diff options
| author | crupest <crupest@outlook.com> | 2022-11-25 14:12:26 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2022-11-25 14:12:26 +0800 |
| commit | 4d0425a017dd1d9436cef21bea2643f9e3da55aa (patch) | |
| tree | d65f872e549f9a4828462909926b361c23e0563e /docker/auto-certbot/daemon.bash | |
| parent | 1915ea9f72e8805d552ea013d187c847d8d500d1 (diff) | |
| download | crupest-4d0425a017dd1d9436cef21bea2643f9e3da55aa.tar.gz crupest-4d0425a017dd1d9436cef21bea2643f9e3da55aa.tar.bz2 crupest-4d0425a017dd1d9436cef21bea2643f9e3da55aa.zip | |
Make certbot better.
Diffstat (limited to 'docker/auto-certbot/daemon.bash')
| -rwxr-xr-x | docker/auto-certbot/daemon.bash | 56 |
1 files changed, 43 insertions, 13 deletions
diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash index 0311161..8ec78c0 100755 --- a/docker/auto-certbot/daemon.bash +++ b/docker/auto-certbot/daemon.bash @@ -11,13 +11,16 @@ fi # Check certbot version. certbot --version -# Check CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined. -if [ -z "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then - echo "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is not defined or empty" - CRUPEST_AUTO_CERTBOT_RENEW_COMMAND="certbot renew -n --webroot -w /var/www/certbot" - printf "Will use:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" -else - printf "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" +# Check domain +if [[ -z "$CRUPEST_DOMAIN" ]]; then + echo "CRUPEST_DOMAIN can't be empty!" 1>&2 + exit 1 +fi + +# Check email +if [[ -z "$CRUPEST_EMAIL" ]]; then + echo "CRUPEST_EMAIL can't be empty!" 1>&2 + exit 2 fi # Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem @@ -27,10 +30,36 @@ fi # Check CRUPEST_CERT_PATH exists. if [ ! -f "$CRUPEST_CERT_PATH" ]; then - echo "Cert file does not exist" - exit 1 + echo "Cert file does not exist. You may want to generate it manually with aio script." 1>&2 + exit 3 fi +echo "Root domain:" "$CRUPEST_DOMAIN" +echo "Email:" "$CRUPEST_EMAIL" +echo "Cert path: ${CRUPEST_CERT_PATH}" + +# Check CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined. +if [ -z "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then + echo "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is not defined or empty. Will use the default one." +else + printf "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" +fi + +mapfile -t domains <<< "$(./get-cert-domains.py "${CRUPEST_CERT_PATH}")" + +for domain in "${domains[@]}"; do + domain_options=("${domain_options[@]}" -d "$domain") +done + +options=("${domain_options[@]}") +if [ -n "$CRUPEST_AUTO_CERTBOT_POST_HOOK" ]; then + printf "You have defined a post hook:\n%s\n" "$CRUPEST_AUTO_CERTBOT_POST_HOOK" + options=("${options[@]}" --post-hook "$CRUPEST_AUTO_CERTBOT_POST_HOOK") +fi + +# Use test server to test. +certbot certonly -n --agree-tos --test-cert --dry-run -m "$CRUPEST_EMAIL" --webroot -w /var/www/certbot "${options[@]}" + function check_and_renew_cert { expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH") @@ -59,11 +88,12 @@ function check_and_renew_cert { else # No, renew now. echo "Renewing now..." - # Run CRUPEST_AUTO_CERTBOT_RENEW_COMMAND - if [ -n "$CRUPEST_AUTO_CERTBOT_POST_HOOK" ]; then - $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND --post-hook "$CRUPEST_AUTO_CERTBOT_POST_HOOK" - else + + if [ -n "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND + else + + certbot renew -n --agree-tos -m "$CRUPEST_EMAIL" --webroot -w /var/www/certbot "${options[@]}" fi fi } |