88 lines
2.2 KiB
Bash
Executable File
88 lines
2.2 KiB
Bash
Executable File
#!/bin/sh -e
|
|
|
|
_explorer_var() {
|
|
grep "^$1:" "${__object:?}/explorer/certificate-data" | cut -d ':' -f 2-
|
|
}
|
|
|
|
certificate_exists="$(_explorer_var certificate_exists)"
|
|
name="${__object_id:?}"
|
|
state=$(cat "${__object}/parameter/state")
|
|
|
|
case "${state}" in
|
|
absent)
|
|
if [ "${certificate_exists}" = "no" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
echo "certbot delete --cert-name '${name}' --quiet"
|
|
|
|
echo remove >> "${__messages_out:?}"
|
|
;;
|
|
present)
|
|
domain_param_file="${__object}/parameter/domain"
|
|
requested_domains=$(mktemp "${TMPDIR:-/tmp}/domain.cdist.XXXXXXXXXX")
|
|
if [ -f "${domain_param_file}" ]; then
|
|
cp "${domain_param_file}" "${requested_domains}"
|
|
else
|
|
echo "$__object_id" >> "${requested_domains}"
|
|
fi
|
|
|
|
staging=no
|
|
if [ -f "${__object}/parameter/staging" ]; then
|
|
staging=yes
|
|
fi
|
|
|
|
if [ "${certificate_exists}" = "yes" ]; then
|
|
existing_domains=$(mktemp "${TMPDIR:-/tmp}/existing_domains.cdist.XXXXXXXXXX")
|
|
tail -n +4 "${__object:?}/explorer/certificate-data" | grep -v '^$' > "${existing_domains}"
|
|
certificate_is_test="$(_explorer_var certificate_is_test)"
|
|
|
|
sort -uo "${requested_domains}" "${requested_domains}"
|
|
sort -uo "${existing_domains}" "${existing_domains}"
|
|
|
|
if [ -z "$(comm -23 "${requested_domains}" "${existing_domains}")" ] && \
|
|
[ "${certificate_is_test}" = "${staging}" ]; then
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
admin_email="$(cat "$__object/parameter/admin-email")"
|
|
webroot="$(cat "$__object/parameter/webroot")"
|
|
|
|
cat <<-EOF
|
|
certbot certonly \
|
|
--agree-tos \
|
|
--cert-name '${name}' \
|
|
--email '${admin_email}' \
|
|
--expand \
|
|
--non-interactive \
|
|
--quiet \
|
|
$(if [ "${staging}" = "yes" ]; then
|
|
echo "--staging"
|
|
elif [ "${certificate_is_test}" != "${staging}" ]; then
|
|
echo "--force-renewal"
|
|
fi) \
|
|
$(if [ -z "${webroot}" ]; then
|
|
echo "--standalone"
|
|
else
|
|
echo "--webroot --webroot-path '${webroot}'"
|
|
fi) \
|
|
$(while read -r domain; do
|
|
echo "--domain '${domain}' \\"
|
|
done < "${requested_domains}")
|
|
EOF
|
|
rm -f "${requested_domains}"
|
|
|
|
if [ "${certificate_exists}" = "no" ]; then
|
|
echo create >> "${__messages_out}"
|
|
else
|
|
echo change >> "${__messages_out}"
|
|
fi
|
|
;;
|
|
*)
|
|
echo "Unsupported state: ${state}" >&2
|
|
|
|
exit 1
|
|
;;
|
|
esac
|