In my day job I recently needed to disconnect a web server system from Serverpilot. There is very little third party documentation on this, and the documentation from Server Pilot does not tell the whole story. One of the slightly hidden Gotchas of moving off Server Pilot is – as far as I can see – that once you disconnect from it, any domains using autorenewal/Letsencrypt will no longer be renewed as renewal appears to be initiated through Server Pilot. So a couple of things for future me or any one else dedicated enough to find this post.
To disconnect from Server Pilot (on the server side – this does not cancel the account) –
systemctl disable serverpilot-agent.service systemctl disable serverpilot-monitor.service systemctl disable serverpilot-stats.service systemctl mask serverpilot-agent.service systemctl mask serverpilot-monitor.service systemctl mask serverpilot-stats.service sudo apt-get remove sp-serverpilot-agent sp-serverpilot-stats
I then installed Certbot (this is on Ubuntu 16.04 – yes. That old. So much for Server Pilot actually keeping things up to date). I believe I used the command
snap install certbot --classic
I then went to work updating the 40 odd sites on this server. I wrote the below quick-and-very dirty script which made things a lot easier for me. PLEASE READ AND UNDERSTAND IT BEFORE ATTEMPTING TO USE IT, AND USE IT AT YOUR OWN RISK – this has not been heavily test – its little more then “just enough” to do my job.
#! /bin/bash # Usage: $0 /path/to/vhost/vhost.conf (eg /etc/nginx-sp/vhosts/vhosts.d/example.conf) OURIP=SERVER.IP.HERE DOCROOT=/`cat $1 | grep "root" | head -1 | cut -f2- -d"/" | cut -f1 -d';'` for each in `cat $1 | grep -oPz '(?s)server_name.*?\;' | grep -av ';' | grep -v "server_name" | sort| grep -v "internal.domain" | uniq ` do LOOKUPIP=`dig +short $each | tail -1` if [ "$OURIP." == "$LOOKUPIP." ] then domains+="$each " else echo "$each not here" fi done dlines='' for each in $domains do dlines+="-d $each " done FIRSTDOMAIN=`echo $domains | cut -f1 -d" " ` echo $FIRSTDOMAIN NEWFILE=./dg-$FIRSTDOMAIN.conf if [ $FIRSTDOMAIN. == "." ] then echo "No domains found. Exiting" exit fi certbot certonly --webroot -v -w $DOCROOT $dlines || exit echo "Checking Old Cert Expiry" curl https://$FIRSTDOMAIN -Iv 2>&1 | grep "expire date" echo "creating new version of config file at $NEWFILE" cat $1 | sed "s/ssl_certificate .*/ssl_certificate \t\/etc\/letsencrypt\/live\/$FIRSTDOMAIN\/fullchain\.pem\;/" | sed "s/ssl_certificate_key .*/ssl_certificate_key \t\/etc\/letsencrypt\/live\/$FIRSTDOMAIN\/privkey\.pem\;/" > $NEWFILE mv $1 /root/oldvhost mv $NEWFILE $1 /opt/sp/nginx/sbin/nginx -t && systemctl reload nginx-sp.service echo systemctl reload nginx-sp.service sleep 1 echo "Checking New Cert Expiry" curl https://$FIRSTDOMAIN -Iv 2>&1 | grep "expire date"