I try to search it on the internet but found nothing. I want to install Let's Encrypt SSL cert via bash script. I will run below command in the bash script:
certbot --nginx -d $sitename -d www.$sitename
and it will prompt below questions,
enter e-mail address (used for......):
Please read terms of....... (A)gree/(C)ancel:
(Y)es/(N)o:
How can I automate above prompts in bash script?
sitename="example.com"
certbot --nginx -d "$sitename" -d "www.$sitename" -m foo#example.com --agree-tos -n
See: certbot --help
Related
I'm trying to run a script on a remote server with either password credentials or .pem key access and I'm getting errors no matter which solution I've found etc.
bash script content:
#!/bin/bash
sudo fdisk -l
ssh -T -i "~/.ssh/keys/key.pem" ubuntu#host "sudo bash <(wget -qO- http://host.com/do.sh)"
Error: bash: /dev/fd/63: No such file or director
ssh user#host.com 'echo "password" | sudo bash <(wget -qO- http://www.host.io/do.sh)'
Error: sudo: a password is required
ssh -t user#host.com "echo password | sudo fdisk -l"
Works but still gives me the password propmt
echo -t pass | ssh user#host "sudo bash <(wget -qO- http://host.com/do.sh)"
echo -tt pass | ssh user#host "sudo bash <(wget -qO- http://host.com/do.sh)"
Error: bash: /dev/fd/63: No such file or directory
// And I also get the password prompt
echo -tT pass | ssh user#host "sudo bash <(wget -qO- http://host.com/do.sh)"
Error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
sudo: a password is required
// And I also get the password prompt
// This works but I still get the password propmt
ssh user#host 'echo "password" | sudo -S sudo fdisk -l'
These are different variations of the supposed solutions from other places.
What I'm trying to do:
Is to run a script from a URL on the remote server while echoing the password to the cmd so I don't get propmt to input the password manually.
To be able to do the same thing above with using the .pem key variant also
For an explanation for commands except the first one, You can't do stdin-redirect a password to ssh if ssh requires interactively. ssh only allows manual typing if you use a password.
Your first error said that bash can't read a file descriptor. So ssh via ~/.ssh/keys/key.pem works. To run the shell command on the fly,
ssh -T -i "~/.ssh/keys/key.pem" ubuntu#host "curl -fsSL http://host.com/do.sh | sudo bash"
Does your script really need to run with sudo??
If not, then try this:
ssh user#host "curl -s -o do.sh 'http://host.com/do.sh'; source do.sh"
At my work,
the current method of downloading custom git pre-commit hooks (from a bitbucket repo) uses curl in a bash script as shown :
where $USERNAME, $PASSWORD and $build_support_url are previously assigned.
...<some code>...
# Download templates from http://swbuilds to home dir
echo "Downloading pre-commit.pl hook"
curl -u $USERNAME:$PASSWORD --fail --show-error --silent --output ~/.git_template/hooks/pre-commit $build_support_url/pre-commit.pl
echo "Downloading prepare-commit-msg.py hook"
curl -u $USERNAME:$PASSWORD --fail --show-error --silent --output ~/.git_template/hooks/prepare-commit-msg $build_support_url/prepare-commit-msg.py
echo "Downloading commit-msg.py hook"
curl -u $USERNAME:$PASSWORD --fail --show-error --silent --output ~/.git_template/hooks/commit-msg $build_support_url/commit-msg.py
# Force the execute bit to be set
chmod a+x ~/.git_template/hooks/*
# Also download the customer list used by the pre-commit hook
echo "Downloading customer list"
curl -u $USERNAME:$PASSWORD --fail --show-error --silent --output ~/.git_template/customer_list.txt $build_support_url/customer_list.txt
# Configure Git templates
git config --global init.templatedir '~/.git_template'
...<some more code>...
This downloads the pre-commit hooks from the link $build_support_url/pre-commit.pl and places them in the ~/.git_template folder.
However, since this process is using curl withHTTPS, the script will require a password everytime it is run.
