push certificates and skip non-local domains
This commit is contained in:
f
parent
2f483b9677
commit
c14f785672
1 changed files with 15 additions and 5 deletions
20
certbot.sh
20
certbot.sh
|
|
@ -44,6 +44,9 @@ case $1 in
|
|||
# Skip already existing domains
|
||||
test -d "/etc/letsencrypt/live/${d}" && continue
|
||||
|
||||
# Ignore non local domains
|
||||
nslookup "${d}" 8.8.8.8 | grep -q "${SUTTY_ADDRESS}" || continue
|
||||
|
||||
# Get the certificate for the domain, the webserver will need
|
||||
# access to this directory
|
||||
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
|
||||
|
|
@ -53,9 +56,16 @@ case $1 in
|
|||
-d "${d}"
|
||||
done
|
||||
done
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||
chgrp -R ssl /etc/letsencrypt
|
||||
esac
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||
chgrp -R ssl /etc/letsencrypt
|
||||
|
||||
# Push certificates to nodes, we use SSH as a secure transport
|
||||
# but this means we're synchronizing from container to host which is
|
||||
# awkward.
|
||||
for NODE in ${NODES}; do
|
||||
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/srv/sutty/etc/letsencrypt/
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in a new issue