Compare commits
No commits in common. "ffed22b2df3c59f90fb83ec946bcef52bb25c792" and "af1549c1426dd79445e8cd981f04429f82b342b9" have entirely different histories.
ffed22b2df
...
af1549c142
1 changed files with 8 additions and 36 deletions
44
certbotd.sh
44
certbotd.sh
|
|
@ -1,15 +1,7 @@
|
|||
#!/bin/sh
|
||||
|
||||
ok() {
|
||||
echo "ok - $@" >&2
|
||||
}
|
||||
|
||||
not_ok() {
|
||||
echo "not ok - $@" >&2
|
||||
}
|
||||
|
||||
if test -z "${NODES}" && test -z "${SINGLE_NODE}"; then
|
||||
not_ok "The env var NODES is empty, if you don't want to synchronize to other servers, set SINGLE_NODE=true"
|
||||
echo "not ok - The env var NODES is empty, if you don't want to synchronize to other servers, set SINGLE_NODE=true" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -17,7 +9,7 @@ lock=/tmp/certbot.lck
|
|||
updated=/tmp/certbot.updated
|
||||
|
||||
ensure() {
|
||||
test -n "$1" && ok "$1 received, exiting gracefully..."
|
||||
test -n "$1" && echo "ok - $1 received, exiting gracefully..." >&2
|
||||
|
||||
if test -f "${updated}" ; then
|
||||
rm -f "${updated}"
|
||||
|
|
@ -45,8 +37,6 @@ for SIG in 1 2 3 6 9 14 15; do
|
|||
trap "ensure ${SIG}" ${SIG}
|
||||
done
|
||||
|
||||
set -E
|
||||
|
||||
case $1 in
|
||||
# Renew certificates, trust in certbot's algorithms
|
||||
renew)
|
||||
|
|
@ -76,8 +66,8 @@ case $1 in
|
|||
*)
|
||||
# Only one instance can run at a time
|
||||
if test -f "${lock}" ; then
|
||||
not_ok "There's a certbotd instance already running, doing nothing..."
|
||||
not_ok "If the problem persists, you may need to remove ${lock} manually."
|
||||
echo "not ok - There's a certbotd instance already running, doing nothing..." >&2
|
||||
echo "not ok - If the problem persists, you may need to remove ${lock} manually." >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -97,32 +87,15 @@ case $1 in
|
|||
2>"${headers}" \
|
||||
| jq --raw-output .[] \
|
||||
| while read domain; do
|
||||
if test -z "${domain}"; then
|
||||
not_ok "domain is empty"
|
||||
continue
|
||||
fi
|
||||
|
||||
# Skip already existing domains
|
||||
if test -s "/etc/letsencrypt/renewal/${domain}.conf"; then
|
||||
ok "${domain} already issued"
|
||||
if test -f "/etc/letsencrypt/renewal/${domain}.conf"; then
|
||||
echo "ok - ${domain} already issued" >&2
|
||||
continue
|
||||
else
|
||||
ok "${domain} renewal conf was empty, fixing..."
|
||||
|
||||
other_renewal="$(grep -l -m 1 "^authenticator = webroot$" /etc/letsencrypt/renewal/*.conf | head -1)"
|
||||
|
||||
if test -z "${other_renewal}"; then
|
||||
not_ok "${domain} couldn't fix"
|
||||
ensure 1
|
||||
fi
|
||||
|
||||
other_domain="$(basename "${other_renewal}" .conf)"
|
||||
sed -re "s/${other_domain}/${domain}/g" "${other_renewal}" > "/etc/letsencrypt/renewal/${domain}.conf"
|
||||
fi
|
||||
|
||||
# Ignore non local domains
|
||||
if ! nslookup "${domain}" 8.8.8.8 | grep -qE "(${SUTTY_ADDRESSES// /|})" ; then
|
||||
ok "${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip"
|
||||
echo "ok - ${domain} is not configured to any Sutty node or DNS records are still cached, ignoring for now # skip" >&2
|
||||
continue
|
||||
fi
|
||||
|
||||
|
|
@ -133,8 +106,7 @@ case $1 in
|
|||
--webroot \
|
||||
--agree-tos \
|
||||
--webroot-path /var/lib/letsencrypt \
|
||||
-d "${domain}" || ensure $?
|
||||
|
||||
-d "${domain}" || break
|
||||
touch "${updated}"
|
||||
done
|
||||
esac
|
||||
|
|
|
|||
Loading…
Reference in a new issue