From 1c25dc156af208fcd325fee311fb1e6ad5df4005 Mon Sep 17 00:00:00 2001
From: Gyurix <gyorgy.berenyi@format.hu>
Date: Sun, 16 Feb 2025 08:48:50 +0100
Subject: [PATCH] up to date repo

---
 Dockerfile           |  5 ++---
 start.letsencrypt.sh | 53 ++++++++++++++++++++++++--------------------
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index ba4dc80..789565b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,7 +1,6 @@
-FROM neilpang/acme.sh:latest
-MAINTAINER gyurix
+FROM alpine
 
-RUN apk update && apk add --no-cache jq
+RUN apk update && apk add --no-cache jq curl openssl socat
 COPY ./start.letsencrypt.sh /start.letsencrypt.sh
 
 ENTRYPOINT ["/start.letsencrypt.sh"]
diff --git a/start.letsencrypt.sh b/start.letsencrypt.sh
index 9d5927c..adcbdc5 100755
--- a/start.letsencrypt.sh
+++ b/start.letsencrypt.sh
@@ -1,6 +1,10 @@
 #!/bin/sh
 
 email="-m $EMAIL"
+DOMAIN=$DOMAIN
+
+echo "email $EMAIL"
+echo "DOMAIN: $DOMAIN"
 
 if [ "$LETSENCRYPT_SERVER" != "" ]; then
         L_S="--server $LETSENCRYPT_SERVER"
@@ -16,7 +20,7 @@ fi
 
 TIMEOUT=$TIMEOUT
 if [[ -z "$TIMEOUT" ]]; then
-	TIMEOUT=5;
+	TIMEOUT=10;
 fi
 
 RESTART=$RESTART
@@ -30,19 +34,20 @@ sending_error_msg() {
 }
 
 start_letsencrypt() {
-
-	mkdir -p /acme.sh/$DOMAIN/ ;
-	
-	RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d  $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
+	cd /root
+	curl https://get.acme.sh | sh -s email=$EMAIL
+	cd /root/.acme.sh
+	chmod a+x ./acme.sh
+	RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
 	if [[ "$(echo $?)" == "1" ]]; then	
 		for retries in $(seq 0 $((RESTART + 1))); do
 			if [[ $retries -le $RESTART ]] ; then
 				# Check certificate issuer
-				ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer |  cut -d '=' -f2);
-				SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
+				ISSUER=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer |  cut -d '=' -f2);
+				SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
 				if [ "$ISSUER" == "$SUBJECT" ]; then
 					echo "Self signed certificate found";
-					RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d  $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
+					RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
 					if [[ "$(echo $?)" != "1" ]]; then
 						sleep $TIMEOUT;
 						echo "Restarting number is only: "$retries" so try again"
@@ -62,38 +67,38 @@ start_letsencrypt() {
 }
 
 check_new_cert() {
-
 	#DATE=$(date +%s)
-	if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]] ; then
-		#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
+	if [[ -f /etc/ssl/keys/$DOMAIN/key.pem && -f /etc/ssl/keys/$DOMAIN/fullchain.pem && -f /etc/ssl/keys/$DOMAIN/cert.pem ]] ; then
+		#D1=$(date -r /etc/ssl/keys/$DOMAIN/fullchain.pem +%s)
 		#DIFF=$(expr $DATE - $D1);
-		#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
-		NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
+		#if [ $DIFF < 3600 ]; then touch /etc/ssl/keys/$DOMAIN/new_certificate; fi
+		NEW=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
 		if [ "$ORIGINAL" !=  "$NEW" ]; then
-			touch /acme.sh/$DOMAIN/new_certificate;
+			touch /etc/ssl/keys/$DOMAIN/new_certificate;
 		fi
 	else
 		sending_error_msg $DOMAIN $DATE;
 	fi
 }
 
-LETSENCRYPT_FILE=$(find /acme.sh/ -type f -name letsencrypt);
+LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt);
 if [ -n "$LETSENCRYPT_FILE" ] ; then
 	DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
-	ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
-	start_letsencrypt;
 	rm $LETSENCRYPT_FILE;
+	ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
+	if [ "$DOMAIN" != "localhost" ]; then
+		start_letsencrypt;
+		check_new_cert
+	fi
 
-	check_new_cert
 else 
 	cd /domains
 	for i in `ls` ; do
 		DOMAIN=$(jq -r .DOMAIN $i) ;
-		ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
-		start_letsencrypt $DOMAIN;
-
-		check_new_cert
+		if [ "$DOMAIN" != "localhost" ]; then
+			ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
+			start_letsencrypt $DOMAIN;
+			check_new_cert
+		fi
 	done ;
 fi
-
-