74 lines
3.4 KiB
Plaintext
Executable File
74 lines
3.4 KiB
Plaintext
Executable File
#!/command/with-contenv /bin/bash
|
|
# SPDX-FileCopyrightText: 2022 - 2023 Daniel Wolf <nephatrine@gmail.com>
|
|
#
|
|
# SPDX-License-Identifier: ISC
|
|
|
|
if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
export HOME=/mnt/config/home
|
|
export B_RSA=${B_RSA:-4096}
|
|
export B_ECDSA=${B_ECDSA:-384}
|
|
export CURDOMAINS=""
|
|
|
|
cd /mnt/config/home || exit 1
|
|
|
|
# Determine Need
|
|
|
|
if [[ ! -d /mnt/config/etc/certbot ]]; then
|
|
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/certbot
|
|
fi
|
|
if [[ -d /mnt/config/etc/certbot ]]; then
|
|
/bin/echo "$SSLDOMAINS" | /command/s6-setuidgid guardian /usr/bin/tee /mnt/config/etc/certbot/requested
|
|
fi
|
|
if [[ -f /mnt/config/etc/certbot/configured ]]; then
|
|
export CURDOMAINS=$(/usr/bin/head -1 /mnt/config/etc/certbot/configured)
|
|
fi
|
|
|
|
if [[ -z "${SSLDOMAINS}" && -z "${CURDOMAINS}" ]]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Revoke Existing Certificates
|
|
|
|
if [[ ! -d /mnt/config/log ]]; then
|
|
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/log
|
|
fi
|
|
if [[ ! -d /mnt/config/ssl/live ]]; then
|
|
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl/live
|
|
fi
|
|
if [[ -f /mnt/config/ssl/live/README ]]; then
|
|
/bin/rm -f /mnt/config/ssl/live/README
|
|
fi
|
|
if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" && -d /mnt/config/ssl/live ]]; then
|
|
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
|
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot revoke -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-path "/mnt/config/ssl/live/{}/fullchain.pem" --reason superseded --work-dir /tmp/certbot
|
|
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot delete -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-name "{}" --work-dir /tmp/certbot
|
|
if [[ -f /mnt/config/etc/certbot/configured ]]; then
|
|
/bin/rm -rf /mnt/config/etc/certbot/configured
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# Renew Or Create Certificates
|
|
|
|
if [[ -d /mnt/config/ssl/live ]]; then
|
|
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
|
|
if [[ -n "$SSLDOMAINS" && $SSLEMAIL == *@* && -f /mnt/config/etc/certbot/requested ]]; then
|
|
if [[ ${B_ECDSA} -gt 0 ]]; then
|
|
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
|
else
|
|
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size "${B_RSA}" --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
|
|
fi
|
|
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
|
|
/command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
|
|
fi
|
|
fi
|
|
elif [[ ${B_ECDSA} -gt 0 ]]; then
|
|
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
|
else
|
|
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
|
|
fi
|
|
fi
|