From e667946b06391709f6e5df257ac783e4cfc1d52a Mon Sep 17 00:00:00 2001 From: f Date: Mon, 1 Aug 2022 17:54:30 -0300 Subject: [PATCH] fix permissions only when something changed since certbot doesn't do any pruning, fixing permissions all the time is an IO issue --- certbotd.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/certbotd.sh b/certbotd.sh index 4117aca..3c0ee1c 100755 --- a/certbotd.sh +++ b/certbotd.sh @@ -6,12 +6,15 @@ if test -z "${NODES}"; then fi lock=/tmp/certbot.lck +updated=false ensure() { test -n "$1" && echo "$1 received, exiting gracefully..." rm -f "${lock}" + ${updated} || exit 0 + # Fix permissions, users in group ssl have read access find /etc/letsencrypt -type d | xargs -r chmod 2750 find /etc/letsencrypt -type f | xargs -r chmod 640 @@ -38,6 +41,7 @@ case $1 in # Renew certificates, trust in certbot's algorithms renew) /usr/bin/certbot renew --quiet --agree-tos + updated=true ;; bootstrap) for site in ${SUTTY} api.${SUTTY}; do @@ -53,7 +57,11 @@ case $1 in cd /etc/letsencrypt/live ln -s ${SUTTY} default - done ;; + done + + updated=true + + ;; # Generate certificates *) # Only one instance can run at a time @@ -93,6 +101,7 @@ case $1 in --agree-tos \ --webroot-path /var/lib/letsencrypt \ -d "${domain}" + updated=true done esac