safebox/letsencrypt
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

up to date repo

Browse Source
This commit is contained in:
Gyorgy Berenyi
2025-02-16 08:48:50 +01:00
parent 6e9f7542c4
commit 1c25dc156a
2 changed files with 31 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile
View File

@@ -1,7 +1,6 @@
FROM neilpang/acme.sh:latest
MAINTAINER gyurix
FROM alpine
RUN apk update && apk add --no-cache jq
RUN apk update && apk add --no-cache jq curl openssl socat
COPY ./start.letsencrypt.sh /start.letsencrypt.sh
ENTRYPOINT ["/start.letsencrypt.sh"]

53
start.letsencrypt.sh
View File

@@ -1,6 +1,10 @@
#!/bin/sh
email="-m $EMAIL"
DOMAIN=$DOMAIN
echo "email $EMAIL"
echo "DOMAIN: $DOMAIN"
if [ "$LETSENCRYPT_SERVER" != "" ]; then
L_S="--server $LETSENCRYPT_SERVER"
@@ -16,7 +20,7 @@ fi
TIMEOUT=$TIMEOUT
if [[ -z "$TIMEOUT" ]]; then
TIMEOUT=5;
TIMEOUT=10;
fi
RESTART=$RESTART
@@ -30,19 +34,20 @@ sending_error_msg() {
}
start_letsencrypt() {
mkdir -p /acme.sh/$DOMAIN/ ;
RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
cd /root
curl https://get.acme.sh | sh -s email=$EMAIL
cd /root/.acme.sh
chmod a+x ./acme.sh
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
if [[ "$(echo $?)" == "1" ]]; then
for retries in $(seq 0 $((RESTART + 1))); do
if [[ $retries -le $RESTART ]] ; then
# Check certificate issuer
ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer | cut -d '=' -f2);
SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
ISSUER=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer | cut -d '=' -f2);
SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
if [ "$ISSUER" == "$SUBJECT" ]; then
echo "Self signed certificate found";
RESPONSE=$(/usr/local/bin/acme.sh $email $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem);
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
if [[ "$(echo $?)" != "1" ]]; then
sleep $TIMEOUT;
echo "Restarting number is only: "$retries" so try again"
@@ -62,38 +67,38 @@ start_letsencrypt() {
}
check_new_cert() {
#DATE=$(date +%s)
if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]] ; then
#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
if [[ -f /etc/ssl/keys/$DOMAIN/key.pem && -f /etc/ssl/keys/$DOMAIN/fullchain.pem && -f /etc/ssl/keys/$DOMAIN/cert.pem ]] ; then
#D1=$(date -r /etc/ssl/keys/$DOMAIN/fullchain.pem +%s)
#DIFF=$(expr $DATE - $D1);
#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
#if [ $DIFF < 3600 ]; then touch /etc/ssl/keys/$DOMAIN/new_certificate; fi
NEW=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$ORIGINAL" != "$NEW" ]; then
touch /acme.sh/$DOMAIN/new_certificate;
touch /etc/ssl/keys/$DOMAIN/new_certificate;
fi
else
sending_error_msg $DOMAIN $DATE;
fi
}
LETSENCRYPT_FILE=$(find /acme.sh/ -type f -name letsencrypt);
LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt);
if [ -n "$LETSENCRYPT_FILE" ] ; then
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt;
rm $LETSENCRYPT_FILE;
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$DOMAIN" != "localhost" ]; then
start_letsencrypt;
check_new_cert
fi
check_new_cert
else
cd /domains
for i in `ls` ; do
DOMAIN=$(jq -r .DOMAIN $i) ;
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt $DOMAIN;
check_new_cert
if [ "$DOMAIN" != "localhost" ]; then
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt $DOMAIN;
check_new_cert
fi
done ;
fi