To avoid that hassle, I am told to edit the script so that, it uses SSH to download the files (which doesn't require a password).
Any suggestions on how to use SSH in this script to obtain those files?
Thanks.
PS: I have a crude idea of backend and API (and only know the basic HTTP requests like GET and POST. Hope that gives a little more context to the situation).
You can store your credentials in ~/.netrc file so curl uses them as explained here.
The solution was just to use the 'git archive' command instead of curl
I am not using certbot, only letsencrypt command, and this other question/answer is so complex to something so simple: use --expand in a letsencrypt command.
The question here: how to use --expand, what the correct syntax? there are no example in the guide.
Supposing that domain1 is the main domain, and domain2 and domain3 was created with the initial command, letsencrypt --apache -d domanin1 -d www.domanin1 -d wiki.domanin1 -d domanin2 -d www.domanin2 -d domanin3
... What the correct syntax to add a domain4? 1, 2 ... or 5?
letsencrypt --apache --expand domanin4
letsencrypt --apache --expand -d domanin4
letsencrypt --expand -d domanin4
letsencrypt --apache --expand -d domanin1 -d domanin4
letsencrypt --apache --expand -d domanin1 -d www.domanin1 -d wiki.domanin1 -d domanin2 -d www.domanin2 -d domanin3 -d domain4
PS: need to repeat all domains and subdomains in the expansion?
This question will have no answer... Because letsencrypt is no longer developed (!), if you using: you using something junk.
certbot is the more recent version of letsencrypt (there was a change of name)
(see community.letsencrypt.org/24474)
So, the remain question is "how to do an --expand equivalent with certbot?" Because:
--expand is a certbot option that we haven't implemented/don't support. (...) However, we have a --hooks option which has similar functionality.
(see letsencrypt-cli/issues)
So, as the question request, simplest certbot --hooks command to expand certificate?
PS: somebody say that it is impossible!
I use curl to open with username and password router
curl http://192.168.1.1 --user admin:admin |grep -i "stats"
But when I made this code to use curl from bash script I have problem to read server and password from file `LINKS_FILE="server"
PASS="passwd"
for link in `cat "$LINKS_FILE"`
do
for pass in `cat "$PASS"`
do
res=$(curl -m 1 "http://${link}:8080" --user admin:${pass} )
if echo $res | grep -i "stats"; then `
I have the following script working very well when I ssh into my dd-wrt router and issue the command
/opt/bin/curl --url "smtps://smtp.gmail.com:465" --ssl-reqd --mail-from "username#gmail.com" --mail-rcpt "username#gmail.com" --upload-file /mnt/mail.txt --user "username#gmail.com:password" --insecure
but when I issue the same commands via GUI; Administration/commands then the same script doesn't work.
any working solution will be a great help, thanks
Log in into the machine and type the command:
which sh
Put this value as a first line, preceding it with th #! characters, like
#!/bin/sh
What is your shell version? Look carefully at the first lines after you connected via ssh to your router. It's similar to:
BusyBox v1.15.3 (2011-11-24 00:44:20 CET) built-in shell (ash)
Enter 'help' for a list of built-in commands.
You may want to log the output of the command for debug purposes:
#!/bin/sh
/opt/bin/curl --url "smtps://smtp.gmail.com:465" --ssl-reqd --mail-from "username#gmail.com" --mail-rcpt "username#gmail.com" --upload-file /mnt/mail.txt --user "username#gmail.com:password" --insecure 2>&1 | logger -t $0
It will log the output using syslog facility. If it happens you have no syslog installed, you can log the output to a file:
#!/bin/sh
/opt/bin/curl --url "smtps://smtp.gmail.com:465" --ssl-reqd --mail-from "username#gmail.com" --mail-rcpt "username#gmail.com" --upload-file /mnt/mail.txt --user "username#gmail.com:password" --insecure >> /tmp/mylogfile 2>&1
Also, make sure, the script has an executable attribute set:
chmod a+rx /path/to/your/script