NephNET/docker-nginx-ssl
NephNET
/
docker-nginx-ssl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Activity
docker-nginx-ssl/override/usr/local/bin/certify

74 lines
3.4 KiB
Plaintext
Executable File
Raw Blame History

#!/command/with-contenv /bin/bash
# SPDX-FileCopyrightText: 2022 - 2023 Daniel Wolf <nephatrine@gmail.com>
#
# SPDX-License-Identifier: ISC
if [[ -z "${SSLDOMAINS}" && ! -d /mnt/config/ssl ]]; then
exit 0
fi
export HOME=/mnt/config/home
export B_RSA=${B_RSA:-4096}
export B_ECDSA=${B_ECDSA:-384}
export CURDOMAINS=""
cd /mnt/config/home || exit 1
# Determine Need
if [[ ! -d /mnt/config/etc/certbot ]]; then
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/etc/certbot
fi
if [[ -d /mnt/config/etc/certbot ]]; then
/bin/echo "$SSLDOMAINS" | /command/s6-setuidgid guardian /usr/bin/tee /mnt/config/etc/certbot/requested
fi
if [[ -f /mnt/config/etc/certbot/configured ]]; then
export CURDOMAINS=$(/usr/bin/head -1 /mnt/config/etc/certbot/configured)
fi
if [[ -z "${SSLDOMAINS}" && -z "${CURDOMAINS}" ]]; then
exit 0
fi
# Revoke Existing Certificates
if [[ ! -d /mnt/config/log ]]; then
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/log
fi
if [[ ! -d /mnt/config/ssl/live ]]; then
/command/s6-setuidgid guardian /bin/mkdir -p /mnt/config/ssl/live
fi
if [[ -f /mnt/config/ssl/live/README ]]; then
/bin/rm -f /mnt/config/ssl/live/README
fi
if [[ "x$SSLDOMAINS" != "x$CURDOMAINS" && -d /mnt/config/ssl/live ]]; then
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot revoke -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-path "/mnt/config/ssl/live/{}/fullchain.pem" --reason superseded --work-dir /tmp/certbot
/bin/ls /mnt/config/ssl/live | /usr/bin/xargs -n1 -I{} /command/s6-setuidgid guardian /usr/bin/certbot delete -n --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --cert-name "{}" --work-dir /tmp/certbot
if [[ -f /mnt/config/etc/certbot/configured ]]; then
/bin/rm -rf /mnt/config/etc/certbot/configured
fi
fi
fi
# Renew Or Create Certificates
if [[ -d /mnt/config/ssl/live ]]; then
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -eq 0 ]]; then
if [[ -n "$SSLDOMAINS" && $SSLEMAIL == *@* && -f /mnt/config/etc/certbot/requested ]]; then
if [[ ${B_ECDSA} -gt 0 ]]; then
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --key-type ecdsa --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
else
/command/s6-setuidgid guardian /usr/bin/certbot certonly -n --agree-tos --rsa-key-size "${B_RSA}" --keep --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --email "$SSLEMAIL" --standalone -d "$SSLDOMAINS" --work-dir /tmp/certbot
fi
if [[ $(/bin/ls /mnt/config/ssl/live | /usr/bin/wc -l) -gt 0 ]]; then
/command/s6-setuidgid guardian /bin/cp /mnt/config/etc/certbot/requested /mnt/config/etc/certbot/configured
fi
fi
elif [[ ${B_ECDSA} -gt 0 ]]; then
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --key-type ecdsa --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
else
/command/s6-setuidgid guardian /usr/bin/certbot renew -n --agree-tos --rsa-key-size "${B_RSA}" --config-dir /mnt/config/ssl --logs-dir /mnt/config/log --max-log-backups 0 --work-dir /tmp/certbot
fi
fi
Reference in New Issue View Git Blame Copy Permalink