Debian/Ubuntu/Mint/ETC Simple Letsencrypt Script

[Cthalpa 10]

NB: This script only supports debian O/S, and debian based distributions (ubuntu etc).
The script requires systemctl and apt which is present in all newer distributions.
This script will probably not work as intended on Debian below v7 and Ubuntu below 14.
 

A while back I created a script that will:

 

1. Check if Apache and/or Nginx is running, and if running stop them.
2. Disable UFW (firewall).
3. Flush iptables.
4. Check if certbot is installed, and if not, install it.
5. Check if certificate is located in the emby directory, and if found, delete it.
6. Ask for your FQDN of your emby server.
7. Create a new certificate that's valid for 90 days.
8. Convert the certificate to PFX and copy it to your emby directory.
9. Ask for your emby group and user and change permissions of the PFX to the specified user (default is emby).
10. Re-enable UFW (firewall).
11. Re-enable Apache and/or Nginx (if it was stopped).
12. Restart the Emby system service.

After you have downloaded and placed the script on your server, you must unzip it and give the script execution permission.
To do that, run the command: unzip embycert.zip && chmod +x embycert.sh

 

This script should be run every 3 months to keep your certificate up-to-date.
This script MUST be run as root with either SU or SUDO.
SUDO is not native in Debian, and I would recommend to run this script it as root.
 

NB: After installation, you must define the path to the certificate (under Network tab) which is: /var/lib/emby/emby.pfx and then again manually restart the emby server system service.

 

Remember, if the FQDN is not typed correctly, the installation will fail, so be sure to spell it correctly, and make sure that the A record is valid and working.

 

 

embycert.sh

Edited July 10, 2020 by Cthalpa

[Luke 37008]

Thanks for sharing !

[Cthalpa 10]

Last updated today

 

Edited July 9, 2020 by Cthalpa

[NuevaConexion 0]

greetings, it does not work gives an error in ubuntu 20.04

[Luke 37008]

5 minutes ago, NuevaConexion said:

greetings, it does not work gives an error in ubuntu 20.04

Hi, what error?

[Cthalpa 10]

On 7/1/2022 at 3:50 AM, NuevaConexion said:

greetings, it does not work gives an error in ubuntu 20.04

I have tested the script in ubuntu 18 to 22, as well as debian 8-13 and it works.
Have you solved the problem?

[treason 11]

Thanks for this script.

My ISP blocks port 80. Is there a way to use a non default port for lets encrypt valdation?

[Oratorian 9]

On 12/15/2022 at 2:02 PM, treason said:

Thanks for this script.

My ISP blocks port 80. Is there a way to use a non default port for lets encrypt valdation?

Do you have access to the domains nameserver to create nameserver records?

If yes you could DNS-01 authentication which would only needs you to prove ownership of the domain by creating a special TXT record.

More info here ->  https://jmorahan.net/articles/lets-encrypt-without-port-80/

Client thats supports DNS-01 for windows : A simple Windows ACMEv2 client (WACS) This is a walkthrough client where you just have to answer questions. Very simple to use.
For linux this can be done with certbot :

certbot -d example.com --manual --preferred-challenges dns certonly

Edited December 21, 2022 by Oratorian

[JuJuJurassic 28]

This script is absolutely brilliant, it worked perfectly. All I had to do was the DNS side and allow 443 to my emby server and it's running perfectly

Thank you SO MUCH.

After running it you need to convert the certificate to a 12 certificate, the command to do that is;

openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out pkcs12.pfx -certfile chain.pem

I had a little permissions issue, but I suspect that was my fault

to test it run;

sudo certbot renew --dry-run

Brilliant. Thank you so much and have a great evening