diff options
| author | crupest <crupest@outlook.com> | 2022-11-21 11:11:07 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2022-11-21 11:13:11 +0800 |
| commit | 0f8f5d3ad0506e0629e08492ed49eb845fd3cc35 (patch) | |
| tree | fcd1bb259a2d432dab43f74a0c65c919994c7a3d /docker/auto-certbot/daemon.bash | |
| parent | fbc8c4e6e0e4bf52c3c954895e388c914bd04aa8 (diff) | |
| download | crupest-0f8f5d3ad0506e0629e08492ed49eb845fd3cc35.tar.gz crupest-0f8f5d3ad0506e0629e08492ed49eb845fd3cc35.tar.bz2 crupest-0f8f5d3ad0506e0629e08492ed49eb845fd3cc35.zip | |
Try to fix timeline. Add auto-certbot.
Diffstat (limited to 'docker/auto-certbot/daemon.bash')
| -rwxr-xr-x[-rw-r--r--] | docker/auto-certbot/daemon.bash | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash index e69de29..8927c4a 100644..100755 --- a/docker/auto-certbot/daemon.bash +++ b/docker/auto-certbot/daemon.bash @@ -0,0 +1,62 @@ +#!/usr/bin/env bash + +# Check I'm root. +if [[ $EUID -ne 0 ]]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +# Check CRUPEST_CERTBOT_RENEW_COMMAND is defined. +if [ -z "$CRUPEST_CERTBOT_RENEW_COMMAND" ]; then + echo "CRUPEST_CERTBOT_RENEW_COMMAND must be defined." + exit 1 +fi + +# Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem +if [ -z "$CRUPEST_CERT_PATH" ]; then + CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem" +fi + +function check_and_renew_cert() { + expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH") + + # Get ssl certificate expire date. + expire_date=$(echo "$expire_info" | cut -d= -f2) + + echo "SSL certificate expire date: $expire_date" + + # Convert expire date to UNIX timestamp. + expire_timestamp="$(date -d "$expire_date" +%s)" + + # Minus expire timestamp with 30 days in UNIX timestamp. + renew_timestamp="$((expire_timestamp - 2592000))" + echo "Renew SSL certificate at: $(date -d @$renew_timestamp)" + + # Get rest time til renew. + rest_time="$((renew_timestamp - $(date +%s)))" + echo "Rest time til renew: $rest_time seconds" + + # Do we have rest time? + if [ "$rest_time" -gt 0 ]; then + # Check CRUPEST_GREEDY_CHECK is defined. + if [ -z "$CRUPEST_GREEDY_CHECK" ]; then + # Sleep til renew. + echo "Sleeping til renew..." + sleep "$rest_time" + else + # Sleep 1 hour. + echo "Seems like CRUPEST_GREEDY_CHECK is defined, sleep 1 day and check again..." + sleep 86400 + fi + else + # No, renew now. + echo "Renewing now..." + # Run CRUPEST_CERTBOT_RENEW_COMMAND + $CRUPEST_CERTBOT_RENEW_COMMAND + fi +} + +# Run check_and_renew_cert in infinate loop. +while true; do + check_and_renew_cert +done |