safebox/letsencrypt
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: safebox:3743865892d47141640025195413c6fb35a79355
Branches Tags
safebox:master
..
compare: safebox:master
Branches Tags
safebox:master

31 Commits
3743865892 ... master

Author SHA1 Message Date
gyurix
513b8ecde5 Refactor start.letsencrypt.sh to improve error handling and logging during certificate issuance
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-04-14 14:46:24 +02:00
gyurix
5d2a782201 Enhance start.letsencrypt.sh to log successful certificate creation and generate JSON output
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-30 09:54:02 +02:00
gyurix
6d219eaa6c Refactor start.letsencrypt.sh to correct installation check logic and improve domain file handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-29 23:22:15 +01:00
gyurix
8fa324553d Refactor start.letsencrypt.sh to update file paths for certificate handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-29 22:55:27 +01:00
gyurix
7274cab64f Refactor start.letsencrypt.sh to improve domain handling and installation checks
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-29 22:50:01 +01:00
gyurix
3f2d75c086 Refactor JSON creation in create_json function to enhance domain entry handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-15 00:20:41 +01:00
gyurix
0c3dccfa26 Refactor JSON creation in start.letsencrypt.sh to improve domain entry handling
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-14 20:36:51 +01:00
gyurix
d682f43489 Refactor JSON output handling in start.letsencrypt.sh for improved structure
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-14 18:14:40 +01:00
gyurix
2653583702 Refactor letsencrypt script to improve domain handling and JSON output management
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-12 23:07:58 +01:00
Gyorgy Berenyi
14a6e628fc Update start.letsencrypt.sh
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-12 20:07:27 +00:00
gyurix
e558ae96e8 Refactor letsencrypt script for improved readability and consistency
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-08 11:37:41 +01:00
gyurix
815c154a28 Enhance letsencrypt configuration and logging functionality
All checks were successful
continuous-integration/drone/push Build is passing
Details 
- Added shared volume for temporary output storage
- Implemented logging of letsencrypt output to a file
- Created JSON log entries for certificate creation status
- Improved handling of domain checks and output file initialization
 2025-03-08 11:31:03 +01:00
Gyorgy Berenyi
59cfb9b619 Add .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
Details
2025-03-05 11:39:34 +00:00
Gyurix
1c25dc156a up to date repo 2025-02-16 08:48:50 +01:00
Gyorgy Berenyi
6e9f7542c4 corrected ssl content directory path 2024-10-14 11:32:45 +00:00
gyurix
c6c5007ebb Added optional variables settings when exist 2023-03-10 10:00:11 +00:00
gyurix
e695bff6bd Added letsencrypt server variable to choose which CA server would use for certify your domain 2022-12-16 13:33:19 +00:00
gyurix
8e6c875d64 diff fullchain 2022-11-09 07:14:25 +00:00
gyurix
e33c7c2d6a Fixing variable issue 2022-11-04 09:08:17 +00:00
gyurix
63d9f76cbb Check certificate issuer 2022-11-04 08:53:25 +00:00
gyurix
6194a9dfe3 Correcting Letsencrypt image name in template json 2022-05-26 07:24:14 +00:00
gyurix
74aa62abc4 Correting DATE variable and compare processes. Fixing acme.sh issues 2022-03-31 11:24:05 +00:00
gyurix
e5bfb9299c Inserting date variable to compare created or modified files with previos versions. 2022-03-29 10:53:44 +00:00
gyurix
33b2570a98 Adding letsencrypt service files 2022-03-28 09:31:28 +00:00
gyurix
91e715f5cf Checking some file creating path and some cycle end 2022-03-28 09:28:19 +00:00
Gyorgy Berenyi
b0c96bb546 Need to test acme setting with email register process. 2021-10-11 06:54:46 +00:00
Gyorgy Berenyi
368b4f9c04 Fix registered account issue at acme.sh process. 2021-10-06 08:58:51 +00:00
Gyorgy Berenyi
31a5138b5d Fix registered account issue at acme.sh process. 2021-10-06 08:21:59 +00:00
Gyorgy Berenyi
e3c3f00e06 Missing registered email if statement and fixing domains path also. 2021-10-06 05:45:14 +00:00
gyurix
7c39356bfa Bufixes 2021-09-09 10:03:51 +02:00
gyurix
ae17f1fecb Minor changes. 2021-09-09 09:27:57 +02:00
6 changed files with 337 additions and 30 deletions
Expand all files Collapse all files

47
.drone.yml Normal file
View File

@@ -0,0 +1,47 @@
kind: pipeline
type: kubernetes
name: default
node_selector:
physical-node: dev2
trigger:
branch:
- master
event:
- push
workspace:
path: /drone/src
steps:
- name: build multiarch from dev
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
settings:
cache-from: [ "registry.dev.format.hu/letsencrypt" ]
registry: registry.dev.format.hu
repo: registry.dev.format.hu/letsencrypt
tags: latest
dockerfile: Dockerfile
username:
from_secret: dev-hu-registry-username
password:
from_secret: dev-hu-registry-password
platforms:
- linux/amd64
- linux/arm64
- name: pull image to dockerhub
image: docker.io/owncloudci/drone-docker-buildx:4
privileged: true
settings:
cache-from: [ "safebox/letsencrypt" ]
repo: safebox/letsencrypt
tags: latest
username:
from_secret: dockerhub-username
password:
from_secret: dockerhub-password
platforms:
- linux/amd64
- linux/arm64

