diff --git a/letsencrypt.json b/letsencrypt.json index 9550d1a..e7518a3 100644 --- a/letsencrypt.json +++ b/letsencrypt.json @@ -1,49 +1,64 @@ { - "main": { - "SERVICE_NAME": "letsencrypt", - "DOMAIN": "null" - }, - "networks": [ - { - "NAME": "letsencrypt", - "DRIVER": "bridge", - "SUBNET": "172.18.254.0/24", - "RANGE": "172.18.254.0/24", - "GATEWAY": "172.18.254.1" - } - ], - "containers": [ - { - "IMAGE": "registry.format.hu/letsencrypt", - "NAME": "letsencrypt", - "MEMORY": "64M", - "IP": "172.18.254.254", - "NETWORK": "letsencrypt", - "VOLUMES": [ - { - "SOURCE": "/etc/system/data/ssl/keys/", - "DEST": "/acme.sh/", - "TYPE": "rw" - }, - { - "SOURCE": "/etc/user/config/domains", - "DEST": "/domains", - "TYPE": "ro" - } - ], - "PORTS": [ ], - "ENV_FILES": [ "/etc/user/config/user.json" ], - "READYNESS": [ - {"tcp": ""}, - {"HTTP": ""}, - {"EXEC": "/ready.sh"} - ], - "EXTRA": "", - "DEPEND": "null", - "START_ON_BOOT": "false", - "CMD": "null", - "PRE_START": "null", - "POST_START": [ "firewall-29eexhrh" ] - } - ] -} + "main": { + "SERVICE_NAME": "letsencrypt", + "DOMAIN": "null" + }, + "networks": [ + { + "NAME": "letsencrypt", + "DRIVER": "bridge", + "SUBNET": "172.18.254.0/24", + "RANGE": "172.18.254.0/24", + "GATEWAY": "172.18.254.1" + } + ], + "containers": [ + { + "IMAGE": "registry.format.hu/letsencrypt", + "NAME": "letsencrypt", + "MEMORY": "64M", + "IP": "172.18.254.254", + "NETWORK": "letsencrypt", + "VOLUMES": [ + { + "SOURCE": "/etc/system/data/ssl/keys/", + "DEST": "/acme.sh/", + "TYPE": "rw" + }, + { + "SOURCE": "SHARED", + "DEST": "/var/tmp/shared", + "TYPE": "rw" + }, + { + "SOURCE": "/etc/user/config/domains", + "DEST": "/domains", + "TYPE": "ro" + } + ], + "PORTS": [], + "ENV_FILES": [ + "/etc/user/config/user.json" + ], + "READYNESS": [ + { + "tcp": "" + }, + { + "HTTP": "" + }, + { + "EXEC": "/ready.sh" + } + ], + "EXTRA": "", + "DEPEND": "null", + "START_ON_BOOT": "false", + "CMD": "null", + "PRE_START": "null", + "POST_START": [ + "firewall-29eexhrh" + ] + } + ] +} \ No newline at end of file diff --git a/start.letsencrypt.sh b/start.letsencrypt.sh index adcbdc5..a735d4a 100755 --- a/start.letsencrypt.sh +++ b/start.letsencrypt.sh @@ -3,6 +3,13 @@ email="-m $EMAIL" DOMAIN=$DOMAIN +LOG_DIR=/var/tmp/shared/output +LOG_FILE=$LOG_DIR/letsencrypt.txt +LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json +DATE=$(date +"%Y-%m-%d-%H-%M") + + + echo "email $EMAIL" echo "DOMAIN: $DOMAIN" @@ -33,12 +40,22 @@ sending_error_msg() { echo "there was unsucessfuly created "$DOMAIN" at date: "$DATE; } +create_json() { + LOG=$(cat $LOG_FILE | base64 -w0) + TMP_FILE=$(mktemp) + install -m 664 -g 65534 /dev/null $TMP_FILE + jq 'if . == null or . == [] then [{"domain": "'$DOMAIN'", "date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] else . + [{"domain": "'$DOMAIN'", +"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] end' $LETSENCRYPT_OUTPUT > $TMP_FILE + mv $TMP_FILE $LETSENCRYPT_OUTPUT + rm $TMP_FILE +} + start_letsencrypt() { cd /root curl https://get.acme.sh | sh -s email=$EMAIL cd /root/.acme.sh chmod a+x ./acme.sh - RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem); + RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem > $LOG_FILE); if [[ "$(echo $?)" == "1" ]]; then for retries in $(seq 0 $((RESTART + 1))); do if [[ $retries -le $RESTART ]] ; then @@ -47,7 +64,7 @@ start_letsencrypt() { SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2); if [ "$ISSUER" == "$SUBJECT" ]; then echo "Self signed certificate found"; - RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem); + RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >> $LOG_FILE); if [[ "$(echo $?)" != "1" ]]; then sleep $TIMEOUT; echo "Restarting number is only: "$retries" so try again" @@ -58,11 +75,17 @@ start_letsencrypt() { fi else echo "Reached retrying limit: "$RESTART" ,giving up" + echo "Creating log json from letsencrypt output" + STATUS=failed + create_json $STATUS fi done else echo "Created or renew successfuly the certificate for $DOMAIN" + echo "Creating log json from letsencrypt output" + STATUS=success + create_json $STATUS fi } @@ -82,11 +105,15 @@ check_new_cert() { } LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt); -if [ -n "$LETSENCRYPT_FILE" ] ; then +if [ -n "$LETSENCRYPT_FILE" ] || [ "$DOMAIN" != "" ] ; then DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ; rm $LETSENCRYPT_FILE; ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout) if [ "$DOMAIN" != "localhost" ]; then + if [ ! -f $LETSENCRYPT_OUTPUT ] then + install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT + echo '[]' > $LETSENCRYPT_OUTPUT + fi start_letsencrypt; check_new_cert fi