located in the emby directory, and if found, delete it.
  6. Ask for your FQDN of your emby server.
  7. Create a new certificate that's valid for 90 days.
  8. Convert the certificate to PFX and copy it to your emby directory.
  9. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby).
  10. Re-enable UFW (firewall).
  11. Re-enable Apache and/or Nginx (if it was stopped).
  12. Restart the Emby system service.

After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission.
To do that, run the command: unzip embycert.zip && chmod +x embycert.sh


This script should be run every 3 months to keep your certificate up-to-date.
This script MUST be run as root with either SU or SUDO.

SUDO is not native in Debian, and I would recommend to run this script it as root.

NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service.


Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working.




