Sutty/containers-certbot
5
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages 1 Wiki Activity

Compare commits

base: Sutty:af1549c1426dd79445e8cd981f04429f82b342b9
Branches Tags
Sutty:antifascista
...
compare: Sutty:ffed22b2df3c59f90fb83ec946bcef52bb25c792
Branches Tags
Sutty:antifascista

3 commits
af1549c142 ... ffed22b2df

Author SHA1 Message Date
f
ffed22b2df
fix: tap
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
Details
ci/woodpecker/push/woodpecker/2 Pipeline was successful
Details
2024-06-14 18:47:42 -03:00
f
919706b80e
fix: some renewal files where missing (??) 2024-06-14 18:41:59 -03:00
f
67ca76f7f1
fix: use set -E to trip the traps... 
but it doesn't work on while loops, so we ensure there too
 2024-06-14 18:23:45 -03:00
1 changed files with 37 additions and 9 deletions
Show stats Expand all files Collapse all files

46
certbotd.sh
View file

@ -1,7 +1,15 @@
#!/bin/sh #!/bin/sh
ok() {
echo "ok - $@" >&2
}
not_ok() {
echo "not ok - $@" >&2
}
if test -z "${NODES}" && test -z "${SINGLE_NODE}"; then if test -z "${NODES}" && test -z "${SINGLE_NODE}"; then
echo "not ok - The env var NODES is empty, if you don't want to synchronize to other servers, set SINGLE_NODE=true" >&2 not_ok "The env var NODES is empty, if you don't want to synchronize to other servers, set SINGLE_NODE=true"
exit 1 exit 1
fi fi
@ -9,7 +17,7 @@ lock=/tmp/certbot.lck
updated=/tmp/certbot.updated updated=/tmp/certbot.updated
ensure() { ensure() {
test -n "$1" && echo "ok - $1 received, exiting gracefully..." >&2 test -n "$1" && ok "$1 received, exiting gracefully..."
if test -f "${updated}" ; then if test -f "${updated}" ; then
rm -f "${updated}" rm -f "${updated}"
@ -37,6 +45,8 @@ for SIG in 1 2 3 6 9 14 15; do
trap "ensure ${SIG}" ${SIG} trap "ensure ${SIG}" ${SIG}
done done
set -E
case $1 in case $1 in
# Renew certificates, trust in certbot's algorithms # Renew certificates, trust in certbot's algorithms
renew) renew)
@ -66,8 +76,8 @@ case $1 in
*) *)
# Only one instance can run at a time # Only one instance can run at a time
if test -f "${lock}" ; then if test -f "${lock}" ; then
echo "not ok - There's a certbotd instance already running, doing nothing..." >&2 not_ok "There's a certbotd instance already running, doing nothing..."
echo "not ok - If the problem persists, you may need to remove ${lock} manually." >&2 not_ok "If the problem persists, you may need to remove ${lock} manually."
exit 1 exit 1
fi fi
@ -87,15 +97,32 @@ case $1 in
2>"${headers}" \ 2>"${headers}" \
| jq --raw-output .[] \ | jq --raw-output .[] \
| while read domain; do | while read domain; do
# Skip already existing domains if test -z "${domain}"; then
if test -f "/etc/letsencrypt/renewal/${domain}.conf"; then not_ok "domain is empty"
echo "ok - ${domain} already issued" >&2
continue continue
fi fi
# Skip already existing domains
if test -s "/etc/letsencrypt/renewal/${domain}.conf"; then
ok "${domain} already issued"
continue
else
ok "${domain} renewal conf was empty, fixing..."
other_renewal="$(grep -l -m 1 "^authenticator = webroot$" /etc/letsencrypt/renewal/*.conf | head -1)"
if test -z "${other_renewal}"; then
not_ok "${domain} couldn't fix"
ensure 1
fi
other_domain="$(basename "${other_renewal}" .conf)"
sed -re "s/${other_domain}/${domain}/g" "${other_renewal}" > "/etc/letsencrypt/renewal/${domain}.conf"
fi
# Ignore non local domains # Ignore non local domains
if ! nslookup "${domain}" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})" ; then if ! nslookup "${domain}" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})" ; then
echo "ok - ${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip" >&2 ok "${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip"
continue continue
fi fi
@ -106,7 +133,8 @@ case $1 in
--webroot \ --webroot \
--agree-tos \ --agree-tos \
--webroot-path /var/lib/letsencrypt \ --webroot-path /var/lib/letsencrypt \
-d "${domain}" || break -d "${domain}" || ensure $?
touch "${updated}" touch "${updated}"
done done
esac esac