safebox/letsencrypt
7
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
815c154a28fe7ed5a36b4ce300f43e60c1e72ed8
letsencrypt/start.letsencrypt.sh
gyurix 815c154a28
All checks were successful
continuous-integration/drone/push Build is passing
Details
Enhance letsencrypt configuration and logging functionality 
- Added shared volume for temporary output storage
- Implemented logging of letsencrypt output to a file
- Created JSON log entries for certificate creation status
- Improved handling of domain checks and output file initialization
2025-03-08 11:31:03 +01:00

132 lines
4.1 KiB
Bash
Executable File
Raw Blame History

#!/bin/sh
email="-m $EMAIL"
DOMAIN=$DOMAIN
LOG_DIR=/var/tmp/shared/output
LOG_FILE=$LOG_DIR/letsencrypt.txt
LETSENCRYPT_OUTPUT=$LOG_DIR/letsencrypt.json
DATE=$(date +"%Y-%m-%d-%H-%M")
echo "email $EMAIL"
echo "DOMAIN: $DOMAIN"
if [ "$LETSENCRYPT_SERVER" != "" ]; then
L_S="--server $LETSENCRYPT_SERVER"
fi
if [ "$EAB_KID" != "" ]; then
EK="--eab-kid $EAB_KID"
fi
if [ "$EAB_HMAC_KEY" != "" ]; then
EHK="--eab-hmac-key $EAB_HMAC_KEY"
fi
TIMEOUT=$TIMEOUT
if [[ -z "$TIMEOUT" ]]; then
TIMEOUT=10;
fi
RESTART=$RESTART
if [[ -z "$RESTART" ]]; then
RESTART=5;
fi
sending_error_msg() {
echo "there was unsucessfuly created "$DOMAIN" at date: "$DATE;
}
create_json() {
LOG=$(cat $LOG_FILE | base64 -w0)
TMP_FILE=$(mktemp)
install -m 664 -g 65534 /dev/null $TMP_FILE
jq 'if . == null or . == [] then [{"domain": "'$DOMAIN'", "date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] else . + [{"domain": "'$DOMAIN'",
"date": "'$DATE'", "status": "'$STATUS'", "log": "'$LOG'"}] end' $LETSENCRYPT_OUTPUT > $TMP_FILE
mv $TMP_FILE $LETSENCRYPT_OUTPUT
rm $TMP_FILE
}
start_letsencrypt() {
cd /root
curl https://get.acme.sh | sh -s email=$EMAIL
cd /root/.acme.sh
chmod a+x ./acme.sh
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem > $LOG_FILE);
if [[ "$(echo $?)" == "1" ]]; then
for retries in $(seq 0 $((RESTART + 1))); do
if [[ $retries -le $RESTART ]] ; then
# Check certificate issuer
ISSUER=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Issuer | cut -d '=' -f2);
SUBJECT=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -text -noout |grep -w CN |grep Subject | cut -d '=' -f2);
if [ "$ISSUER" == "$SUBJECT" ]; then
echo "Self signed certificate found";
RESPONSE=$(./acme.sh $L_S $EK $EHK --issue --standalone --keylength 4096 -d $DOMAIN --cert-file /etc/ssl/keys/$DOMAIN/cert.pem --key-file /etc/ssl/keys/$DOMAIN/key.pem --fullchain-file /etc/ssl/keys/$DOMAIN/fullchain.pem >> $LOG_FILE);
if [[ "$(echo $?)" != "1" ]]; then
sleep $TIMEOUT;
echo "Restarting number is only: "$retries" so try again"
fi
else
sleep $TIMEOUT;
echo "Restarting number is only: "$retries" so try again"
fi
else
echo "Reached retrying limit: "$RESTART" ,giving up"
echo "Creating log json from letsencrypt output"
STATUS=failed
create_json $STATUS
fi
done
else
echo "Created or renew successfuly the certificate for $DOMAIN"
echo "Creating log json from letsencrypt output"
STATUS=success
create_json $STATUS
fi
}
check_new_cert() {
#DATE=$(date +%s)
if [[ -f /etc/ssl/keys/$DOMAIN/key.pem && -f /etc/ssl/keys/$DOMAIN/fullchain.pem && -f /etc/ssl/keys/$DOMAIN/cert.pem ]] ; then
#D1=$(date -r /etc/ssl/keys/$DOMAIN/fullchain.pem +%s)
#DIFF=$(expr $DATE - $D1);
#if [ $DIFF < 3600 ]; then touch /etc/ssl/keys/$DOMAIN/new_certificate; fi
NEW=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$ORIGINAL" != "$NEW" ]; then
touch /etc/ssl/keys/$DOMAIN/new_certificate;
fi
else
sending_error_msg $DOMAIN $DATE;
fi
}
LETSENCRYPT_FILE=$(find /etc/ssl/keys/ -type f -name letsencrypt);
if [ -n "$LETSENCRYPT_FILE" ] || [ "$DOMAIN" != "" ] ; then
DOMAIN=$(jq -r .DOMAIN $LETSENCRYPT_FILE) ;
rm $LETSENCRYPT_FILE;
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
if [ "$DOMAIN" != "localhost" ]; then
if [ ! -f $LETSENCRYPT_OUTPUT ] then
install -m 664 -g 65534 /dev/null $LETSENCRYPT_OUTPUT
echo '[]' > $LETSENCRYPT_OUTPUT
fi
start_letsencrypt;
check_new_cert
fi
else
cd /domains
for i in `ls` ; do
DOMAIN=$(jq -r .DOMAIN $i) ;
if [ "$DOMAIN" != "localhost" ]; then
ORIGINAL=$(openssl x509 -in /etc/ssl/keys/$DOMAIN/fullchain.pem -fingerprint -noout)
start_letsencrypt $DOMAIN;
check_new_cert
fi
done ;
fi
Reference in New Issue View Git Blame Copy Permalink