Used primarily to set up the linode DNS and spin up a linode instance to run certbot or acme.sh to generate certificates for offline use.
For detailed instructions, check out the certbot docs
Define the necessary env vars for Terraform Cloud
cat >> config.auto.tfvars <<EOF
linode_token=
linode_region=
ssh_key=
domain=
email=
EOF
Spin up the infrastructure
git clone git@github.com:lackerman/linode-terraform.git
cd terraform/linode
make apply
ssh into the linode instance (ssh key should have been updated as part of the automation)
ssh root@${LINODE_IP}
Install certbot for generating offline/manual certificates. You can also use the linode plugin but acme (next step) is far simpler
sudo snap install core
sudo snap refresh core
sudo snap install --classic certbot
sudo certbot certonly --standalone
sudo apt-get update
sudo apt-get install socat
curl https://get.acme.sh | sh
source ~/.bashrc
acme.sh version
acme.sh --set-default-ca --server letsencrypt
DOMAIN="<-- replace example.com -->"
mkdir "${DOMAIN}"
export LINODE_V4_API_KEY="<-- https://cloud.linode.com/profile/tokens -->"
# Wildcard
acme.sh --issue --dns dns_linode_v4 --dnssleep 90 -d "${DOMAIN}" -d "*.${DOMAIN}"
# Single Cert
acme.sh --issue --dns dns_linode_v4 --dnssleep 90 -d "${DOMAIN}" -d "www.${DOMAIN}"
# Generate the pem files (run it as is)
acme.sh --install-cert --domain "${DOMAIN}" \
--key-file "${DOMAIN}/key.pem" \
--cert-file "${DOMAIN}/cert.pem" \
--fullchain-file "${DOMAIN}/fullchain.pem"
cd roles/automation/files/
rsync -auv root@${LINODE_IP}:/etc/letsencrypt/archive/* traefik/