#!/bin/bash TMPDIR=/tmp/nginx if [ "$1" == "certbot" ]; then certbot renew -q --config-dir /etc/nginx/ssl/letsencrypt/ --renew-hook "/usr/sbin/nginx -s reload" elif [ "$1" == "lego" ]; then CERTDIR=/etc/nginx/ssl LEGODIR=${CERTDIR}/lego CERTFILE=${LEGODIR}/lego-cert.ssl RELOAD="/tmp/nginx.reload" TLS_PORT=444 [ -r ${CERTFILE} ] || exit 1 cat ${CERTFILE} | while read line; do #echo " - line is [${line}]" LEGO_ACCOUNT_EMAIL=$(echo ${line} | cut -d':' -f 1) DOMAINS=$(echo ${line} | cut -d':' -f 2) LEGO_CERT_DOMAIN=(${DOMAINS//,/ }) if [ -n "$3" ]; then if [[ ! " ${DOMAINS[@]} " =~ " ${3} " ]]; then continue; fi fi METHOD=$(echo ${line} | cut -d':' -f 3) LEGO_ACCOUNT_EMAIL=${LEGO_ACCOUNT_EMAIL:? LEGO_ACCOUNT_EMAIL not set} LEGO_CERT_DOMAIN=${LEGO_CERT_DOMAIN:? LEGO_CERT_DOMAIN not set} LEGO_CERT_DOMAIN=(${LEGO_CERT_DOMAIN[@]/#/-d }) if [ ${METHOD} == 'dns' ]; then DNS=$(echo ${line} | cut -d':' -f 4) if [ ${DNS} == 'cloudflare' ]; then export CLOUDFLARE_EMAIL=$(echo ${line} | cut -d':' -f 5) export CF_DNS_API_TOKEN=$(echo ${line} | cut -d':' -f 6) LEGO_METHOD="--dns cloudflare" else echo "! ERROR: Unknown DNS [${DNS}]" && continue fi elif [ ${METHOD} == 'tls' ]; then LEGO_METHOD="--tls --tls.port :${TLS_PORT}" else echo "! ERROR: Unknown METHOD [${METHOD}]" && continue fi if [ "$2" == "renew" ]; then lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego renew --renew-hook="touch ${RELOAD}" elif [ "$2" == "run" ]; then lego ${LEGO_METHOD} --email="${LEGO_ACCOUNT_EMAIL}" ${LEGO_CERT_DOMAIN[@]} --path ${CERTDIR}/ssl/lego run --run-hook="touch ${RELOAD}" else echo "! ERROR: Not doing anything?" && exit 1 fi done # Checkour MD5s and reload if required for cert in $(lego --path ${LEGODIR} list |grep Certificate\ Path|awk '{print $3}'); do OUTPUT=$(basename ${cert}) SRC=$(cat ${TMPDIR}/${OUTPUT}.md5) TGT=$(cat ${cert} | md5sum) echo "- Comparing MD5 of SRC [${SRC}] with [${TGT}]" if [ "${SRC}" != "${TGT}" ]; then touch ${RELOAD} echo ${TGT} > ${TMPDIR}/${OUTPUT}.md5 fi done if [ -r ${RELOAD} ]; then echo "* Reloading NGINX" /usr/sbin/nginx -s reload rm -f ${RELOAD} fi else echo "! ERROR: Unknown certbot method [$1]" fi