5
Dockerfile
View File

@@ -1,7 +1,6 @@
FROM neilpang/acme.sh:latest FROM alpine
MAINTAINER gyurix
RUN apk update && apk add --no-cache jq RUN apk update && apk add --no-cache jq curl openssl socat
COPY ./start.letsencrypt.sh /start.letsencrypt.sh COPY ./start.letsencrypt.sh /start.letsencrypt.sh
ENTRYPOINT ["/start.letsencrypt.sh"] ENTRYPOINT ["/start.letsencrypt.sh"]

65
firewall-29eexhrh.json Normal file
View File

@@ -0,0 +1,65 @@
{
"main": {
"SERVICE_NAME": "firewalls",
"DOMAIN": "null"
},
"containers": [
{
"IMAGE": "registry.format.hu/firewall",
"NAME": "null",
"MEMORY": "64M",
"IP": "null",
"NETWORK": "host",
"VOLUMES": [
{
"SOURCE": "/run/",
"DEST": "/run/",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/services",
"DEST": "/services",
"TYPE": "ro"
}
],
"PORTS": [ ],
"READYNESS": [
{"tcp": ""},
{"HTTP": ""},
{"EXEC": "/ready.sh"}
],
"ENVS": [
{
"NAME": "CHAIN",
"VALUE": "DOCKER-USER"
},
{
"NAME": "SOURCE_IP",
"VALUE": "172.18.100.2"
},
{
"NAME": "TARGET_IP",
"VALUE": "172.18.254.254"
},
{
"NAME": "TYPE",
"VALUE": "tcp"
},
{
"NAME": "TARGET_PORT",
"VALUE": "80"
},
{
"NAME": "COMMENT",
"VALUE": "29eexhrh"
}
],
"EXTRA": "--privileged",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": "null"
}
]
}

64
letsencrypt.json Normal file
View File

@@ -0,0 +1,64 @@
{
"main": {
"SERVICE_NAME": "letsencrypt",
"DOMAIN": "null"
},
"networks": [
{
"NAME": "letsencrypt",
"DRIVER": "bridge",
"SUBNET": "172.18.254.0/24",
"RANGE": "172.18.254.0/24",
"GATEWAY": "172.18.254.1"
}
],
"containers": [
{
"IMAGE": "registry.format.hu/letsencrypt",
"NAME": "letsencrypt",
"MEMORY": "64M",
"IP": "172.18.254.254",
"NETWORK": "letsencrypt",
"VOLUMES": [
{
"SOURCE": "/etc/system/data/ssl/keys/",
"DEST": "/acme.sh/",
"TYPE": "rw"
},
{
"SOURCE": "SHARED",
"DEST": "/var/tmp/shared",
"TYPE": "rw"
},
{
"SOURCE": "/etc/user/config/domains",
"DEST": "/domains",
"TYPE": "ro"
}
],
"PORTS": [],
"ENV_FILES": [
"/etc/user/config/user.json"
],
"READYNESS": [
{
"tcp": ""
},
{
"HTTP": ""
},
{
"EXEC": "/ready.sh"
}
],
"EXTRA": "",
"DEPEND": "null",
"START_ON_BOOT": "false",
"CMD": "null",
"PRE_START": "null",
"POST_START": [
"firewall-29eexhrh"
]
}
]
}

