103 lines
2.9 KiB
Bash
Executable File
103 lines
2.9 KiB
Bash
Executable File
#!/bin/bash
|
||
# This script will run on new cert and on cron renew
|
||
# there is one cert by service
|
||
|
||
# TODO make it an ansible script
|
||
# No
|
||
|
||
# Les arguments du pauvre
|
||
if [ "$#" -eq 1 ] && [ "$1" = '-v' ] ; then
|
||
verbose=true
|
||
else
|
||
verbose=false
|
||
fi
|
||
|
||
# Variable
|
||
acmeroot=/var/www/letsencrypt
|
||
|
||
# Création du répertoire
|
||
mkdir -p "$acmeroot"
|
||
|
||
# With trailing slash or it will be a prefix selector
|
||
#nginx_sites_dir="/etc/nginx/sites-enabled/"
|
||
nginx_sites_dir="/etc/nginx/sites-enabled/"
|
||
|
||
for file in "$nginx_sites_dir"* ; do
|
||
if $verbose ; then
|
||
echo '-------------------------'
|
||
echo "$file"
|
||
fi
|
||
|
||
service_name="$(basename "$file")"
|
||
|
||
# Getting just the domain names
|
||
domains="$(extract_domain_nginx_conf.sh "$file")"
|
||
if [ -n "$domains" ] ; then
|
||
# If using dummy cert, disabling it
|
||
if [ "$(readlink "/etc/letsencrypt/live/$service_name/fullchain.pem")" = "/etc/letsencrypt/live/dummy/fullchain.pem" ] ; then
|
||
rm -r "/etc/letsencrypt/live/$service_name"
|
||
fi
|
||
|
||
echo "$domains"
|
||
# adding -d before every domain
|
||
domains="-d $(echo $domains | sed 's/ / -d /g')"
|
||
|
||
# Run certbot
|
||
command="certbot certonly -n --expand --agree-tos --webroot -w "$acmeroot" --email contact@jean-cloud.org --cert-name "$(basename $file)" $domains"
|
||
if $verbose ; then
|
||
echo $command
|
||
fi
|
||
out="$($command 2>&1)"
|
||
result="$?"
|
||
|
||
if [ "$result" -eq 0 ] && [[ "$out" = *"Certificate not yet due for renewal; no action taken."* ]]; then
|
||
echo "Cert still valid"
|
||
elif [ "$result" -eq 0 ] ; then
|
||
echo "Cert renewed or obtained"
|
||
#new_cert="$(echo "$out" | grep -oE '/etc/letsencrypt/live/.*/fullchain.pem')"
|
||
#echo "'$new_cert'"
|
||
#new_cert_dir="$(dirname "$out")"
|
||
#echo "'$new_cert_dir'"
|
||
|
||
#if [ -d "$new_cert_dir" ] ; then
|
||
# echo "New cert dir : '$new_cert_dir'"
|
||
# echo "cp '$new_cert_dir/*' '/data/proxy/certs/'"
|
||
#else
|
||
# echo "Error parsiong dir name"
|
||
#fi
|
||
|
||
elif [ "$result" -eq 1 ] ; then
|
||
echo "Cert failed"
|
||
echo " ------------------------------------------"
|
||
echo "$out"
|
||
echo " ------------------------------------------"
|
||
else
|
||
echo "Unknown error : $result.\n$out"
|
||
fi
|
||
fi
|
||
done
|
||
|
||
ls /etc/letsencrypt/live/*000* &> /dev/null
|
||
if [ "$?" -eq 0 ] ; then
|
||
echo " ---------------------------------------------------------------------------------------------"
|
||
echo "Bad certs detected in letsencrypt dir. Nginx conf wont work…"
|
||
echo "rm -r /etc/letsencrypt/live/*000* /etc/letsencrypt/archive/*000* /etc/letsencrypt/renewal/*000*"
|
||
echo " ---------------------------------------------------------------------------------------------"
|
||
fi
|
||
|
||
|
||
nginx -t
|
||
code="$?"
|
||
if [ "$code" -ne 0 ] ; then
|
||
echo "Nginx test error, can’t reloat it"
|
||
exit 1
|
||
fi
|
||
|
||
nginx -s reload
|
||
code="$?"
|
||
if [ "$code" -ne 0 ] ; then
|
||
echo "Nginx reload error, GENERAL ALEEEEEEEEERT!!!!!"
|
||
exit 1
|
||
fi
|
||
echo "Done. No error detected."
|