Change renew.sh to ssl.sh - enabled specific domain registration

Dockerfile

@@ -24,8 +24,8 @@ RUN curl -sL https://github.com/go-acme/lego/releases/download/v4.2.0/lego_v4.2.
 
 EXPOSE 80 443
 
-COPY new.sh renew.sh /usr/local/sbin/
+COPY new.sh ssl.sh /usr/local/sbin/
-LABEL cron.container.weekly root#/usr/local/sbin/renew.sh lego
+LABEL cron.container.weekly root#/usr/local/sbin/ssl.sh lego renew
 
 # Expose our web root and log directories log.
 #VOLUME [ "/etc/nginx/conf.d", "/etc/nginx/default.d" ]

new.sh

@@ -1,57 +0,0 @@
-#!/bin/bash
-CERTDIR=/etc/nginx/conf.d
-RELOAD="/tmp/nginx.reload"
-
-if [ "$1" == "certbot" ]; then
-	echo "! WARNING - untested"
-
-	CERTFILE=${CERTDIR}/certbot-cert.ssl
-	[ -r ${CERTFILE} ] || exit 1
-	[ -d ${CERTDIR}/ssl/letsencrypt ] || mkdir ${CERTDIR}/ssl/letsencrypt
-
-	cat ${CERTFILE} | while read line; do
-		echo " - line is [${line}]"
-		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
-		DOMAINS=$(echo ${line} | cut -d':' -f 2)
-		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
-
-		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
-		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
-
-		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
-
-		certbot certonly --webroot --config-dir ${CERTDIR}/ssl/letsencrypt/ -w /tmp --agree-tos --email ${LEGO_ACCOUNT_EMAIL} -n${LEGO_CERT_DOMAIN}
-		touch ${RELOAD}
-	done
-
-
-elif [ "$1" == "lego" ]; then
-	CERTFILE=${CERTDIR}/lego-cert.ssl
-	[ -r ${CERTFILE} ] || exit 1
-	[ -d ${CERTDIR}/ssl/lego ] || mkdir ${CERTDIR}/ssl/lego
-
-	TLS_PORT=444
-
-	cat ${CERTFILE} | while read line; do
-		echo " - line is [${line}]"
-		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
-		DOMAINS=$(echo ${line} | cut -d':' -f 2)
-		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
-
-		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
-		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
-
-		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
-
-		lego -m ${LEGO_ACCOUNT_EMAIL} ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego -a --tls --tls.port :${TLS_PORT} run && touch ${RELOAD}
-	done
-
-else
-	echo "! ERROR: Unknown certbot method [$1]"
-fi
-
-if [ -r ${RELOAD} ]; then
-	echo "Reloading NGINX"
-	/usr/sbin/nginx -s reload
-	rm -f ${RELOAD}
-fi

renew.sh

@@ -1,51 +0,0 @@
-#!/bin/bash
-
-if [ "$1" == "certbot" ]; then
-	certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
-
-elif [ "$1" == "lego" ]; then
-	CERTDIR=/etc/nginx/conf.d
-	CERTFILE=${CERTDIR}/lego-cert.ssl
-	RELOAD="/tmp/nginx.reload"
-	TLS_PORT=444
-
-	[ -r ${CERTFILE} ] || exit 1
-
-	cat ${CERTFILE} | while read line; do
-		echo " - line is [${line}]"
-		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
-		DOMAINS=$(echo ${line} | cut -d':' -f 2)
-		DNS=$(echo ${line} | cut -d':' -f 3)
-		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
-
-		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
-		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
-
-		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
-
-		if [ ${DNS} == 'cloudflare' ]; then
-			DNS=$(echo ${line} | cut -d':' -f 3)
-
-			export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 4)
-			export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 5)
-			LEGO_DNS="--dns cloudflare"
-		else
-			:
-		fi
-
-		if [ "$2" == "run" ]; then
-			lego ${LEGO_DNS} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} run --run-hook="touch $RELOAD"
-		else
-			lego ${LEGO_DNS} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego --tls --tls.port :${TLS_PORT} renew --renew-hook="touch $RELOAD"
-		fi
-	done
-
-	if [ -r ${RELOAD} ]; then
-		echo "Reloading NGINX"
-		/usr/sbin/nginx -s reload
-		rm -f ${RELOAD}
-	fi
-
-else
-	echo "! ERROR: Unknown certbot method [$1]"
-fi

ssl.sh

@@ -0,0 +1,65 @@
+#!/bin/bash
+
+if [ "$1" == "certbot" ]; then
+	certbot renew -q --config-dir /etc/nginx/conf.d/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload"
+
+elif [ "$1" == "lego" ]; then
+	CERTDIR=/etc/nginx/conf.d
+	CERTFILE=${CERTDIR}/lego-cert.ssl
+	RELOAD="/tmp/nginx.reload"
+	TLS_PORT=444
+
+	[ -r ${CERTFILE} ] || exit 1
+
+	cat ${CERTFILE} | while read line; do
+		echo " - line is [${line}]"
+		LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1)
+		DOMAINS=$(echo ${line} | cut -d':' -f 2)
+		LEGO_CERT_DOMAIN=(${DOMAINS//,/ })
+
+		if [ -n "$2" ]; then
+			if [[ ! " ${DOMAINS[@]} " =~ " ${2} " ]]; then
+				continue;
+			fi
+		fi
+
+		METHOD=$(echo ${line} | cut -d':' -f 3)
+
+		LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set}
+		LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set}
+
+		LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d })
+
+		if [ ${METHOD} == 'dns' ]; then
+			DNS=$(echo ${line} | cut -d':' -f 4)
+			if [ ${DNS} == 'cloudflare' ]; then
+				export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 5)
+				export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 6)
+				LEGO_METHOD="--dns cloudflare"
+			else
+				echo "! ERROR: Unknown DNS [${DNS}]" && continue
+			fi
+
+		elif [ ${METHOD} == 'tls' ]; then
+			LEGO_METHOD="--tls --tls.port :${TLS_PORT}"
+			:
+		else
+			echo "! ERROR: Unknown METHOD [${METHOD}]" && continue
+		fi
+
+		if [ "$2" == "renew" ]; then
+			lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego renew --renew-hook="touch $RELOAD"
+		else
+			lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego run --run-hook="touch $RELOAD"
+		fi
+	done
+
+	if [ -r ${RELOAD} ]; then
+		echo "Reloading NGINX"
+		/usr/sbin/nginx -s reload
+		rm -f ${RELOAD}
+	fi
+
+else
+	echo "! ERROR: Unknown certbot method [$1]"
+fi