fix permissions only when something changed
since certbot doesn't do any pruning, fixing permissions all the time is an IO issue
This commit is contained in:
f
parent
095d0968db
commit
e667946b06
1 changed files with 10 additions and 1 deletions
11
certbotd.sh
11
certbotd.sh
|
|
@ -6,12 +6,15 @@ if test -z "${NODES}"; then
|
|||
fi
|
||||
|
||||
lock=/tmp/certbot.lck
|
||||
updated=false
|
||||
|
||||
ensure() {
|
||||
test -n "$1" && echo "$1 received, exiting gracefully..."
|
||||
|
||||
rm -f "${lock}"
|
||||
|
||||
${updated} || exit 0
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||
|
|
@ -38,6 +41,7 @@ case $1 in
|
|||
# Renew certificates, trust in certbot's algorithms
|
||||
renew)
|
||||
/usr/bin/certbot renew --quiet --agree-tos
|
||||
updated=true
|
||||
;;
|
||||
bootstrap)
|
||||
for site in ${SUTTY} api.${SUTTY}; do
|
||||
|
|
@ -53,7 +57,11 @@ case $1 in
|
|||
|
||||
cd /etc/letsencrypt/live
|
||||
ln -s ${SUTTY} default
|
||||
done ;;
|
||||
done
|
||||
|
||||
updated=true
|
||||
|
||||
;;
|
||||
# Generate certificates
|
||||
*)
|
||||
# Only one instance can run at a time
|
||||
|
|
@ -93,6 +101,7 @@ case $1 in
|
|||
--agree-tos \
|
||||
--webroot-path /var/lib/letsencrypt \
|
||||
-d "${domain}"
|
||||
updated=true
|
||||
done
|
||||
esac
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue