From 854790f366c5b4a5b0c15527248b3d3615b7e059 Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Wed, 21 Jul 2021 13:24:51 +0200 Subject: [PATCH] Support for only renew operations --- README.md | 10 ++++++++++ entrypoint.sh | 33 ++++++++++++++++++++------------- 2 files changed, 30 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c5ceae9..8eae311 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,16 @@ By default, the container will stay alive and try to renew the certificate every 86400 seconds. If you set the environment variable `ONLYGETCERT`, then it will only get the certificates and exit. +### Only renewing the certificate + +If you only want to trigger renewing existing certificates and skip +getting the certificates initially, you can set the variable +`RENEWCERTSONCE`, then it will only renew all certificates and exit. + +* If `ONLYRENEWCERTS` is set, only the reguler renew loop will run. +* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the + container exits + ## Volumes If you want to keep / use your certificates, you are advised to create diff --git a/entrypoint.sh b/entrypoint.sh index a4f953d..5e644b8 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -11,20 +11,23 @@ else STAGING="--staging" fi -# Try to get a certificate, accept failures -while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do - certbot certonly --agree-tos --cert-name "${DOMAIN}" \ - --email "$EMAIL" --expand --non-interactive \ - --domain "$DOMAIN" --standalone $STAGING - sleep 30 +# Skip getting certs if requested +if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then + # Try to get a certificate, accept failures + while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do + certbot certonly --agree-tos --cert-name "${DOMAIN}" \ + --email "$EMAIL" --expand --non-interactive \ + --domain "$DOMAIN" --standalone $STAGING + sleep 30 - # Correct permissions for multi user container/pod deployments - # if not indicated otherwise - if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then - find /etc/letsencrypt -type d -exec chmod 0755 {} \; - find /etc/letsencrypt -type f -exec chmod 0644 {} \; - fi -done + # Correct permissions for multi user container/pod deployments + # if not indicated otherwise + if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then + find /etc/letsencrypt -type d -exec chmod 0755 {} \; + find /etc/letsencrypt -type f -exec chmod 0644 {} \; + fi + done +fi if [ "$ONLYGETCERT" ]; then exit 0 @@ -34,10 +37,14 @@ fi while true; do /usr/bin/certbot renew + # And again, correct permissions if not told otherwise if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then find /etc/letsencrypt -type d -exec chmod 0755 {} \; find /etc/letsencrypt -type f -exec chmod 0644 {} \; fi + + [ "$ONLYRENEWCERTSONCE" ] && exit 0 + sleep 86400 done