Compare commits
No commits in common. "388a19fb8499172565f4fc25d840d3c3c3520160" and "55fd6c2ed2eb03b38f8e4d5af53b1f46c62ca6bc" have entirely different histories.
388a19fb84
...
55fd6c2ed2
3 changed files with 9 additions and 20 deletions
|
|
@ -18,4 +18,5 @@ pipeline:
|
|||
event: push
|
||||
matrix:
|
||||
ALPINE_VERSION:
|
||||
- 3.16.2
|
||||
- 3.16.1
|
||||
- 3.15.5
|
||||
|
|
|
|||
20
certbotd.sh
20
certbotd.sh
|
|
@ -6,16 +6,14 @@ if test -z "${NODES}"; then
|
|||
fi
|
||||
|
||||
lock=/tmp/certbot.lck
|
||||
updated=/tmp/certbot.updated
|
||||
updated=false
|
||||
|
||||
ensure() {
|
||||
test -n "$1" && echo "$1 received, exiting gracefully..."
|
||||
|
||||
rm -f "${lock}"
|
||||
|
||||
test -f "${updated}" || exit 0
|
||||
|
||||
rm -f "${updated}"
|
||||
${updated} || exit 0
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||
|
|
@ -29,7 +27,7 @@ ensure() {
|
|||
# awkward. A restricted rsync treats / as the remote location for the
|
||||
# certificates.
|
||||
for NODE in ${NODES}; do
|
||||
rsync -avHAXL --delete-after /etc/letsencrypt/live/ ${NODE}:/live/
|
||||
rsync -avHAX --delete-after /etc/letsencrypt/ ${NODE}:/
|
||||
done
|
||||
}
|
||||
|
||||
|
|
@ -43,7 +41,7 @@ case $1 in
|
|||
# Renew certificates, trust in certbot's algorithms
|
||||
renew)
|
||||
/usr/bin/certbot renew --quiet --agree-tos
|
||||
touch "${updated}"
|
||||
updated=true
|
||||
;;
|
||||
bootstrap)
|
||||
for site in ${SUTTY} api.${SUTTY}; do
|
||||
|
|
@ -59,14 +57,10 @@ case $1 in
|
|||
|
||||
cd /etc/letsencrypt/live
|
||||
ln -s ${SUTTY} default
|
||||
|
||||
touch "${updated}"
|
||||
done
|
||||
|
||||
;;
|
||||
prune)
|
||||
comm -13 <(realpath /etc/letsencrypt/live/*/*.pem | sort) <(find /etc/letsencrypt/archive/ -name "*.pem" | sort) | xargs rm -v
|
||||
touch "${updated}"
|
||||
updated=true
|
||||
|
||||
;;
|
||||
# Generate certificates
|
||||
*)
|
||||
|
|
@ -107,7 +101,7 @@ case $1 in
|
|||
--agree-tos \
|
||||
--webroot-path /var/lib/letsencrypt \
|
||||
-d "${domain}"
|
||||
touch "${updated}"
|
||||
updated=true
|
||||
done
|
||||
esac
|
||||
|
||||
|
|
|
|||
|
|
@ -10,12 +10,6 @@ check program certbot_renew
|
|||
every "13 5 * * *"
|
||||
if status != 0 then alert
|
||||
|
||||
# Prune old keys
|
||||
check program certbot_prune
|
||||
with path "/usr/local/bin/certbotd prune"
|
||||
every "13 1 2 * *"
|
||||
if status != 0 then alert
|
||||
|
||||
# Get missing certificates for every cycle.
|
||||
check program certbot
|
||||
with path "/usr/local/bin/certbotd"
|
||||
|
|
|
|||
Loading…
Reference in a new issue