forked from cpwc/le-serverpilot
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrenew-cert-auto.sh
126 lines (101 loc) · 5.27 KB
/
renew-cert-auto.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#!/bin/bash
###############################################################
## THIS WILL RENEW A FREE 90 DAY SSL CERTIFICATE ##
## FROM LETS ENCRYPT AUTO ##
## ##
## to be used with a cron job ideally ##
###############################################################
# Make sure a value is passed from the paramater
if [[ "${DF_CRON_DOMAIN}" == "" ]]; then echo "ERROR: No Domain specified" >> $DF_LOG 2>&1; exit 1; fi
# Lets check the domain has a ssl certs
if [[ ! -d "${BASEDIR}/certs/${DF_CRON_DOMAIN}" ]]; then echo "ERROR: Domain does not have a SSL Cert on this server" >> $DF_LOG 2>&1; exit 1; fi
# Lets load the cron config from the domain config file
if [[ ! -f "${BASEDIR}/certs/${DF_CRON_DOMAIN}/${DF_ACCOUNT_DOMAIN_CRON}" ]]; then echo "ERROR: No Cron config file found in the domain" >> $DF_LOG 2>&1; exit 1; else . "${BASEDIR}/certs/${DF_CRON_DOMAIN}/${DF_ACCOUNT_DOMAIN_CRON}"; fi
# In Testing mode use only testing accounts
if [[ "${TESTING}" == 1 ]]; then DF_TMP_ACCD=${DF_ACCOUNT_DIR_T}; echo " + Running in TESTING MODE (STAGING SERVERS)" >> $DF_LOG 2>&1; else DF_TMP_ACCD=${DF_ACCOUNT_DIR}; fi
# Check if there is an email paramater present, otherwise use the default one
if [[ ! "${DF_CRON_EMAIL}" == "" ]]; then
# Check if there is a default email account configured
if [ -f "${DF_TMP_ACCD}/${DF_ACCOUNT_D}" ]; then
. "${DF_TMP_ACCD}/${DF_ACCOUNT_D}"
echo " + Loaded default email account (${CONTACT_EMAIL})" >> $DF_LOG 2>&1
else
echo "ERROR: No email account found" >> $DF_LOG 2>&1; exit 1;
fi
else
CONTACT_EMAIL=${DF_CRON_EMAIL}
if [[ ! -f "${DF_TMP_ACCD}/${CONTACT_EMAIL}.pem" ]]; then echo "ERROR: No email account found as per paramater" >> $DF_LOG 2>&1; exit 1; fi
PRIVATE_KEY="${DF_TMP_ACCD}/${CONTACT_EMAIL}.pem"
echo " + Loaded set email account (${CONTACT_EMAIL})" >> $DF_LOG 2>&1
fi
# Get current list of domains
if [ ! -f "${BASEDIR}/certs/${DF_CRON_DOMAIN}/${DF_ACCOUNT_DOMAIN}" ]; then
echo "ERROR: Cannot find domain list" >> $DF_LOG 2>&1; exit 1;
else
echo " + Domain list added" >> $DF_LOG 2>&1
fi
# Check if Challange directory exists
if [ ! -d "$AUTODF" ]; then
echo -e " + Creating global auto challenge directory";
mkdir -p "$AUTODF";
fi
#
# Add well-known alias to all vhosts on the server
SEVHOST="${DF_CL_NGINX}/"
# Do we need to restart the NGINX Service?
DFSERVICER=0;
# Search through the vhosts.d directory for all folders
for Dir in $(find ${SEVHOST}* -maxdepth 0 -type d );
do
# Check if the DIR is found (prevents config errors)
FolderName=$(basename $Dir);
if [[ ! -d "${DF_CL_NGINX}/${FolderName}" ]]; then
echo "ERROR: Vhost directory NOT found for (${FolderName})" >> $DF_LOG 2>&1; exit 1;
fi
# Check if we have an existing file? Check if it is correct
# if wrong delete it so we can re-create again
if [[ -f "${DF_CL_NGINX}/${FolderName}/acme.conf" ]]; then
DF_TMP_RE=1;
if grep -q "${AUTODF}" "${DF_CL_NGINX}/${FolderName}/acme.conf"; then DF_TMP_RE=0; fi
if [[ ${DF_TMP_RE} == 1 ]]; then
echo " - Found incorrect ACME Challenge Alias for (${FolderName})" >> $DF_LOG 2>&1
sudo rm -f -- "${DF_CL_NGINX}/${FolderName}/acme.conf"
fi
fi
# Check if the ACME Conf already exists
if [[ ! -f "${DF_CL_NGINX}/${FolderName}/acme.conf" ]]; then
echo " + Adding ACME Challenge Alias to (${FolderName})" >> $DF_LOG 2>&1
DFSERVICER=1;
# LETS ADD THE CUSTOM WEBROOT ALIAS
echo -e "
# ADDS THE CHALLENGE DIR TO THE VHOST SERVER BLOCK
# DO NOT EDIT (generated by sh files)
location /.well-known/acme-challenge/ {
alias ${AUTODF}/;
}" | sudo tee "${DF_CL_NGINX}/${FolderName}/acme.conf" > /dev/null
fi
done
#
# reset the cd back to script dir
cd ${BASEDIR};
if [ $DFSERVICER == 1 ]; then
# Restart Nginx
echo " + Challenge files updated, restarting NGINX..." >> $DF_LOG 2>&1
sudo service nginx-sp restart >> $DF_LOG 2>&1
else
echo " - No changes needed in Vhosts" >> $DF_LOG 2>&1
fi
# Create the tmp config (for acme.sh) - doing it the lazy way
echo -e "WELLKNOWN='${AUTODF}'" > ${CFDFT}
echo -e "CONTACT_EMAIL='${CONTACT_EMAIL}'" >> ${CFDFT}
echo -e "DOMAINS_TXT='${BASEDIR}/certs/${DF_CRON_DOMAIN}/${DF_ACCOUNT_DOMAIN}'" >> ${CFDFT}
echo -e "PRIVATE_KEY='${PRIVATE_KEY}'" >> ${CFDFT}
if [[ "${TESTING}" == 1 ]]; then
echo -e 'CA="https://acme-staging.api.letsencrypt.org/directory"' >> ${CFDFT}
else
echo -e 'CA="https://acme-v01.api.letsencrypt.org/directory"' >> ${CFDFT}
fi
bash "${BASEDIR}/acme.sh" -c --config ${CFDFT} >> $DF_LOG 2>&1
# Remove tmp config file
rm -- ${CFDFT}
exit;