Updated renew, added new.sh
This commit is contained in:
parent
e51ad7a7da
commit
1eae86dc9e
@ -24,8 +24,8 @@ RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.1.3/lego_v4.1.
|
||||
|
||||
EXPOSE 80 443
|
||||
|
||||
COPY renew.sh /usr/local/sbin
|
||||
LABEL cron.container.weekly root#/usr/local/sbin/renew.sh certbot
|
||||
COPY new.sh renew.sh /usr/local/sbin/
|
||||
LABEL cron.container.weekly root#/usr/local/sbin/renew.sh lego
|
||||
|
||||
# Expose our web root and log directories log.
|
||||
#VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ]
|
||||
|
57
new.sh
Executable file
57
new.sh
Executable file
@ -0,0 +1,57 @@
|
||||
#!/bin/bash
|
||||
CERTDIR=/etc/nginx/conf.d
|
||||
RELOAD="/tmp/nginx.reload"
|
||||
|
||||
if [ "$1" == "certbot" ]; then
|
||||
echo "! WARNING - untested"
|
||||
|
||||
CERTFILE=${CERTDIR}/certbot-cert.ssl
|
||||
[ -r ${CERTFILE} ] || exit 1
|
||||
[ -d ${CERTDIR}/ssl/letsencrypt ] || mkdir ${CERTDIR}/ssl/letsencrypt
|
||||
|
||||
cat ${CERTFILE} | while read line; do
|
||||
echo " - line is [${line}]"
|
||||
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
|
||||
DOMAINS=$(echo ${line} | cut -d':' -f 2)
|
||||
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
|
||||
|
||||
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
|
||||
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
|
||||
|
||||
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
|
||||
|
||||
certbot certonly --webroot --config-dir ${CERTDIR}/ssl/letsencrypt/ -w /tmp --agree-tos --email ${LEGO_ACCOUNT_EMAIL} -n${LEGO_CERT_DOMAIN}
|
||||
touch ${RELOAD}
|
||||
done
|
||||
|
||||
|
||||
elif [ "$1" == "lego" ]; then
|
||||
CERTFILE=${CERTDIR}/lego-cert.ssl
|
||||
[ -r ${CERTFILE} ] || exit 1
|
||||
[ -d ${CERTDIR}/ssl/lego ] || mkdir ${CERTDIR}/ssl/lego
|
||||
|
||||
TLS_PORT=444
|
||||
|
||||
cat ${CERTFILE} | while read line; do
|
||||
echo " - line is [${line}]"
|
||||
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
|
||||
DOMAINS=$(echo ${line} | cut -d':' -f 2)
|
||||
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
|
||||
|
||||
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
|
||||
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
|
||||
|
||||
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
|
||||
|
||||
lego -m ${LEGO_ACCOUNT_EMAIL} ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego -a --tls --tls.port :${TLS_PORT} run && touch ${RELOAD}
|
||||
done
|
||||
|
||||
else
|
||||
echo "! ERROR: Unknown certbot method [$1]"
|
||||
fi
|
||||
|
||||
if [ -r ${RELOAD} ]; then
|
||||
echo "Reloading NGINX"
|
||||
/usr/sbin/nginx -s reload
|
||||
rm -f ${RELOAD}
|
||||
fi
|
27
renew.sh
27
renew.sh
@ -4,15 +4,32 @@ if [ "$1" == "certbot" ]; then
|
||||
certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
|
||||
|
||||
elif [ "$1" == "lego" ]; then
|
||||
CERTDIR=/etc/nginx/conf.d
|
||||
CERTFILE=${CERTDIR}/lego-cert.ssl
|
||||
RELOAD="/tmp/nginx.reload"
|
||||
TLS_PORT=444
|
||||
|
||||
[ -r ${CERTFILE} ] || exit 1
|
||||
|
||||
cat ${CERTFILE} | while read line; do
|
||||
echo " - line is [${line}]"
|
||||
LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
|
||||
DOMAINS=$(echo ${line} | cut -d':' -f 2)
|
||||
LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
|
||||
|
||||
LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
|
||||
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
|
||||
|
||||
LEGO_CERT_DOMAIN=("${LEGO_CERT_DOMAIN[@]/#/--domains=\"}")
|
||||
if [ -n "${LEGO_CERT_DOMAIN}" ]; then
|
||||
LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:+"${LEGO_CERT_DOMAIN[@]/%/\"}"}
|
||||
fi
|
||||
LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
|
||||
|
||||
echo lego --email="mail@gmail.com" ${LEGO_CERT_DOMAIN} --tls --tls.port 444 renew --renew-hook="/usr/sbin/nginx -s reload"
|
||||
lego --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} renew --renew-hook="touch $RELOAD"
|
||||
done
|
||||
|
||||
if [ -r ${RELOAD} ]; then
|
||||
echo "Reloading NGINX"
|
||||
/usr/sbin/nginx -s reload
|
||||
rm -f ${RELOAD}
|
||||
fi
|
||||
|
||||
else
|
||||
echo "! ERROR: Unknown certbot method [$1]"
|
||||
|
Loading…
Reference in New Issue
Block a user