Refactor start.letsencrypt.sh to update file paths for certificate handling
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
gyurix
@@ -60,16 +60,16 @@ start_letsencrypt() {
|
||||
fi
|
||||
cd /root/.acme.sh
|
||||
chmod a+x ./acme.sh
|
||||
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >$LOG_FILE)
|
||||
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE)
|
||||
if [[ "$(echo $?)" == "1" ]]; then
|
||||
for retries in $(seq 0 $((RESTART + 1))); do
|
||||
if [[ $retries -le $RESTART ]]; then
|
||||
# Check certificate issuer
|
||||
ISSUER=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Issuer | cut -d '=' -f2)
|
||||
SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Subject | cut -d '=' -f2)
|
||||
ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Issuer | cut -d '=' -f2)
|
||||
SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Subject | cut -d '=' -f2)
|
||||
if [ "$ISSUER" == "$SUBJECT" ]; then
|
||||
echo "Self signed certificate found"
|
||||
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >>$LOG_FILE)
|
||||
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >>$LOG_FILE)
|
||||
if [[ "$(echo $?)" != "1" ]]; then
|
||||
sleep $TIMEOUT
|
||||
echo "Restarting number is only: "$retries" so try again"
|
||||
@@ -96,20 +96,20 @@ start_letsencrypt() {
|
||||
|
||||
check_new_cert() {
|
||||
#DATE=$(date +%s)
|
||||
if [[ -f /etc/ssl/keys/$DOMAIN/key.pem && -f /etc/ssl/keys/$DOMAIN/fullchain.pem && -f /etc/ssl/keys/$DOMAIN/cert.pem ]]; then
|
||||
#D1=$(date -r /etc/ssl/keys/$DOMAIN/fullchain.pem +%s)
|
||||
if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]]; then
|
||||
#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
|
||||
#DIFF=$(expr $DATE - $D1);
|
||||
#if [ $DIFF < 3600 ]; then touch /etc/ssl/keys/$DOMAIN/new_certificate; fi
|
||||
NEW=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
|
||||
#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
|
||||
NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
||||
if [ "$ORIGINAL" != "$NEW" ]; then
|
||||
touch /etc/ssl/keys/$DOMAIN/new_certificate
|
||||
touch /acme.sh/$DOMAIN/new_certificate
|
||||
fi
|
||||
else
|
||||
sending_error_msg $DOMAIN $DATE
|
||||
fi
|
||||
}
|
||||
|
||||
LETSENCRYPT_FILES=$(find /etc/ssl/keys/ -type f -name letsencrypt)
|
||||
LETSENCRYPT_FILES=$(find /acme.sh/ -type f -name letsencrypt)
|
||||
echo "letsencrypt files exist"
|
||||
|
||||
if [ "$DOMAIN" != "localhost" ]; then
|
||||
|
||||
Reference in New Issue
Block a user