# Overview

Script to automate management of letsencrypt SSL certificates, supporting wildcard certs.

# Requirements
- [certbot](https://certbot.eff.org/)


# Features

- Generation and renewal of SSL certificates using certbot
- Handles DNS challenges
- Supports wildcard certificates
- Supports "silent master" DNS architectures
- Pushes generated/renewed certificates out to web servers

# Usage

    # Generate configuration and scripts in ~/.lehook/
    bash$ ./lehook.sh  -i
    Creating config in /Users/rob/.lehook...
    Creating hardlinks in /Users/rob/.lehook...
    Init complete.  Files are in /Users/rob/.lehook.
    Main binary in /usr/local/bin/lehook.sh.

    # Usage
    bash$ ./lehook.sh  -h
    usage:  ./lehook.sh OPTIONS mode [domain1] ... [domainX]
           Pushes wildcard SSL certs for the given domains to hosts [default:  example.net].

           mode is one of:  deploy|renew|generate|test

          -A          In generate/renew modes, Also deploy certs if needed
          -c          Cron mode - only output if something is done.
          -f          Push out certs even if they haven't changed.
          -i          Iniitalise new config file in /Users/rpearce/.lehook/config
          -r remotes  Only push certs to the given remotes [default: webserver1 webserver2.example.org webserver3.example.net]
          -s services Only restart the given services [default: nginx httpd ngircd dovecot postfix]
          -d domain   Only push cert for given domain [default:  example.net].
          -q          Quiet mode - no output except errors
          -v          Verbose mode - show certbot output
          -h          Show this text.