Migrating off serverpilot.io

In my day job I recently needed to disconnect a web server system from Serverpilot. There is very little third party documentation on this, and the documentation from Server Pilot does not tell the whole story. One of the slightly hidden Gotchas of moving off Server Pilot is – as far as I can see – that once you disconnect from it, any domains using autorenewal/Letsencrypt will no longer be renewed as renewal appears to be initiated through Server Pilot. So a couple of things for future me or any one else dedicated enough to find this post.

To disconnect from Server Pilot (on the server side – this does not cancel the account) –

systemctl disable serverpilot-agent.service 
systemctl disable serverpilot-monitor.service 
systemctl disable serverpilot-stats.service

systemctl mask serverpilot-agent.service
systemctl mask serverpilot-monitor.service
systemctl mask serverpilot-stats.service

sudo apt-get remove sp-serverpilot-agent sp-serverpilot-stats

I then installed Certbot (this is on Ubuntu 16.04 – yes. That old. So much for Server Pilot actually keeping things up to date). I believe I used the command

snap install certbot --classic

I then went to work updating the 40 odd sites on this server. I wrote the below quick-and-very dirty script which made things a lot easier for me. PLEASE READ AND UNDERSTAND IT BEFORE ATTEMPTING TO USE IT, AND USE IT AT YOUR OWN RISK – this has not been heavily test – its little more then “just enough” to do my job.

#! /bin/bash
# Usage: $0 /path/to/vhost/vhost.conf  (eg /etc/nginx-sp/vhosts/vhosts.d/example.conf)


DOCROOT=/`cat $1 | grep "root" | head -1 | cut -f2- -d"/" | cut -f1 -d';'`

for each in `cat $1 | grep -oPz '(?s)server_name.*?\;'  | grep -av ';' | grep -v "server_name" | sort| grep -v "internal.domain" | uniq `

	LOOKUPIP=`dig +short $each | tail -1`

	if [ "$OURIP." == "$LOOKUPIP." ]
		domains+="$each "
		echo "$each not here"

for each in $domains
	dlines+="-d $each "

FIRSTDOMAIN=`echo $domains | cut -f1 -d" " `

if [ $FIRSTDOMAIN. == "." ]
	echo "No domains found.  Exiting"

certbot certonly --webroot -v -w $DOCROOT $dlines || exit

echo "Checking Old Cert Expiry"
curl https://$FIRSTDOMAIN -Iv 2>&1 | grep "expire date"

echo "creating new version of config file at $NEWFILE"
cat $1 | sed  "s/ssl_certificate .*/ssl_certificate \t\/etc\/letsencrypt\/live\/$FIRSTDOMAIN\/fullchain\.pem\;/" | sed  "s/ssl_certificate_key .*/ssl_certificate_key \t\/etc\/letsencrypt\/live\/$FIRSTDOMAIN\/privkey\.pem\;/" > $NEWFILE

mv $1 /root/oldvhost
mv $NEWFILE $1

/opt/sp/nginx/sbin/nginx -t && systemctl reload nginx-sp.service
echo  systemctl reload nginx-sp.service
sleep 1

echo "Checking New Cert Expiry"
curl https://$FIRSTDOMAIN -Iv 2>&1 | grep "expire date"

Leave a Comment