From 96be33fda0809457817021f5b21f69d68f3371f5 Mon Sep 17 00:00:00 2001 From: Kunal Aggarwal Date: Wed, 18 Jul 2018 16:49:13 +0100 Subject: [PATCH 1/2] Certbot on AWS EC2 does not support manual challenge tls-sni-01, causes the provision script to break, but can work without it. Removing the standalone challenge. --- extra/lib.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extra/lib.sh b/extra/lib.sh index 9dbeddca..2d2573b0 100755 --- a/extra/lib.sh +++ b/extra/lib.sh @@ -139,7 +139,11 @@ function letsencrypt_cert() { EOF sudo chmod +x /root/tmp/certbot.sh else - /usr/bin/certbot-auto certonly -n --agree-tos --standalone --standalone-supported-challenges tls-sni-01 -m "$__myemail" -d "$__mydomain" + if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; then + /usr/bin/certbot-auto certonly -n --agree-tos --standalone -m "$__myemail" -d "$__mydomain" + else + /usr/bin/certbot-auto certonly -n --agree-tos --standalone --standalone-supported-challenges tls-sni-01 -m "$__myemail" -d "$__mydomain" + fi sudo ln -s "/etc/letsencrypt/live/$__mydomain/fullchain.pem" "$1" || true sudo ln -s "/etc/letsencrypt/live/$__mydomain/privkey.pem" "$2" || true fi From 2a2a168734b5172c93bcef57df0dcdc519ff1c88 Mon Sep 17 00:00:00 2001 From: Kunal Aggarwal Date: Wed, 18 Jul 2018 16:49:13 +0100 Subject: [PATCH 2/2] Certbot on AWS EC2 does not support manual challenge tls-sni-01, causes the provision script to break, but can work without it. Removing the standalone challenge. --- extra/lib.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/extra/lib.sh b/extra/lib.sh index 9dbeddca..2d2573b0 100755 --- a/extra/lib.sh +++ b/extra/lib.sh @@ -139,7 +139,11 @@ function letsencrypt_cert() { EOF sudo chmod +x /root/tmp/certbot.sh else - /usr/bin/certbot-auto certonly -n --agree-tos --standalone --standalone-supported-challenges tls-sni-01 -m "$__myemail" -d "$__mydomain" + if [ -f /sys/hypervisor/uuid ] && [ `head -c 3 /sys/hypervisor/uuid` == ec2 ]; then + /usr/bin/certbot-auto certonly -n --agree-tos --standalone -m "$__myemail" -d "$__mydomain" + else + /usr/bin/certbot-auto certonly -n --agree-tos --standalone --standalone-supported-challenges tls-sni-01 -m "$__myemail" -d "$__mydomain" + fi sudo ln -s "/etc/letsencrypt/live/$__mydomain/fullchain.pem" "$1" || true sudo ln -s "/etc/letsencrypt/live/$__mydomain/privkey.pem" "$2" || true fi