#!/bin/bash #CONFIG: dry_run=true cloudflare_token='' #Create it from Cloudflare, and limit it the DNZ zone of your domain. live_certs_dir="certs/live/calm.biz"; #Script will check this directory for empty, to determine to create or renew ssl certificates. new_ssl_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare certonly #dry_run_arg# --dns-cloudflare --dns-cloudflare-credentials /certbot-cloudflare -d calm.biz -d \*.calm.biz -d temp.temp.calm.biz --preferred-challenges dns-01 --preferred-chain 'ISRG Root X1' --non-interactive --dns-cloudflare-propagation-seconds 20 --agree-tos --email w3goodies.com@gmail.com"; renew_command="docker run --rm -v ./certs:/etc/letsencrypt -v #cloudflare_token_file#:/certbot-cloudflare certbot/dns-cloudflare renew #dry_run_arg# --non-interactive --agree-tos --email w3goodies.com@gmail.com --no-random-sleep-on-renew" post_hook="docker-compose restart nginx" #posthook is executed if certificate is created for first time, or if "${live_certs_dir}/cert.pem" file is modified (based on checking last modified time). #END CONFIG #chdir to current dir. cd "$(dirname "$0")" #remove trailing slash from live_certs_dir live_certs_dir=${live_certs_dir%/} separator="==========" #Set cloudflare token in file because certbot requires it inside a file. cloudflare_token_file="./cf-tmp" echo "dns_cloudflare_api_token = ${cloudflare_token}" > ${cloudflare_token_file} chmod 600 ${cloudflare_token_file} new_ssl_command=${new_ssl_command//#cloudflare_token_file#/$cloudflare_token_file} renew_command=${renew_command//#cloudflare_token_file#/$cloudflare_token_file} #Set dry run flag in command if true. dry_run_arg="" if [ "$dry_run" = true ] ; then dry_run_arg=" --dry-run" fi new_ssl_command=${new_ssl_command//#dry_run_arg#/$dry_run_arg} renew_command=${renew_command//#dry_run_arg#/$dry_run_arg} echo "" #Check if certificate exist live_cert_file="${live_certs_dir}/cert.pem" if [ -d "$live_certs_dir" ] && [ -f "$live_cert_file" ] then #Renew last_modified_time=$(date -r "${live_cert_file}") echo "${separator}" echo "Certificates folder exist: ${live_certs_dir}" echo "TRYING TO RENEW CERTIFICATES..." echo "${separator}" if [ "$dry_run" = true ] ; then echo -e "\n${separator}\n[DRY-RUN ENABLED]\n${separator}\n" else echo -e "\n${separator}\n" fi echo -e "Output from renew command:\n" eval "${renew_command}" if [ $? -eq 0 ]; then echo -e "${separator}\nCommand exited successfully.\n${separator}\n" #Check if file is modified. new_modified_time=$(date -r "${live_cert_file}") if [ "$last_modified_time" != "$new_modified_time" ]; then echo -e "${separator}\nChange found in: ${live_cert_file}, therefore executing posthook.\n${separator}\n"; eval "${post_hook}" if [ $? -eq 0 ]; then echo -e "\n${separator}\nPost hook successfully executed.\n${separator}\n" else echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}" fi else echo -e "${separator}\nNo change in certificate so posthook is ignored.\n${separator}" fi else echo -e "\n${separator}\nERROR! Exiting.\n${separator}" fi else #Create echo "${separator}" echo "Certificates folder does not exist: ${live_certs_dir}" echo "TRYING TO CREATE SSL CERTIFICATES..." if [ "$dry_run" = true ] ; then echo -e "\n${separator}\n[DRY-RUN ENABLED]\n${separator}\n" else echo -e "\n${separator}\n" fi echo -e "Output from new ssl command:\n" eval "${new_ssl_command}" if [ $? -eq 0 ]; then echo -e "\n${separator}\nCommand exited successfully therefore executing posthook.\n${separator}\n" eval "${post_hook}" if [ $? -eq 0 ]; then echo "Post hook successfully executed." else echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}" fi else echo -e "\n${separator}\nERROR! Exiting.\n${separator}" fi fi echo "" #Remove tmp file rm -f ${cloudflare_token_file}