containers-certbot/certbot.sh

#!/bin/sh
set -e

case $1 in
  # Renew certificates, trust in certbot's algorithms
  renew) /usr/bin/certbot renew --quiet --agree-tos ;;
  bootstrap)
    for site in ${SUTTY} api.${SUTTY}; do
      test -d "/etc/letsencrypt/live/${site}" && exit 0

      # Get the certificate for the domain, the webserver will need
      # access to this directory
      /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
                                --webroot \
                                --agree-tos \
                                --webroot-path /var/lib/letsencrypt \
                                -d "${site}"

      cd /etc/letsencrypt/live
      ln -s ${SUTTY} default
    done ;;
  # Generate certificates
  *)
    # Save headers here
    headers=/tmp/headers
    # Gets ETag from previous headers
    test -f "${headers}" \
      && etag="$(grep "^  Etag: " "${headers}" | cut -d : -f 2)"

    # Get site list from the API and transform to a list.  Save headers
    # for next run.  Use ETag to avoid running when nothing changed
    wget --user="${HTTP_BASIC_USER}" --password="${HTTP_BASIC_PASSWORD}" \
         --header="If-None-Match:${etag}" -qSO - \
          "https://api.${SUTTY}/v1/sites.json" \
          2>"${headers}" \
      | jq --raw-output .[] \
      | while read name; do
          # If the site name doesn't end with a dot, it's a subdomain
          domain="$(echo "${name}" | sed "s/[^\.]$/&.${SUTTY}/")"
          domain="${domain%.}"

          # Generate a certificate for www also
          for d in ${domain} www.${domain}; do
            # Skip already existing domains
            test -d "/etc/letsencrypt/live/${d}" && continue

            # Get the certificate for the domain, the webserver will need
            # access to this directory
            /usr/bin/certbot certonly --email "certbot@${SUTTY}" \
                                      --webroot \
                                      --agree-tos \
                                      --webroot-path /var/lib/letsencrypt \
                                      -d "${d}"
          done
        done

    # Fix permissions, users in group ssl have read access
    find /etc/letsencrypt -type d | xargs -r chmod 2750
    find /etc/letsencrypt -type f | xargs -r chmod 640
    chgrp -R ssl /etc/letsencrypt
esac
certbot 2019-09-10 23:17:04 +00:00			`#!/bin/sh`
			`set -e`

			`case $1 in`
			`# Renew certificates, trust in certbot's algorithms`
typo 2019-10-11 15:55:05 +00:00			`renew) /usr/bin/certbot renew --quiet --agree-tos ;;`
certbot 2019-09-10 23:17:04 +00:00			`bootstrap)`
bootstrap main site also 2019-09-13 21:33:46 +00:00			`for site in ${SUTTY} api.${SUTTY}; do`
			`test -d "/etc/letsencrypt/live/${site}" && exit 0`
certbot 2019-09-10 23:17:04 +00:00
bootstrap main site also 2019-09-13 21:33:46 +00:00			`# Get the certificate for the domain, the webserver will need`
			`# access to this directory`
			`/usr/bin/certbot certonly --email "certbot@${SUTTY}" \`
			`--webroot \`
			`--agree-tos \`
			`--webroot-path /var/lib/letsencrypt \`
			`-d "${site}"`
symlink to default server 2019-10-07 18:57:11 +00:00
			`cd /etc/letsencrypt/live`
			`ln -s ${SUTTY} default`
bootstrap main site also 2019-09-13 21:33:46 +00:00			`done ;;`
certbot 2019-09-10 23:17:04 +00:00			`# Generate certificates`
			`*)`
			`# Save headers here`
			`headers=/tmp/headers`
			`# Gets ETag from previous headers`
			`test -f "${headers}" \`
			`&& etag="$(grep "^ Etag: " "${headers}" \| cut -d : -f 2)"`

			`# Get site list from the API and transform to a list. Save headers`
			`# for next run. Use ETag to avoid running when nothing changed`
			`wget --user="${HTTP_BASIC_USER}" --password="${HTTP_BASIC_PASSWORD}" \`
			`--header="If-None-Match:${etag}" -qSO - \`
			`"https://api.${SUTTY}/v1/sites.json" \`
			`2>"${headers}" \`
			`\| jq --raw-output .[] \`
			`\| while read name; do`
			`# If the site name doesn't end with a dot, it's a subdomain`
fix permissions and domains 2019-09-13 20:10:50 +00:00			`domain="$(echo "${name}" \| sed "s/[^\.]$/&.${SUTTY}/")"`
certbot 2019-09-10 23:17:04 +00:00			`domain="${domain%.}"`

www 2019-10-01 18:28:14 +00:00			`# Generate a certificate for www also`
			`for d in ${domain} www.${domain}; do`
			`# Skip already existing domains`
			`test -d "/etc/letsencrypt/live/${d}" && continue`
certbot 2019-09-10 23:17:04 +00:00
www 2019-10-01 18:28:14 +00:00			`# Get the certificate for the domain, the webserver will need`
			`# access to this directory`
			`/usr/bin/certbot certonly --email "certbot@${SUTTY}" \`
			`--webroot \`
			`--agree-tos \`
			`--webroot-path /var/lib/letsencrypt \`
			`-d "${d}"`
			`done`
certbot 2019-09-10 23:17:04 +00:00			`done`
fix permissions and domains 2019-09-13 20:10:50 +00:00
			`# Fix permissions, users in group ssl have read access`
			`find /etc/letsencrypt -type d \| xargs -r chmod 2750`
			`find /etc/letsencrypt -type f \| xargs -r chmod 640`
			`chgrp -R ssl /etc/letsencrypt`
certbot 2019-09-10 23:17:04 +00:00			`esac`