46 lines
1.4 KiB
Bash
Executable File
46 lines
1.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ "$#" -ne 4 ] ; then
|
|
echo "Usage: $0 <service_name> <workdir> <cert_dir> <rfc2136_file>" >&2
|
|
exit 1
|
|
fi
|
|
|
|
service="$1"
|
|
workdir="$2"
|
|
certs_dir="$3"
|
|
rfc2136_file="$4"
|
|
certbotopt="--non-interactive --config-dir $certs_dir --work-dir $workdir/work --logs-dir $workdir/logs --agree-tos -m contact@jean-cloud.org"
|
|
|
|
. /docker/$service/.env
|
|
|
|
echo "== acme for $service"
|
|
[ -z "$JC_DOMAINS" ] && exit 0
|
|
|
|
domains="$(echo "$JC_DOMAINS" | resolvable.sh ns.jean-cloud.org)"
|
|
#domains="$JC_DOMAINS"
|
|
|
|
[ -z "$domains" ] && exit 0
|
|
|
|
# Detect letsencrypt duplicates
|
|
if ls "$certs_dir/live/" | grep -q "^$service-" ; then
|
|
echo "letsencrypt deplucate found for '$service'"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -e "$certs_dir/live/$service/cert.pem" ] ; then
|
|
echo Cert already exists
|
|
current_domains="$(openssl x509 -text -in "$certs_dir/live/$service/cert.pem" | grep 'DNS:' | sed -e 's/, /\n/g' -e 's/DNS://g' -e 's/ //g' | sort -u | tr '\n' ' ' | sed 's/ $//' )"
|
|
if [ "$current_domains" = "$domains" ] ; then
|
|
echo "Existing cert got the same domains, preserving"
|
|
exit 0
|
|
|
|
else
|
|
echo "New domains, removing old cert for $service"
|
|
certbot delete $certbotopt --cert-name "$service" --reason superseded
|
|
fi
|
|
fi
|
|
[ -z "$domains" ] && exit 0
|
|
domains="$(echo -n "$domains" | tr '\n' ' ' | sed -e 's/ / -d /g' )"
|
|
echo "--------------- -d $domains"
|
|
certbot certonly $certbotopt --cert-name "$service" --dns-rfc2136 --dns-rfc2136-credentials "$rfc2136_file" -d $domains
|