166 lines
5.6 KiB
Bash
Executable File
166 lines
5.6 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
email="-m $EMAIL"
|
|
DOMAIN=$DOMAIN
|
|
|
|
LOG_DIR=/var/tmp/shared/output
|
|
LOG_FILE=$LOG_DIR/letsencrypt.txt
|
|
LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json
|
|
DATE=$(date +"%Y-%m-%d-%H-%M")
|
|
|
|
echo "email $EMAIL"
|
|
echo "DOMAIN: $DOMAIN"
|
|
|
|
if [ "$LETSENCRYPT_SERVER" != "" ]; then
|
|
L_S="--server $LETSENCRYPT_SERVER"
|
|
fi
|
|
|
|
if [ "$EAB_KID" != "" ]; then
|
|
EK="--eab-kid $EAB_KID"
|
|
fi
|
|
|
|
if [ "$EAB_HMAC_KEY" != "" ]; then
|
|
EHK="--eab-hmac-key $EAB_HMAC_KEY"
|
|
fi
|
|
|
|
TIMEOUT=$TIMEOUT
|
|
if [[ -z "$TIMEOUT" ]]; then
|
|
TIMEOUT=10
|
|
fi
|
|
|
|
RESTART=$RESTART
|
|
if [[ -z "$RESTART" ]]; then
|
|
RESTART=5
|
|
fi
|
|
|
|
sending_error_msg() {
|
|
|
|
echo "there was unsucessfuly created "$DOMAIN" at date: "$DATE
|
|
}
|
|
|
|
create_json() {
|
|
LOG=$(cat $LOG_FILE | base64 -w0)
|
|
TMP_FILE=$(mktemp)
|
|
jq '
|
|
if . == null or . == [] then
|
|
{"'$DOMAIN'":{"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
|
|
else
|
|
. + {"'$DOMAIN'": {"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}}
|
|
end
|
|
' $LETSENCRYPT_OUTPUT >$TMP_FILE
|
|
cat $TMP_FILE >$LETSENCRYPT_OUTPUT
|
|
rm $TMP_FILE
|
|
}
|
|
|
|
start_letsencrypt() {
|
|
cd /root
|
|
if [ "$LETSENCRYPT_INSTALLED" != "true" ]; then
|
|
curl https://get.acme.sh | sh -s email=$EMAIL
|
|
LETSENCRYPT_INSTALLED=true
|
|
fi
|
|
|
|
sh /root/.acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >$LOG_FILE 2>&1
|
|
RESPONSE=$?
|
|
echo "OUTPOUT: $RESPONSE"
|
|
if [[ "$(echo $RESPONSE)" == "1" ]]; then
|
|
for retries in $(seq 0 $((RESTART + 1))); do
|
|
if [[ $retries -le $RESTART ]]; then
|
|
# Check certificate issuer
|
|
ISSUER=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Issuer | cut -d '=' -f2)
|
|
SUBJECT=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -text -noout | grep -w CN | grep Subject | cut -d '=' -f2)
|
|
if [ "$ISSUER" == "$SUBJECT" ]; then
|
|
echo "Self signed certificate found"
|
|
sh /root/.acme.sh/acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /acme.sh/$DOMAIN/cert.pem --key-file /acme.sh/$DOMAIN/key.pem --fullchain-file /acme.sh/$DOMAIN/fullchain.pem >>$LOG_FILE 2>&1
|
|
RESPONSE=$?
|
|
if [[ "$(echo $RESPONSE)" == "1" ]]; then
|
|
sleep $TIMEOUT
|
|
echo "Restarting number is only: "$retries" so try again"
|
|
else
|
|
echo "Created or renew successfuly the certificate for $DOMAIN"
|
|
echo "Creating log json from letsencrypt output"
|
|
STATUS=success
|
|
create_json $STATUS
|
|
break
|
|
fi
|
|
else
|
|
sleep $TIMEOUT
|
|
echo "Restarting number is only: "$retries" so try again"
|
|
fi
|
|
else
|
|
echo "Reached retrying limit: "$RESTART" ,giving up"
|
|
echo "Creating log json from letsencrypt output"
|
|
STATUS=failed
|
|
create_json $STATUS
|
|
fi
|
|
|
|
done
|
|
else
|
|
echo "Created or renew successfuly the certificate for $DOMAIN"
|
|
echo "Creating log json from letsencrypt output"
|
|
STATUS=success
|
|
create_json $STATUS
|
|
fi
|
|
}
|
|
|
|
check_new_cert() {
|
|
#DATE=$(date +%s)
|
|
if [[ -f /acme.sh/$DOMAIN/key.pem && -f /acme.sh/$DOMAIN/fullchain.pem && -f /acme.sh/$DOMAIN/cert.pem ]]; then
|
|
#D1=$(date -r /acme.sh/$DOMAIN/fullchain.pem +%s)
|
|
#DIFF=$(expr $DATE - $D1);
|
|
#if [ $DIFF < 3600 ]; then touch /acme.sh/$DOMAIN/new_certificate; fi
|
|
NEW=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
|
if [ "$ORIGINAL" != "$NEW" ]; then
|
|
touch /acme.sh/$DOMAIN/new_certificate
|
|
fi
|
|
else
|
|
sending_error_msg $DOMAIN $DATE
|
|
fi
|
|
}
|
|
|
|
LETSENCRYPT_FILES=$(find /acme.sh/ -type f -name letsencrypt)
|
|
|
|
if [ "$DOMAIN" != "localhost" ]; then
|
|
if [ ! -f $LETSENCRYPT_OUTPUT ]; then
|
|
install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
|
|
echo '{}' >$LETSENCRYPT_OUTPUT
|
|
fi
|
|
|
|
if [ "$DOMAIN" != "" ]; then
|
|
echo "DOMAIN: $DOMAIN"
|
|
echo "domain exists"
|
|
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
|
if [ "$DOMAIN" != "localhost" ]; then
|
|
start_letsencrypt
|
|
check_new_cert
|
|
fi
|
|
|
|
elif [ -n "$LETSENCRYPT_FILES" ]; then
|
|
echo "letsencrypt files exist"
|
|
for LETSENCRYPT_FILE in $(echo $LETSENCRYPT_FILES); do
|
|
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE)
|
|
echo "DOMAIN: $DOMAIN"
|
|
for DOMAIN in $(echo $DOMAIN); do
|
|
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
|
start_letsencrypt $DOMAIN
|
|
check_new_cert
|
|
DOMAIN=""
|
|
done
|
|
done
|
|
|
|
else
|
|
DOMAIN_FILE=""
|
|
echo "no any new created domain exists try renew all"
|
|
for DOMAIN_FILE in $(ls /domains); do
|
|
cd /domains
|
|
echo "DOMAIN_FILE: $(basename $DOMAIN_FILE)"
|
|
DOMAIN=$(jq -r .DOMAIN $DOMAIN_FILE)
|
|
echo "DOMAIN: $DOMAIN"
|
|
if [ "$DOMAIN" != "localhost" ]; then
|
|
ORIGINAL=$(openssl x509 -in /acme.sh/$DOMAIN/fullchain.pem -fingerprint -noout)
|
|
start_letsencrypt $DOMAIN
|
|
check_new_cert
|
|
fi
|
|
done
|
|
fi
|
|
fi
|