Compare commits
4 commits
f1b7533218
...
e3bd62e6bd
Author | SHA1 | Date | |
---|---|---|---|
|
e3bd62e6bd | ||
|
d39cd11605 | ||
|
fb40860f31 | ||
|
e428837559 |
1 changed files with 21 additions and 21 deletions
26
certbotd.sh
26
certbotd.sh
|
@ -11,10 +11,7 @@ updated=/tmp/certbot.updated
|
|||
ensure() {
|
||||
test -n "$1" && echo "ok - $1 received, exiting gracefully..." >&2
|
||||
|
||||
rm -f "${lock}"
|
||||
|
||||
test -f "${updated}" || exit 0
|
||||
|
||||
if test -f "${updated}" ; then
|
||||
rm -f "${updated}"
|
||||
|
||||
# Fix permissions, users in group ssl have read access
|
||||
|
@ -22,18 +19,21 @@ ensure() {
|
|||
find /etc/letsencrypt -type f | xargs -r chmod 640
|
||||
chgrp -R ssl /etc/letsencrypt
|
||||
|
||||
${SINGLE_NODE:-false} && exit 0
|
||||
|
||||
# Push certificates to nodes, we use SSH as a secure transport
|
||||
# but this means we're synchronizing from container to host which is
|
||||
# awkward. A restricted rsync treats / as the remote location for the
|
||||
# certificates.
|
||||
if ! ${SINGLE_NODE:-false}; then
|
||||
for NODE in ${NODES}; do
|
||||
rsync -avHAXL --delete-after /etc/letsencrypt/live/ ${NODE}/ || continue
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
# Remove the lock after synchronization
|
||||
rm -f "${lock}"
|
||||
|
||||
# Exit with the error code
|
||||
exit $1
|
||||
}
|
||||
|
||||
for SIG in TERM QUIT INT HUP; do
|
||||
for SIG in 1 2 3 6 9 14 15; do
|
||||
trap "ensure ${SIG}" ${SIG}
|
||||
done
|
||||
|
||||
|
@ -92,7 +92,7 @@ case $1 in
|
|||
| jq --raw-output .[] \
|
||||
| while read domain; do
|
||||
# Skip already existing domains
|
||||
if test -d "/etc/letsencrypt/renewal/${domain}.conf"
|
||||
if test -f "/etc/letsencrypt/renewal/${domain}.conf"; then
|
||||
echo "ok - ${domain} already issued" >&2
|
||||
continue
|
||||
fi
|
||||
|
@ -115,4 +115,4 @@ case $1 in
|
|||
done
|
||||
esac
|
||||
|
||||
ensure
|
||||
ensure 0
|
||||
|
|
Loading…
Reference in a new issue