ungleich-public
/
ungleich-certbot
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Support for only renew operations

master 0.1.0
Nico Schottelius 1 year ago
parent
d6407cdf7d
commit
854790f366
2 changed files with 31 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      README.md
  2. 35
      entrypoint.sh

10
README.md
Unescape View File

@ -34,6 +34,16 @@ By default, the container will stay alive and try to renew the
certificate every 86400 seconds. If you set the environment variable
`ONLYGETCERT`, then it will only get the certificates and exit.
### Only renewing the certificate
If you only want to trigger renewing existing certificates and skip
getting the certificates initially, you can set the variable
`RENEWCERTSONCE`, then it will only renew all certificates and exit.
* If `ONLYRENEWCERTS` is set, only the reguler renew loop will run.
* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the
container exits
## Volumes
If you want to keep / use your certificates, you are advised to create

35
entrypoint.sh
Unescape View File

@ -11,20 +11,23 @@ else
STAGING="--staging"
fi
# Try to get a certificate, accept failures
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
--email "$EMAIL" --expand --non-interactive \
--domain "$DOMAIN" --standalone $STAGING
sleep 30
# Correct permissions for multi user container/pod deployments
# if not indicated otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi
done
# Skip getting certs if requested
if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
# Try to get a certificate, accept failures
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
--email "$EMAIL" --expand --non-interactive \
--domain "$DOMAIN" --standalone $STAGING
sleep 30
# Correct permissions for multi user container/pod deployments
# if not indicated otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi
done
fi
if [ "$ONLYGETCERT" ]; then
exit 0
@ -34,10 +37,14 @@ fi
while true; do
/usr/bin/certbot renew
# And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi
[ "$ONLYRENEWCERTSONCE" ] && exit 0
sleep 86400
done

Write Preview
Loading…
Cancel
Save