Support for only renew operations

2021-07-21 13:24:51 +02:00 · 2021-07-21 13:24:51 +02:00 · 854790f366
parent d6407cdf7d
commit 854790f366
2 changed files with 30 additions and 13 deletions
--- a/README.md
+++ b/README.md
@ -34,6 +34,16 @@ By default, the container will stay alive and try to renew the
 certificate every 86400 seconds. If you set the environment variable
 `ONLYGETCERT`, then it will only get the certificates and exit.

+### Only renewing the certificate
+
+If you only want to trigger renewing existing certificates and skip
+getting the certificates initially, you can set the variable
+`RENEWCERTSONCE`, then it will only renew all certificates and exit.
+
+* If `ONLYRENEWCERTS` is set, only the reguler renew loop will run.
+* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the
+  container exits
+
 ## Volumes

 If you want to keep / use your certificates, you are advised to create
--- a/entrypoint.sh
+++ b/entrypoint.sh
@ -11,20 +11,23 @@ else
    STAGING="--staging"
 fi

-# Try to get a certificate, accept failures
-while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
-    certbot certonly --agree-tos --cert-name "${DOMAIN}" \
-            --email "$EMAIL" --expand --non-interactive \
-            --domain "$DOMAIN" --standalone $STAGING
-    sleep 30
+# Skip getting certs if requested
+if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
+    # Try to get a certificate, accept failures
+    while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
+        certbot certonly --agree-tos --cert-name "${DOMAIN}" \
+                --email "$EMAIL" --expand --non-interactive \
+                --domain "$DOMAIN" --standalone $STAGING
+        sleep 30

-    # Correct permissions for multi user container/pod deployments
-    # if not indicated otherwise
-    if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
-        find /etc/letsencrypt -type d -exec chmod 0755 {} \;
-        find /etc/letsencrypt -type f -exec chmod 0644 {} \;
-    fi
-done
+        # Correct permissions for multi user container/pod deployments
+        # if not indicated otherwise
+        if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
+            find /etc/letsencrypt -type d -exec chmod 0755 {} \;
+            find /etc/letsencrypt -type f -exec chmod 0644 {} \;
+        fi
+    done
+fi

 if [ "$ONLYGETCERT" ]; then
    exit 0
@ -34,10 +37,14 @@ fi
 while true; do
    /usr/bin/certbot renew

+
    # And again, correct permissions if not told otherwise
    if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
        find /etc/letsencrypt -type d -exec chmod 0755 {} \;
        find /etc/letsencrypt -type f -exec chmod 0644 {} \;
    fi
+
+    [ "$ONLYRENEWCERTSONCE" ] && exit 0
+
    sleep 86400
 done