letsencrypt-renew for multiple letsencrypt certificates within one uberspace
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.
 
 

92 lignes
2.9 KiB

#!/bin/bash
#
# letsencrypt-renew.sh
#
# Copyright 2017 Jonathan Golder <jonathan@golderweb.de>
#
# Derived from:
# https://wiki.uberspace.de/webserver:https#automatisieren_von_let_s_encrypt
# Which is itself originaly based on:
# https://github.com/nerdoc/uberspace-tools/blob/master/letsencrypt-renew
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
#
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
# Detect first iteration to prevent useless sleep
FIRSTITER=1
# PATH to inifiles / letsencrypt dir
if [ -z "${LECONFIGDIR}" ]; then
LECONFIGDIR=~/.config/letsencrypt
fi
# Catch missing LECONFIGDIR
if [ ! -d "${LECONFIGDIR}" ]; then
echo "$0: ${LECONFIGDIR} does not exists! Maybe letsencrypt is not yet initialised!" >&2
exit 1
fi
# import_certificate
#
# Try to import certificate in webserver config using uberspace-add-certificate
#
# If something fails, leave a file as marker so we can try it again with next
# script run. Failures occur occasionally due to problems with connection to
# letsencrypt while import.
import_certificate() {
# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
# Not successfull?
if [ $? -ne 0 ]; then
# Set error marker
touch "${LECONFIGDIR}/live/${domain}/importerror"
elif [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
# Remove error marker
rm "${LECONFIGDIR}/live/${domain}/importerror"
fi
}
# Get all existing inifiles matching namescheme cli-${domain}.ini
for inifile in "${LECONFIGDIR}"/cli-*.ini; do
# Get domain out of file (first value in property "domains")
domain=$(grep -e "[ \t]*domains.*" "${inifile}" | sed "s/ //g" |cut -d "=" -f2 | cut -d "," -f1)
# If there was an import error before, try again to import certificate
if [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
import_certificate
fi
# sleep for a random time so not all certificates get renewed at the same time
if [ $FIRSTITER -ne 1 ]; then
sleep $(expr $RANDOM % 600)
fi
# Check validity of cert for domain
openssl x509 -checkend $(( 21 * 86400 )) -in "${LECONFIGDIR}/live/${domain}/cert.pem" > /dev/null && continue
# run let's encrypt
FIRSTITER=0
letsencrypt certonly -c "${inifile}" || continue
import_certificate
done