@ -42,12 +42,39 @@ if [ ! -d "${LECONFIGDIR}" ]; then
exit 1
exit 1
fi
fi
# import_certificate
#
# Try to import certificate in webserver config using uberspace-add-certificate
#
# If something fails, leave a file as marker so we can try it again with next
# script run. Failures occur occasionally due to problems with connection to
# letsencrypt while import.
import_certificate( ) {
# import certificate
uberspace-add-certificate -k " ${ LECONFIGDIR } /live/ ${ domain } /privkey.pem " -c " ${ LECONFIGDIR } /live/ ${ domain } /cert.pem "
# Not successfull?
if [ $? -ne 0 ] ; then
# Set error marker
touch " ${ LECONFIGDIR } /live/ ${ domain } /importerror "
elif [ -f " ${ LECONFIGDIR } /live/ ${ domain } /importerror " ] ; then
# Remove error marker
rm " ${ LECONFIGDIR } /live/ ${ domain } /importerror "
fi
}
# Get all existing inifiles matching namescheme cli-${domain}.ini
# Get all existing inifiles matching namescheme cli-${domain}.ini
for inifile in " ${ LECONFIGDIR } " /cli-*.ini; do
for inifile in " ${ LECONFIGDIR } " /cli-*.ini; do
# Get domain out of file (first value in property "domains")
# Get domain out of file (first value in property "domains")
domain = $( grep -e "[ \t]*domains.*" " ${ inifile } " | sed "s/ //g" | cut -d "=" -f2 | cut -d "," -f1)
domain = $( grep -e "[ \t]*domains.*" " ${ inifile } " | sed "s/ //g" | cut -d "=" -f2 | cut -d "," -f1)
# If there was an import error before, try again to import certificate
if [ -f " ${ LECONFIGDIR } /live/ ${ domain } /importerror " ] ; then
import_certificate
fi
# sleep for a random time so not all certificates get renewed at the same time
# sleep for a random time so not all certificates get renewed at the same time
if [ $FIRSTITER -ne 1 ] ; then
if [ $FIRSTITER -ne 1 ] ; then
sleep $( expr $RANDOM % 600)
sleep $( expr $RANDOM % 600)
@ -60,7 +87,6 @@ for inifile in "${LECONFIGDIR}"/cli-*.ini; do
FIRSTITER = 0
FIRSTITER = 0
letsencrypt certonly -c " ${ inifile } " || continue
letsencrypt certonly -c " ${ inifile } " || continue
# import certificate
import_certificate
uberspace-add-certificate -k " ${ LECONFIGDIR } /live/ ${ domain } /privkey.pem " -c " ${ LECONFIGDIR } /live/ ${ domain } /cert.pem "
done
done