push certificates and skip non-local domains

This commit is contained in:
f 2020-09-07 18:06:50 -03:00
parent 2f483b9677
commit c14f785672

View file

@ -44,6 +44,9 @@ case $1 in
# Skip already existing domains # Skip already existing domains
test -d "/etc/letsencrypt/live/${d}" && continue test -d "/etc/letsencrypt/live/${d}" && continue
# Ignore non local domains
nslookup "${d}" 8.8.8.8 | grep -q "${SUTTY_ADDRESS}" || continue
# Get the certificate for the domain, the webserver will need # Get the certificate for the domain, the webserver will need
# access to this directory # access to this directory
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \ /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
@ -53,9 +56,16 @@ case $1 in
-d "${d}" -d "${d}"
done done
done done
# Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt
esac esac
# Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750
find /etc/letsencrypt -type f | xargs -r chmod 640
chgrp -R ssl /etc/letsencrypt
# Push certificates to nodes, we use SSH as a secure transport
# but this means we're synchronizing from container to host which is
# awkward.
for NODE in ${NODES}; do
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/
done