aboutsummaryrefslogtreecommitdiff
path: root/docker/auto-certbot/daemon.bash
diff options
context:
space:
mode:
Diffstat (limited to 'docker/auto-certbot/daemon.bash')
-rwxr-xr-xdocker/auto-certbot/daemon.bash107
1 files changed, 0 insertions, 107 deletions
diff --git a/docker/auto-certbot/daemon.bash b/docker/auto-certbot/daemon.bash
deleted file mode 100755
index d79387e..0000000
--- a/docker/auto-certbot/daemon.bash
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-# Check I'm root.
-if [[ $EUID -ne 0 ]]; then
- echo "This script must be run as root" 1>&2
- exit 1
-fi
-
-# Check certbot version.
-certbot --version
-
-# Check domain
-if [[ -z "$CRUPEST_DOMAIN" ]]; then
- echo "CRUPEST_DOMAIN can't be empty!" 1>&2
- exit 1
-fi
-
-# Check email
-if [[ -z "$CRUPEST_EMAIL" ]]; then
- echo "CRUPEST_EMAIL can't be empty!" 1>&2
- exit 2
-fi
-
-# Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem
-if [ -z "$CRUPEST_CERT_PATH" ]; then
- CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem"
-fi
-
-# Check CRUPEST_CERT_PATH exists.
-if [ ! -f "$CRUPEST_CERT_PATH" ]; then
- echo "Cert file does not exist. You may want to generate it manually with aio script." 1>&2
- exit 3
-fi
-
-echo "Root domain:" "$CRUPEST_DOMAIN"
-echo "Email:" "$CRUPEST_EMAIL"
-echo "Cert path: ${CRUPEST_CERT_PATH}"
-
-# Check CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined.
-if [ -z "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then
- echo "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is not defined or empty. Will use the default one."
-else
- printf "CRUPEST_AUTO_CERTBOT_RENEW_COMMAND is defined as:\n%s\n" "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND"
-fi
-
-domains_str="$(/get-cert-domains.py "${CRUPEST_CERT_PATH}")"
-
-printf "Domain list:\n%s\n" "$domains_str"
-
-mapfile -t domains <<< "$domains_str"
-
-for domain in "${domains[@]}"; do
- domain_options=("${domain_options[@]}" -d "$domain")
-done
-
-options=(-n --agree-tos -m "$CRUPEST_EMAIL" --webroot -w /var/www/certbot "${domain_options[@]}")
-if [ -n "$CRUPEST_AUTO_CERTBOT_POST_HOOK" ]; then
- printf "You have defined a post hook:\n%s\n" "$CRUPEST_AUTO_CERTBOT_POST_HOOK"
- options=("${options[@]}" --post-hook "$CRUPEST_AUTO_CERTBOT_POST_HOOK")
-fi
-
-# Use test server to test.
-certbot certonly --force-renewal --test-cert --dry-run "${options[@]}"
-
-function check_and_renew_cert {
- expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH")
-
- # Get ssl certificate expire date.
- expire_date=$(echo "$expire_info" | cut -d= -f2)
-
- echo "SSL certificate expire date: $expire_date"
-
- # Convert expire date to UNIX timestamp.
- expire_timestamp="$(date -d "$expire_date" +%s)"
-
- # Minus expire timestamp with 30 days in UNIX timestamp.
- renew_timestamp="$((expire_timestamp - 2592000))"
- echo "Renew SSL certificate at: $(date -d @$renew_timestamp)"
-
- # Get rest time til renew.
- rest_time_in_second="$((renew_timestamp - $(date +%s)))"
- rest_time_in_day=$((rest_time_in_second / 86400))
- echo "Rest time til renew: $rest_time_in_second seconds, aka, about $rest_time_in_day days"
-
- # Do we have rest time?
- if [ $rest_time_in_second -gt 0 ]; then
- # Sleep 1 hour.
- echo "I'm going to sleep for 1 day to check again."
- sleep 1d
- else
- # No, renew now.
- echo "Renewing now..."
-
- if [ -n "$CRUPEST_AUTO_CERTBOT_RENEW_COMMAND" ]; then
- $CRUPEST_AUTO_CERTBOT_RENEW_COMMAND
- else
- certbot certonly "${options[@]}"
- fi
- fi
-}
-
-# Run check_and_renew_cert in infinate loop.
-while true; do
- check_and_renew_cert
-done
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-04 11:03:14 +0000