Compare commits
No commits in common. "e3bd62e6bd9379445e4c7476895631b667fb4411" and "f1b75332189513e3a4ee57649e438619196d87c4" have entirely different histories.
e3bd62e6bd
...
f1b7533218
1 changed files with 21 additions and 21 deletions
42
certbotd.sh
42
certbotd.sh
|
@ -11,29 +11,29 @@ updated=/tmp/certbot.updated
|
||||||
ensure() {
|
ensure() {
|
||||||
test -n "$1" && echo "ok - $1 received, exiting gracefully..." >&2
|
test -n "$1" && echo "ok - $1 received, exiting gracefully..." >&2
|
||||||
|
|
||||||
if test -f "${updated}" ; then
|
|
||||||
rm -f "${updated}"
|
|
||||||
|
|
||||||
# Fix permissions, users in group ssl have read access
|
|
||||||
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
|
||||||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
|
||||||
chgrp -R ssl /etc/letsencrypt
|
|
||||||
|
|
||||||
if ! ${SINGLE_NODE:-false}; then
|
|
||||||
for NODE in ${NODES}; do
|
|
||||||
rsync -avHAXL --delete-after /etc/letsencrypt/live/ ${NODE}/ || continue
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Remove the lock after synchronization
|
|
||||||
rm -f "${lock}"
|
rm -f "${lock}"
|
||||||
|
|
||||||
# Exit with the error code
|
test -f "${updated}" || exit 0
|
||||||
exit $1
|
|
||||||
|
rm -f "${updated}"
|
||||||
|
|
||||||
|
# Fix permissions, users in group ssl have read access
|
||||||
|
find /etc/letsencrypt -type d | xargs -r chmod 2750
|
||||||
|
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||||
|
chgrp -R ssl /etc/letsencrypt
|
||||||
|
|
||||||
|
${SINGLE_NODE:-false} && exit 0
|
||||||
|
|
||||||
|
# Push certificates to nodes, we use SSH as a secure transport
|
||||||
|
# but this means we're synchronizing from container to host which is
|
||||||
|
# awkward. A restricted rsync treats / as the remote location for the
|
||||||
|
# certificates.
|
||||||
|
for NODE in ${NODES}; do
|
||||||
|
rsync -avHAXL --delete-after /etc/letsencrypt/live/ ${NODE}/ || continue
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
for SIG in 1 2 3 6 9 14 15; do
|
for SIG in TERM QUIT INT HUP; do
|
||||||
trap "ensure ${SIG}" ${SIG}
|
trap "ensure ${SIG}" ${SIG}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
@ -92,7 +92,7 @@ case $1 in
|
||||||
| jq --raw-output .[] \
|
| jq --raw-output .[] \
|
||||||
| while read domain; do
|
| while read domain; do
|
||||||
# Skip already existing domains
|
# Skip already existing domains
|
||||||
if test -f "/etc/letsencrypt/renewal/${domain}.conf"; then
|
if test -d "/etc/letsencrypt/renewal/${domain}.conf"
|
||||||
echo "ok - ${domain} already issued" >&2
|
echo "ok - ${domain} already issued" >&2
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
@ -115,4 +115,4 @@ case $1 in
|
||||||
done
|
done
|
||||||
esac
|
esac
|
||||||
|
|
||||||
ensure 0
|
ensure
|
||||||
|
|
Loading…
Reference in a new issue