ungleich-public
/
ungleich-certbot
6
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Support for only renew operations

This commit is contained in:
Nico Schottelius 2021-07-21 13:24:51 +02:00
parent d6407cdf7d
commit 854790f366
2 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -34,6 +34,16 @@ By default, the container will stay alive and try to renew the
certificate every 86400 seconds. If you set the environment variable certificate every 86400 seconds. If you set the environment variable
`ONLYGETCERT`, then it will only get the certificates and exit. `ONLYGETCERT`, then it will only get the certificates and exit.
### Only renewing the certificate
If you only want to trigger renewing existing certificates and skip
getting the certificates initially, you can set the variable
`RENEWCERTSONCE`, then it will only renew all certificates and exit.
* If `ONLYRENEWCERTS` is set, only the reguler renew loop will run.
* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the
container exits
## Volumes ## Volumes
If you want to keep / use your certificates, you are advised to create If you want to keep / use your certificates, you are advised to create

33
entrypoint.sh
View File

@ -11,20 +11,23 @@ else
STAGING="--staging" STAGING="--staging"
fi fi
# Try to get a certificate, accept failures # Skip getting certs if requested
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
certbot certonly --agree-tos --cert-name "${DOMAIN}" \ # Try to get a certificate, accept failures
--email "$EMAIL" --expand --non-interactive \ while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
--domain "$DOMAIN" --standalone $STAGING certbot certonly --agree-tos --cert-name "${DOMAIN}" \
sleep 30 --email "$EMAIL" --expand --non-interactive \
--domain "$DOMAIN" --standalone $STAGING
sleep 30
# Correct permissions for multi user container/pod deployments # Correct permissions for multi user container/pod deployments
# if not indicated otherwise # if not indicated otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \; find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \; find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi fi
done done
fi
if [ "$ONLYGETCERT" ]; then if [ "$ONLYGETCERT" ]; then
exit 0 exit 0
@ -34,10 +37,14 @@ fi
while true; do while true; do
/usr/bin/certbot renew /usr/bin/certbot renew
# And again, correct permissions if not told otherwise # And again, correct permissions if not told otherwise
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
find /etc/letsencrypt -type d -exec chmod 0755 {} \; find /etc/letsencrypt -type d -exec chmod 0755 {} \;
find /etc/letsencrypt -type f -exec chmod 0644 {} \; find /etc/letsencrypt -type f -exec chmod 0644 {} \;
fi fi
[ "$ONLYRENEWCERTSONCE" ] && exit 0
sleep 86400 sleep 86400
done done