88 lines
2.3 KiB
Bash
Executable file
88 lines
2.3 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
if [ -z "$DOMAIN" -o -z "$EMAIL" ]; then
|
|
echo Missing DOMAIN or EMAIL parameter - aborting. >&2
|
|
exit 1
|
|
fi
|
|
|
|
# Check that the domain exists, if not wait for it
|
|
ipv6_addr=""
|
|
ipv4_addr=""
|
|
|
|
while [ -z "$ipv6_addr" -a -z "$ipv4_addr" ]; do
|
|
echo "Trying to resolve $DOMAIN via DNS ..."
|
|
# Resolve for IPv6 and for IPv6
|
|
ipv6_addr=$(dig +short "$DOMAIN" aaaa)
|
|
ipv4_addr=$(dig +short "$DOMAIN" a)
|
|
|
|
if [ "$ipv6_addr" -o "$ipv4_addr" ]; then
|
|
echo "Resolved domain $DOMAIN: ipv6: $ipv6_addr ipv4: $ipv4_addr"
|
|
else
|
|
echo "Resolving $DOMAIN failed, waiting 5 seconds before retrying ..."
|
|
sleep 5
|
|
fi
|
|
done
|
|
|
|
if [ "$STAGING" = no ]; then
|
|
STAGING=""
|
|
else
|
|
STAGING="--staging"
|
|
fi
|
|
|
|
# Skip getting certs if requested
|
|
if [ -z "$ONLYRENEWCERTS" -a -z "$ONLYRENEWCERTSONCE" ]; then
|
|
# Try to get a certificate, accept failures
|
|
while [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; do
|
|
certbot certonly --agree-tos --cert-name "${DOMAIN}" \
|
|
--email "$EMAIL" --expand --non-interactive \
|
|
--domain "$DOMAIN" --standalone $STAGING
|
|
|
|
# If it failed, sleep before next try
|
|
if [ ! -f "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" ]; then
|
|
sleep 30
|
|
fi
|
|
|
|
# Correct permissions for multi user container/pod deployments
|
|
# if not indicated otherwise
|
|
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
|
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
|
|
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
|
|
fi
|
|
done
|
|
fi
|
|
|
|
if [ "$ONLYGETCERT" ]; then
|
|
exit 0
|
|
fi
|
|
|
|
# Still there? Start nginx if requested
|
|
|
|
if [ "$NGINX" ]; then
|
|
|
|
if [ "$NGINX_HTTP_REDIRECT" ]; then
|
|
cp /nginx-http-redir.conf /etc/nginx/conf.d
|
|
fi
|
|
nginx
|
|
fi
|
|
|
|
# Try to renew once per day
|
|
while true; do
|
|
if [ "$NGINX_HTTP_REDIRECT" ]; then
|
|
/usr/bin/certbot renew --webroot --webroot-path /var/www/html
|
|
else
|
|
/usr/bin/certbot renew
|
|
fi
|
|
|
|
# And again, correct permissions if not told otherwise
|
|
if [ -z "$LEAVE_PERMISSIONS_AS_IS" ]; then
|
|
find /etc/letsencrypt -type d -exec chmod 0755 {} \;
|
|
find /etc/letsencrypt -type f -exec chmod 0644 {} \;
|
|
fi
|
|
|
|
[ "$ONLYRENEWCERTSONCE" ] && exit 0
|
|
|
|
# reload nginx if we are running it
|
|
[ "$NGINX" ] && pkill -1 nginx
|
|
|
|
sleep 86400
|
|
done
|