79 lines
1.9 KiB
Plaintext
79 lines
1.9 KiB
Plaintext
|
#!/bin/sh -e
|
||
|
certbot_path="$(command -v certbot 2>/dev/null || true)"
|
||
|
# Defaults
|
||
|
certificate_exists="no"
|
||
|
certificate_is_test="no"
|
||
|
|
||
|
if [ -n "${certbot_path}" ]; then
|
||
|
# Find python executable that has access to certbot's module
|
||
|
python_path=$(sed -n '1s/^#! *//p' "${certbot_path}")
|
||
|
|
||
|
# Use a lock for cdist due to certbot not exiting with failure
|
||
|
# or having any flags for concurrent use.
|
||
|
_certbot() {
|
||
|
${python_path} - 2>/dev/null <<EOF
|
||
|
from certbot.main import main
|
||
|
import fcntl
|
||
|
lock_file = "/tmp/certbot.cdist.lock"
|
||
|
timeout=60
|
||
|
with open(lock_file, 'w') as fd:
|
||
|
for i in range(timeout):
|
||
|
try:
|
||
|
# Get exclusive lock
|
||
|
fcntl.flock(fd, fcntl.LOCK_EX | fcntl.LOCK_NB)
|
||
|
break
|
||
|
except:
|
||
|
# Wait if that fails
|
||
|
import time
|
||
|
time.sleep(1)
|
||
|
else:
|
||
|
# Timed out, exit with failure
|
||
|
import sys
|
||
|
sys.exit(1)
|
||
|
# Do list certificates
|
||
|
main(["certificates", "--cert-name", "${__object_id:?}"])
|
||
|
EOF
|
||
|
}
|
||
|
|
||
|
|
||
|
_certificate_exists() {
|
||
|
if grep -q " Certificate Name: ${__object_id:?}$"; then
|
||
|
echo yes
|
||
|
else
|
||
|
echo no
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
_certificate_is_test() {
|
||
|
if grep -q 'INVALID: TEST_CERT'; then
|
||
|
echo yes
|
||
|
else
|
||
|
echo no
|
||
|
fi
|
||
|
}
|
||
|
|
||
|
_certificate_domains() {
|
||
|
grep ' Domains: ' | cut -d ' ' -f 6- | tr ' ' '\n'
|
||
|
}
|
||
|
|
||
|
# Get data about all available certificates
|
||
|
certificates="$(_certbot)"
|
||
|
|
||
|
# Check whether or not the certificate exists
|
||
|
certificate_exists="$(echo "${certificates}" | _certificate_exists)"
|
||
|
|
||
|
# Check whether or not the certificate is for testing
|
||
|
certificate_is_test="$(echo "${certificates}" | _certificate_is_test)"
|
||
|
|
||
|
# Get domains for certificate
|
||
|
certificate_domains="$(echo "${certificates}" | _certificate_domains)"
|
||
|
fi
|
||
|
|
||
|
# Return received data
|
||
|
cat <<EOF
|
||
|
certbot_path:${certbot_path}
|
||
|
certificate_exists:${certificate_exists}
|
||
|
certificate_is_test:${certificate_is_test}
|
||
|
${certificate_domains}
|
||
|
EOF
|