btcpay, electrs: add certbot renew service daily

BTCPayServer/btcpay_to_blitz.sh

@@ -4,33 +4,77 @@
 # to download and run: 
 # wget https://raw.githubusercontent.com/openoms/bitcoin-tutorials/master/BTCPayServer/btcpay_to_blitz.sh && bash btcpay_to_blitz.sh
 
-# requirements
+#file="/etc/nginx/nginx.conf"
-
+#if [ -f "$file" ]
-file="/etc/nginx/nginx.conf"
+#then
-if [ -f "$file" ]
+#  echo "$file found."
-then
+#  echo "There is an existing Nginx configuration which might fail if the setup continues"
-  echo "$file found."
+#  echo "Press CRTL+C to abort or any key to continue"
-  echo "There is an existing Nginx configuration which might fail if the setup continues"
+#  read key
-  echo "Press CRTL+C to abort or any key to continue"
+#fi
-  read key
-fi
 
 #use `sudo apt purge nginx-common certbot` to clean configuration
 
 echo ""
 echo "***"
-echo "Please confirm that the port 80, 443 and 9735 are forwarded to the IP of the RaspiBlitz by pressing [ENTER]" 
+echo "Confirm that the port 80, 443 and 9735 are forwarded to the IP of the RaspiBlitz by pressing [ENTER]" 
 read key
 
 echo ""
 echo "***"
-echo "Please type the domain/ddns you want to use for BTCPayServer followed by [ENTER]"
+echo "Type the domain/ddns you want to use for BTCPayServer and press [ENTER]"
 read YOUR_DOMAIN
 
+echo ""
+echo "***"
+echo "Type an email address that will be used to register the SSL certificate and press [ENTER]"
+read YOUR_EMAIL
+
+# install nginx
 sudo apt-get install nginx-full certbot -y
 
 # get SSL cert
-sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
+sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
+
+echo ""
+echo "***"
+echo "Setting up certbot-auto renewal service"
+echo "***"
+echo ""
+
+sudo rm -f /etc/systemd/system/certbot.timer
+echo "
+[Unit]
+Description=Certbot-auto renewal service
+
+[Timer]
+OnBootSec=20min
+OnCalendar=*-*-* 4:00:00
+
+[Install]
+WantedBy=timers.target
+" | sudo tee -a /etc/systemd/system/certbot.timer
+
+sudo rm -f /etc/systemd/system/certbot.service
+echo "
+[Unit]
+Description=Certbot-auto renewal service
+After=bitcoind.service
+
+[Service]
+WorkingDirectory=/home/admin/
+ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\"
+
+User=admin
+Group=admin
+Type=simple
+KillMode=process
+TimeoutSec=60
+Restart=always
+RestartSec=60
+" | sudo tee -a /etc/systemd/system/certbot.service
+
+sudo systemctl enable certbot.timer
 
 # cleanup possible residual files from previous installs
 
@@ -131,7 +175,7 @@ Requires=btcpayserver.service
 After=nbxplorer.service
 
 [Service]
-ExecStart=/usr/local/bin/dotnet run --no-launch-profile --no-build -c Release -p "/home/admin/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- \$@
+ExecStart=/usr/local/bin/dotnet run --no-launch-profile --no-build -c Release -p \"/home/admin/btcpayserver/BTCPayServer/BTCPayServer.csproj\" -- \$@
 User=admin
 Group=admin
 Type=simple

electrs/2_electrs_systemd_service.sh

@@ -16,7 +16,7 @@ After=bitcoind.service
 
 [Service]
 WorkingDirectory=/home/electrs/electrs
-ExecStart=/home/electrs/electrs/target/release/electrs --index-batch-size=10 --electrum-rpc-addr="0.0.0.0:50001"
+ExecStart=/home/electrs/electrs/target/release/electrs --index-batch-size=10 --electrum-rpc-addr=\"0.0.0.0:50001\"
 User=electrs
 Group=electrs
 Type=simple

electrs/3_Nginx_and_Certbot_for_SSL.sh

@@ -12,9 +12,14 @@
 
 echo ""
 echo "***"
-echo "Please type the domain/dynamicDNS you want to use for Electrs followed by [ENTER]"
+echo "Please type the domain/dynamicDNS you want to use for Electrs and press [ENTER]"
 read YOUR_DOMAIN
 
