Enhance letsencrypt configuration and logging functionality

- Added shared volume for temporary output storage - Implemented logging of letsencrypt output to a file - Created JSON log entries for certificate creation status - Improved handling of domain checks and output file initialization
2025-03-08 11:31:03 +01:00
parent 59cfb9b619
commit 815c154a28
2 changed files with 93 additions and 51 deletions
--- a/letsencrypt.json
+++ b/letsencrypt.json
@@ -25,6 +25,11 @@
                    "DEST": "/acme.sh/",
                    "TYPE": "rw"
                },
+                {
+                    "SOURCE": "SHARED",
+                    "DEST": "/var/tmp/shared",
+                    "TYPE": "rw"
+                },
                {
                    "SOURCE": "/etc/user/config/domains",
                    "DEST": "/domains",
@@ -32,18 +37,28 @@
                }
            ],
            "PORTS": [],
-			"ENV_FILES": [ "/etc/user/config/user.json" ],
+            "ENV_FILES": [
+                "/etc/user/config/user.json"
+            ],
            "READYNESS": [
-			        {"tcp": ""},
-			        {"HTTP": ""},
-				{"EXEC": "/ready.sh"}
+                {
+                    "tcp": ""
+                },
+                {
+                    "HTTP": ""
+                },
+                {
+                    "EXEC": "/ready.sh"
+                }
            ],
            "EXTRA": "",
            "DEPEND": "null",
            "START_ON_BOOT": "false",
            "CMD": "null",
            "PRE_START": "null",
-			"POST_START": [ "firewall-29eexhrh" ]
+            "POST_START": [
+                "firewall-29eexhrh"
+            ]
        }
    ]
 }
--- a/start.letsencrypt.sh
+++ b/start.letsencrypt.sh
@@ -3,6 +3,13 @@
 email="-m $EMAIL"
 DOMAIN=$DOMAIN

+LOG_DIR=/var/tmp/shared/output
+LOG_FILE=$LOG_DIR/letsencrypt.txt
+LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json
+DATE=$(date +"%Y-%m-%d-%H-%M")
+ 
+
+
 echo "email $EMAIL"
 echo "DOMAIN: $DOMAIN"

@@ -33,12 +40,22 @@ sending_error_msg() {
 	echo "there was unsucessfuly created "$DOMAIN" at date: "$DATE;
 }

+create_json() {
+    LOG=$(cat $LOG_FILE | base64 -w0)
+    TMP_FILE=$(mktemp)
+    install -m 664 -g 65534 /dev/null $TMP_FILE
+    jq 'if . == null or . == [] then [{"domain": "'$DOMAIN'", "date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] else . + [{"domain": "'$DOMAIN'", 
+"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] end' $LETSENCRYPT_OUTPUT > $TMP_FILE
+    mv $TMP_FILE $LETSENCRYPT_OUTPUT
+    rm $TMP_FILE
+}
+
 start_letsencrypt() {
 	cd /root
 	curl https://get.acme.sh | sh -s email=$EMAIL
 	cd /root/.acme.sh
 	chmod a+x ./acme.sh
-	RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
+	RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem > $LOG_FILE);
 	if [[ "$(echo $?)" == "1" ]]; then	
 		for retries in $(seq 0 $((RESTART + 1))); do
 			if [[ $retries -le $RESTART ]] ; then
@@ -47,7 +64,7 @@ start_letsencrypt() {
 				SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
 				if [ "$ISSUER" == "$SUBJECT" ]; then
 					echo "Self signed certificate found";
-					RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem);
+					RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >> $LOG_FILE);
 					if [[ "$(echo $?)" != "1" ]]; then
 						sleep $TIMEOUT;
 						echo "Restarting number is only: "$retries" so try again"
@@ -58,11 +75,17 @@ start_letsencrypt() {
 				fi
 			else
 				echo "Reached retrying limit: "$RESTART" ,giving up"
+                echo "Creating log json from letsencrypt output"
+                STATUS=failed
+                create_json $STATUS
 			fi

 		done
 	else
 		echo "Created or renew successfuly the certificate for $DOMAIN"
+        echo "Creating log json from letsencrypt output"
+        STATUS=success
+        create_json $STATUS
 	fi
 }

@@ -82,11 +105,15 @@ check_new_cert() {
 }

 LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt);
-if [ -n "$LETSENCRYPT_FILE" ] ; then
+if [ -n "$LETSENCRYPT_FILE" ] || [ "$DOMAIN" != "" ] ; then
 	DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
 	rm $LETSENCRYPT_FILE;
 	ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
 	if [ "$DOMAIN" != "localhost" ]; then
+        if [ ! -f $LETSENCRYPT_OUTPUT ] then
+            install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
+            echo '[]' > $LETSENCRYPT_OUTPUT
+        fi
 		start_letsencrypt;
 		check_new_cert
 	fi