Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity

feat: remove certificates for domains not pointing here

Browse source
This commit is contained in:
f 2024-12-28 17:10:17 -03:00
parent 0f15423d4f
commit 43ac0ece5b
No known key found for this signature in database
1 changed files with 13 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
certbotd.sh
View file

@ -8,6 +8,10 @@ not_ok() {
echo "not ok - $@" >&2 echo "not ok - $@" >&2
} }
domain_configured() {
nslookup "$1" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})"
}
remove_certificate() { remove_certificate() {
rm -rf "/etc/letsencrypt/renewal/${1}.conf" "/etc/letsencrypt/live/${1}" "/etc/letsencrypt/archive/${1}" rm -rf "/etc/letsencrypt/renewal/${1}.conf" "/etc/letsencrypt/live/${1}" "/etc/letsencrypt/archive/${1}"
} }
@ -141,8 +145,14 @@ case $1 in
# Skip already existing domains # Skip already existing domains
if test -s "/etc/letsencrypt/renewal/${domain}.conf"; then if test -s "/etc/letsencrypt/renewal/${domain}.conf"; then
# But check if they still point here
if domain_configured "${domain}" ; then
ok "${domain} already issued" ok "${domain} already issued"
continue continue
else
not_ok "${domain} has a certificate but it's not correctly configured, will remove it for now"
remove_certificate "${domain}"
fi
# The file exists but it's empty and it was issued before # The file exists but it's empty and it was issued before
elif test -f "/etc/letsencrypt/renewal/${domain}.conf" && test -d "/etc/letsencrypt/archive/${domain}"; then elif test -f "/etc/letsencrypt/renewal/${domain}.conf" && test -d "/etc/letsencrypt/archive/${domain}"; then
ok "${domain} renewal conf was empty, fixing..." ok "${domain} renewal conf was empty, fixing..."
@ -159,7 +169,7 @@ case $1 in
fi fi
# Ignore non local domains # Ignore non local domains
if ! nslookup "${domain}" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})" ; then if ! domain_configured "${domain}" ; then
ok "${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip" ok "${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip"
continue continue
fi fi