up to date repo
This commit is contained in:
@@ -1,7 +1,6 @@
|
|||||||
FROM neilpang/acme.sh:latest
|
FROM alpine
|
||||||
MAINTAINER gyurix
|
|
||||||
|
|
||||||
RUN apk update && apk add --no-cache jq
|
RUN apk update && apk add --no-cache jq curl openssl socat
|
||||||
COPY ./start.letsencrypt.sh /start.letsencrypt.sh
|
COPY ./start.letsencrypt.sh /start.letsencrypt.sh
|
||||||
|
|
||||||
ENTRYPOINT ["/start.letsencrypt.sh"]
|
ENTRYPOINT ["/start.letsencrypt.sh"]
|
||||||
|
|||||||
@@ -1,6 +1,10 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
email="-m $EMAIL"
|
email="-m $EMAIL"
|
||||||
|
DOMAIN=$DOMAIN
|
||||||
|
|
||||||
|
echo "email $EMAIL"
|
||||||
|
echo "DOMAIN: $DOMAIN"
|
||||||
|
|
||||||
if [ "$LETSENCRYPT_SERVER" != "" ]; then
|
if [ "$LETSENCRYPT_SERVER" != "" ]; then
|
||||||
L_S="--server $LETSENCRYPT_SERVER"
|
L_S="--server $LETSENCRYPT_SERVER"
|
||||||
@@ -16,7 +20,7 @@ fi
|
|||||||
|
|
||||||
TIMEOUT=$TIMEOUT
|
TIMEOUT=$TIMEOUT
|
||||||
if [[ -z "$TIMEOUT" ]]; then
|
if [[ -z "$TIMEOUT" ]]; then
|
||||||
TIMEOUT=5;
|
TIMEOUT=10;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
RESTART=$RESTART
|
RESTART=$RESTART
|
||||||
@@ -30,19 +34,20 @@ sending_error_msg() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
start_letsencrypt() {
|
start_letsencrypt() {
|
||||||
|
cd /root
|
||||||
mkdir -p /acme.sh/$DOMAIN/ ;
|
curl https://get.acme.sh | sh -s email=$EMAIL
|
||||||
|
cd /root/.acme.sh
|
||||||
RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
|
chmod a+x ./acme.sh
|
||||||
|
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
|
||||||
if [[ "$(echo $?)" == "1" ]]; then
|
if [[ "$(echo $?)" == "1" ]]; then
|
||||||
for retries in $(seq 0 $((RESTART + 1))); do
|
for retries in $(seq 0 $((RESTART + 1))); do
|
||||||
if [[ $retries -le $RESTART ]] ; then
|
if [[ $retries -le $RESTART ]] ; then
|
||||||
# Check certificate issuer
|
# Check certificate issuer
|
||||||
ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer | cut -d '=' -f2);
|
ISSUER=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer | cut -d '=' -f2);
|
||||||
SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
|
SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
|
||||||
if [ "$ISSUER" == "$SUBJECT" ]; then
|
if [ "$ISSUER" == "$SUBJECT" ]; then
|
||||||
echo "Self signed certificate found";
|
echo "Self signed certificate found";
|
||||||
RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
|
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
|
||||||
if [[ "$(echo $?)" != "1" ]]; then
|
if [[ "$(echo $?)" != "1" ]]; then
|
||||||
sleep $TIMEOUT;
|
sleep $TIMEOUT;
|
||||||
echo "Restarting number is only: "$retries" so try again"
|
echo "Restarting number is only: "$retries" so try again"
|
||||||
@@ -62,38 +67,38 @@ start_letsencrypt() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
check_new_cert() {
|
check_new_cert() {
|
||||||
|
|
||||||
#DATE=$(date +%s)
|
#DATE=$(date +%s)
|
||||||
if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]] ; then
|
if [[ -f /etc/ssl/keys/$DOMAIN/key.pem && -f /etc/ssl/keys/$DOMAIN/fullchain.pem && -f /etc/ssl/keys/$DOMAIN/cert.pem ]] ; then
|
||||||
#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
|
#D1=$(date -r /etc/ssl/keys/$DOMAIN/fullchain.pem +%s)
|
||||||
#DIFF=$(expr $DATE - $D1);
|
#DIFF=$(expr $DATE - $D1);
|
||||||
#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
|
#if [ $DIFF < 3600 ]; then touch /etc/ssl/keys/$DOMAIN/new_certificate; fi
|
||||||
NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
NEW=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
|
||||||
if [ "$ORIGINAL" != "$NEW" ]; then
|
if [ "$ORIGINAL" != "$NEW" ]; then
|
||||||
touch /acme.sh/$DOMAIN/new_certificate;
|
touch /etc/ssl/keys/$DOMAIN/new_certificate;
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
sending_error_msg $DOMAIN $DATE;
|
sending_error_msg $DOMAIN $DATE;
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
LETSENCRYPT_FILE=$(find /acme.sh/ -type f -name letsencrypt);
|
LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt);
|
||||||
if [ -n "$LETSENCRYPT_FILE" ] ; then
|
if [ -n "$LETSENCRYPT_FILE" ] ; then
|
||||||
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
|
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
|
||||||
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
|
||||||
start_letsencrypt;
|
|
||||||
rm $LETSENCRYPT_FILE;
|
rm $LETSENCRYPT_FILE;
|
||||||
|
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
|
||||||
|
if [ "$DOMAIN" != "localhost" ]; then
|
||||||
|
start_letsencrypt;
|
||||||
check_new_cert
|
check_new_cert
|
||||||
|
fi
|
||||||
|
|
||||||
else
|
else
|
||||||
cd /domains
|
cd /domains
|
||||||
for i in `ls` ; do
|
for i in `ls` ; do
|
||||||
DOMAIN=$(jq -r .DOMAIN $i) ;
|
DOMAIN=$(jq -r .DOMAIN $i) ;
|
||||||
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
if [ "$DOMAIN" != "localhost" ]; then
|
||||||
|
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
|
||||||
start_letsencrypt $DOMAIN;
|
start_letsencrypt $DOMAIN;
|
||||||
|
|
||||||
check_new_cert
|
check_new_cert
|
||||||
|
fi
|
||||||
done ;
|
done ;
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user