176
start.letsencrypt.sh
View File

@@ -1,39 +1,165 @@
#!/bin/sh #!/bin/sh
DATE=`date +%F-%H-%M-%S` email="-m $EMAIL"
DOMAIN=$DOMAIN
email=$EMAIL LOG_DIR=/var/tmp/shared/output
LOG_FILE=$LOG_DIR/letsencrypt.txt
LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json
DATE=$(date +"%Y-%m-%d-%H-%M")
start_letsencrypt() { echo "email $EMAIL"
echo "DOMAIN: $DOMAIN"
mkdir -p /acme.sh/$DOMAIN/ ; if [ "$LETSENCRYPT_SERVER" != "" ]; then
L_S="--server $LETSENCRYPT_SERVER"
fi
acme.sh --register-account -m $email --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem ; if [ "$EAB_KID" != "" ]; then
EK="--eab-kid $EAB_KID"
fi
#mkdir -p /acme.sh/$DOMAIN/ecc-certs ; if [ "$EAB_HMAC_KEY" != "" ]; then
EHK="--eab-hmac-key $EAB_HMAC_KEY"
fi
#acme.sh --issue --standalone --keylength ec-384 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/ecc-certs/cert.pem --key-file /acme.sh/$DOMAIN/ecc-certs/key.pem --fullchain-file /acme.sh/$DOMAIN/ecc-certs/fullchain.pem TIMEOUT=$TIMEOUT
if [[ -z "$TIMEOUT" ]]; then
TIMEOUT=10
fi
RESTART=$RESTART
if [[ -z "$RESTART" ]]; then
RESTART=5
fi
sending_error_msg() {
echo "there was unsucessfuly created "$DOMAIN" at date: "$DATE
} }
LETSENCRYPT_FILE=$(find /acme.sh/ -type f -name letsencrypt); create_json() {
if [ -f "$LETSENCRYPT_FILE" ] ; then LOG=$(cat $LOG_FILE | base64 -w0)
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ; TMP_FILE=$(mktemp)
start_letsencrypt; jq '
rm $LETSENCRYPT_FILE; if . == null or . == [] then
{"'$DOMAIN'":{"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
else else
for i in `ls /domains/` ; do . + {"'$DOMAIN'": {"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
DOMAIN=$(jq -r .DOMAIN /domains/$i) ; end
if [[ -f "/acme.sh/$DOMAIN/key.pem" && -f "/acme.sh/$DOMAIN/fullchain.pem" && -f "/acme.sh/$DOMAIN/cert.pem" ]] ; then ' $LETSENCRYPT_OUTPUT >$TMP_FILE
echo "Found certificate files"; cat $TMP_FILE >$LETSENCRYPT_OUTPUT
start_letsencrypt; rm $TMP_FILE
if [[ -n "$(find /acme.sh/$DOMAIN/ -type f -mmin +60)" ]]; then }
touch /acme.sh/$DOMAIN/renew_certificate;
fi start_letsencrypt() {
else cd /root
start_letsencrypt; if [ "$LETSENCRYPT_INSTALLED" != "true" ]; then
touch /acme.sh/$DOMAIN/new_certificate; curl https://get.acme.sh | sh -s email=$EMAIL
fi LETSENCRYPT_INSTALLED=true
done ;
fi fi
sh /root/.acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
RESPONSE=$?
echo "OUTPOUT: $RESPONSE"
if [[ "$(echo $RESPONSE)" == "1" ]]; then
for retries in $(seq 0 $((RESTART + 1))); do
if [[ $retries -le $RESTART ]]; then
# Check certificate issuer
ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Issuer | cut -d '=' -f2)
SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Subject | cut -d '=' -f2)
if [ "$ISSUER" == "$SUBJECT" ]; then
echo "Self signed certificate found"
sh /root/.acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >>$LOG_FILE 2>&1
RESPONSE=$?
if [[ "$(echo $RESPONSE)" == "1" ]]; then
sleep $TIMEOUT
echo "Restarting number is only: "$retries" so try again"
else
echo "Created or renew successfuly the certificate for $DOMAIN"
echo "Creating log json from letsencrypt output"
STATUS=success
create_json $STATUS
break
fi
else
sleep $TIMEOUT
echo "Restarting number is only: "$retries" so try again"
fi
else
echo "Reached retrying limit: "$RESTART" ,giving up"
echo "Creating log json from letsencrypt output"
STATUS=failed
create_json $STATUS
fi
done
else
echo "Created or renew successfuly the certificate for $DOMAIN"
echo "Creating log json from letsencrypt output"
STATUS=success
create_json $STATUS
fi
}
check_new_cert() {
#DATE=$(date +%s)
if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]]; then
#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
#DIFF=$(expr $DATE - $D1);
#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$ORIGINAL" != "$NEW" ]; then
touch /acme.sh/$DOMAIN/new_certificate
fi
else
sending_error_msg $DOMAIN $DATE
fi
}
LETSENCRYPT_FILES=$(find /acme.sh/ -type f -name letsencrypt)
if [ "$DOMAIN" != "localhost" ]; then
if [ ! -f $LETSENCRYPT_OUTPUT ]; then
install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
echo '{}' >$LETSENCRYPT_OUTPUT
fi
if [ "$DOMAIN" != "" ]; then
echo "DOMAIN: $DOMAIN"
echo "domain exists"
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$DOMAIN" != "localhost" ]; then
start_letsencrypt
check_new_cert
fi
elif [ -n "$LETSENCRYPT_FILES" ]; then
echo "letsencrypt files exist"
for LETSENCRYPT_FILE in $(echo $LETSENCRYPT_FILES); do
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE)
echo "DOMAIN: $DOMAIN"
for DOMAIN in $(echo $DOMAIN); do
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt $DOMAIN
check_new_cert
DOMAIN=""
done
done
else
DOMAIN_FILE=""
echo "no any new created domain exists try renew all"
for DOMAIN_FILE in $(ls /domains); do
cd /domains
echo "DOMAIN_FILE: $(basename $DOMAIN_FILE)"
DOMAIN=$(jq -r .DOMAIN $DOMAIN_FILE)
echo "DOMAIN: $DOMAIN"
if [ "$DOMAIN" != "localhost" ]; then
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt $DOMAIN
check_new_cert
fi
done
fi
fi

6
user.json Normal file
View File

@@ -0,0 +1,6 @@
{
"letsencrypt": {
"EMAIL": "postmaster@format.hu",
"DOCKER_REGISTRY_URL": "registry.format.hu"
}
}