Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: Sutty:388a19fb8499172565f4fc25d840d3c3c3520160
Branches Tags
Sutty:antifascista
..
compare: Sutty:55fd6c2ed2eb03b38f8e4d5af53b1f46c62ca6bc
Branches Tags
Sutty:antifascista

No commits in common. "388a19fb8499172565f4fc25d840d3c3c3520160" and "55fd6c2ed2eb03b38f8e4d5af53b1f46c62ca6bc" have entirely different histories.
388a19fb84 ... 55fd6c2ed2

3 changed files with 9 additions and 20 deletions
Show stats Expand all files Collapse all files

3
.woodpecker.yml
View file

@ -18,4 +18,5 @@ pipeline:
event: push event: push
matrix: matrix:
ALPINE_VERSION: ALPINE_VERSION:
- 3.16.2 - 3.16.1
- 3.15.5

20
certbotd.sh
View file

@ -6,16 +6,14 @@ if test -z "${NODES}"; then
fi fi
lock=/tmp/certbot.lck lock=/tmp/certbot.lck
updated=/tmp/certbot.updated updated=false
ensure() { ensure() {
test -n "$1" && echo "$1 received, exiting gracefully..." test -n "$1" && echo "$1 received, exiting gracefully..."
rm -f "${lock}" rm -f "${lock}"
test -f "${updated}" || exit 0 ${updated} || exit 0
rm -f "${updated}"
# Fix permissions, users in group ssl have read access # Fix permissions, users in group ssl have read access
find /etc/letsencrypt -type d | xargs -r chmod 2750 find /etc/letsencrypt -type d | xargs -r chmod 2750
@ -29,7 +27,7 @@ ensure() {
# awkward. A restricted rsync treats / as the remote location for the # awkward. A restricted rsync treats / as the remote location for the
# certificates. # certificates.
for NODE in ${NODES}; do for NODE in ${NODES}; do
rsync -avHAXL --delete-after /etc/letsencrypt/live/ ${NODE}:/live/ rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
done done
} }
@ -43,7 +41,7 @@ case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
/usr/bin/certbot renew --quiet --agree-tos /usr/bin/certbot renew --quiet --agree-tos
touch "${updated}" updated=true
;; ;;
bootstrap) bootstrap)
for site in ${SUTTY} api.${SUTTY}; do for site in ${SUTTY} api.${SUTTY}; do
@ -59,14 +57,10 @@ case $1 in
cd /etc/letsencrypt/live cd /etc/letsencrypt/live
ln -s ${SUTTY} default ln -s ${SUTTY} default
touch "${updated}"
done done
;; updated=true
prune)
comm -13 <(realpath /etc/letsencrypt/live/*/*.pem | sort) <(find /etc/letsencrypt/archive/ -name "*.pem" | sort) | xargs rm -v
touch "${updated}"
;; ;;
# Generate certificates # Generate certificates
*) *)
@ -107,7 +101,7 @@ case $1 in
--agree-tos \ --agree-tos \
--webroot-path /var/lib/letsencrypt \ --webroot-path /var/lib/letsencrypt \
-d "${domain}" -d "${domain}"
touch "${updated}" updated=true
done done
esac esac

6
monit.conf
View file

@ -10,12 +10,6 @@ check program certbot_renew
every "13 5 * * *" every "13 5 * * *"
if status != 0 then alert if status != 0 then alert
# Prune old keys
check program certbot_prune
with path "/usr/local/bin/certbotd prune"
every "13 1 2 * *"
if status != 0 then alert
# Get missing certificates for every cycle. # Get missing certificates for every cycle.
check program certbot check program certbot
with path "/usr/local/bin/certbotd" with path "/usr/local/bin/certbotd"