49 lines
1.8 KiB
Bash
49 lines
1.8 KiB
Bash
|
#!/bin/sh
|
||
|
|
set -e
|
||
|
|
|
||
|
|
case $1 in
|
||
|
|
# Renew certificates, trust in certbot's algorithms
|
||
|
|
renew) /usr/bin/certbot renew --quit --agree-tos ;;
|
||
|
|
bootstrap)
|
||
|
|
test -d "/etc/letsencrypt/live/api.${SUTTY}" && exit 0
|
||
|
|
|
||
|
|
# Get the certificate for the domain, the webserver will need
|
||
|
|
# access to this directory
|
||
|
|
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
|
||
|
|
--webroot \
|
||
|
|
--agree-tos \
|
||
|
|
--webroot-path /var/lib/letsencrypt \
|
||
|
|
-d "api.${SUTTY}" ;;
|
||
|
|
# Generate certificates
|
||
|
|
*)
|
||
|
|
# Save headers here
|
||
|
|
headers=/tmp/headers
|
||
|
|
# Gets ETag from previous headers
|
||
|
|
test -f "${headers}" \
|
||
|
|
&& etag="$(grep "^ Etag: " "${headers}" | cut -d : -f 2)"
|
||
|
|
|
||
|
|
# Get site list from the API and transform to a list. Save headers
|
||
|
|
# for next run. Use ETag to avoid running when nothing changed
|
||
|
|
wget --user="${HTTP_BASIC_USER}" --password="${HTTP_BASIC_PASSWORD}" \
|
||
|
|
--header="If-None-Match:${etag}" -qSO - \
|
||
|
|
"https://api.${SUTTY}/v1/sites.json" \
|
||
|
|
2>"${headers}" \
|
||
|
|
| jq --raw-output .[] \
|
||
|
|
| while read name; do
|
||
|
|
# If the site name doesn't end with a dot, it's a subdomain
|
||
|
|
domain="$(echo "${name}" | sed "s/[^\.]$/&${SUTTY}/")"
|
||
|
|
domain="${domain%.}"
|
||
|
|
|
||
|
|
# Skip already existing domains
|
||
|
|
test -d "/etc/letsencrypt/live/${domain}" && continue
|
||
|
|
|
||
|
|
# Get the certificate for the domain, the webserver will need
|
||
|
|
# access to this directory
|
||
|
|
/usr/bin/certbot certonly --email "certbot@${SUTTY}" \
|
||
|
|
--webroot \
|
||
|
|
--agree-tos \
|
||
|
|
--webroot-path /var/lib/letsencrypt \
|
||
|
|
-d "${domain}"
|
||
|
|
done
|
||
|
|
esac
|