Sutty/containers-certbot-simple
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

push certificates and skip non-local domains

Browse source
This commit is contained in:
f 2020-09-07 18:06:50 -03:00
parent 2f483b9677
commit c14f785672
1 changed files with 15 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
certbot.sh
View file

@ -44,6 +44,9 @@ case $1 in
# Skip already existing domains # Skip already existing domains
test -d "/etc/letsencrypt/live/${d}" && continue test -d "/etc/letsencrypt/live/${d}" && continue
# Ignore non local domains
nslookup "${d}" 8.8.8.8 | grep -q "${SUTTY_ADDRESS}" || continue
# Get the certificate for the domain, the webserver will need # Get the certificate for the domain, the webserver will need
# access to this directory # access to this directory
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \ /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
@ -53,9 +56,16 @@ case $1 in
-d "${d}" -d "${d}"
done done
done done
esac
# Fix permissions, users in group ssl have read access # Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750 find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640 find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt chgrp -R ssl /etc/letsencrypt
esac
# Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is
# awkward.
for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/
done