Support for only renew operations
This commit is contained in:
Nico Schottelius
parent
d6407cdf7d
commit
854790f366
10
README.md
10
README.md
|
|
@ -34,6 +34,16 @@ By default, the container will stay alive and try to renew the
|
|||
certificate every 86400 seconds. If you set the environment variable
|
||||
`ONLYGETCERT`, then it will only get the certificates and exit.
|
||||
|
||||
### Only renewing the certificate
|
||||
|
||||
If you only want to trigger renewing existing certificates and skip
|
||||
getting the certificates initially, you can set the variable
|
||||
`RENEWCERTSONCE`, then it will only renew all certificates and exit.
|
||||
|
||||
* If `ONLYRENEWCERTS` is set, only the reguler renew loop will run.
|
||||
* If `ONLYRENEWCERTSONCE` is set, renew will be run once and then the
|
||||
container exits
|
||||
|
||||
## Volumes
|
||||
|
||||
If you want to keep / use your certificates, you are advised to create
|
||||
|
|
|
|||
|
|
@ -11,20 +11,23 @@ else
|
|||
STAGING="--staging"
|
||||
fi
|
||||
|
||||
# Try to get a certificate, accept failures
|
||||
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
|
||||
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
|
||||
--email "$EMAIL" --expand --non-interactive \
|
||||
--domain "$DOMAIN" --standalone $STAGING
|
||||
sleep 30
|
||||
# Skip getting certs if requested
|
||||
if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
|
||||
# Try to get a certificate, accept failures
|
||||
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
|
||||
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
|
||||
--email "$EMAIL" --expand --non-interactive \
|
||||
--domain "$DOMAIN" --standalone $STAGING
|
||||
sleep 30
|
||||
|
||||
# Correct permissions for multi user container/pod deployments
|
||||
# if not indicated otherwise
|
||||
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
||||
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
|
||||
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
|
||||
fi
|
||||
done
|
||||
# Correct permissions for multi user container/pod deployments
|
||||
# if not indicated otherwise
|
||||
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
||||
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
|
||||
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
if [ "$ONLYGETCERT" ]; then
|
||||
exit 0
|
||||
|
|
@ -34,10 +37,14 @@ fi
|
|||
while true; do
|
||||
/usr/bin/certbot renew
|
||||
|
||||
|
||||
# And again, correct permissions if not told otherwise
|
||||
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
||||
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
|
||||
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
|
||||
fi
|
||||
|
||||
[ "$ONLYRENEWCERTSONCE" ] && exit 0
|
||||
|
||||
sleep 86400
|
||||
done
|
||||
|
|
|
|||
Loading…
Reference in New Issue