+echo ""
+echo "***"
+echo "Please type an email that will be used to register the SSL certificate and press [ENTER]"
+read YOUR_EMAIL
+
 echo ""
 echo "***"
 echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]" 
@@ -47,7 +52,8 @@ echo ""
 
 sudo apt install -y certbot
 # get SSL cert
-sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
+sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
+
 
 # Your certificate and chain have been saved at:
 # /etc/letsencrypt/live/$YOUR_DOMAIN/fullchain.pem
@@ -67,7 +73,6 @@ Description=Certbot-auto renewal service
 [Timer]
 OnBootSec=20min
 OnCalendar=*-*-* 4:00:00
-OnCalendar=*-*-* 16:00:00 
 
 [Install]
 WantedBy=timers.target
@@ -80,7 +85,7 @@ After=bitcoind.service
 
 [Service]
 WorkingDirectory=/home/admin/
-ExecStart=/home/admin/certbot-auto renew
+ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\"
 
 User=admin
 Group=admin

nginx/bonus.SSL_for_RTL.sh

@@ -8,43 +8,31 @@
 # Forward port 3002 to be able to access RTL from outside of your LAN
 
 # https://www.raspberrypi.org/documentation/remote-access/web-server/nginx.md
-echo ""
-echo "***"
-echo "installing Nginx"
-echo "***"
-echo ""
-
-sudo apt-get install -y nginx
-sudo /etc/init.d/nginx start
 
 echo ""
 echo "***"
 echo "Please confirm that the port 80 is forwarded to the IP of the RaspiBlitz by pressing [ENTER]" 
 read key
 
+echo ""
+echo "***"
+echo "Please type the domain/ddns you have generated the certificate for followed by [ENTER]"
+read YOUR_DOMAIN
+
+echo ""
+echo "***"
+echo "Type an email address that will be used to register the SSL certificate and press [ENTER]"
+read YOUR_EMAIL
+
+echo "installing Nginx and certbot"
+sudo apt-get install -y nginx-full certbot
+sudo /etc/init.d/nginx start
+
 echo "allow port 80 on ufw"
 sudo ufw allow 80
 
-# https://certbot.eff.org/lets-encrypt/debianother-nginx
-echo ""
-echo "***"
-echo "Installing certbot"
-echo " you will be asked for and email address and your domain name - a dynamic DNS can be used"
-echo " give a 4-11 character password and press [ENTER] to save default options for the certificate"
-echo "***"
-echo ""
-
-# wget https://dl.eff.org/certbot-auto
-# chmod +x certbot-auto
-# sudo ./certbot-auto --nginx
-sudo apt install -y certbot
 # get SSL cert
-sudo certbot certonly --authenticator standalone -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
+sudo certbot certonly -a standalone -m $YOUR_EMAIL --agree-tos -d $YOUR_DOMAIN --pre-hook "service nginx stop" --post-hook "service nginx start"
-
-# Your certificate and chain have been saved at:
-# /etc/letsencrypt/live/$YOUR_DOMAIN/fullchain.pem
-# Your key file has been saved at:
-# /etc/letsencrypt/live/$YOUR_DOMAIN/privkey.pem
 
 echo ""
 echo "***"
@@ -52,6 +40,7 @@ echo "Setting up certbot-auto renewal service"
 echo "***"
 echo ""
 
+sudo rm -f /etc/systemd/system/certbot.timer
 echo "
 [Unit]
 Description=Certbot-auto renewal service
@@ -59,20 +48,20 @@ Description=Certbot-auto renewal service
 [Timer]
 OnBootSec=20min
 OnCalendar=*-*-* 4:00:00
-OnCalendar=*-*-* 16:00:00 
 
 [Install]
 WantedBy=timers.target
 " | sudo tee -a /etc/systemd/system/certbot.timer
 
+sudo rm -f /etc/systemd/system/certbot.service
 echo "
 [Unit]
-Description=certbot-auto renew timer
+Description=Certbot-auto renewal service
 After=bitcoind.service
 
 [Service]
 WorkingDirectory=/home/admin/
-ExecStart=/home/admin/certbot-auto renew
+ExecStart=sudo certbot renew --pre-hook \"service nginx stop\" --post-hook \"service nginx start\"
 
 User=admin
 Group=admin
@@ -85,10 +74,6 @@ RestartSec=60
 
 sudo systemctl enable certbot.timer
 
-echo ""
-echo "***"
-echo "Please type the domain/ddns you have generated the certificate for followed by [ENTER]"
-read YOUR_DOMAIN
 
 echo "Setting up nginx.conf"
 echo "***"