#!/bin/bash echo "" #chdir to current dir. cd "$(dirname "$0")" || exit #Check docker exist if ! [ -x "$(command -v docker)" ]; then echo -e 'Error: Docker is not installed.\n' exit 1 fi #Load config config_file=$1 if [ ! -f "$config_file" ]; then echo -e "Error: You must provide config file to load as argument or config file does not exist: ${config_file}\n" exit 1 fi source $config_file #Check certs dir exist certs_dir="${certs_dir%/}" #Remove trailing slash if [ ! -d "$certs_dir" ]; then echo -e "Error: Certs dir does not exist: ${certs_dir}\n" exit 1 fi certs_dir=$(readlink -f $certs_dir) #absolute path from relative #Check cloudflare token set if [ -z "${cloudflare_token}" ]; then echo -e "Error: You must provide cloudflare_token.\n" exit 1 fi #Check cloudflare token set if [ -z "${domain}" ]; then echo -e "Error: You must provide domain.\n" exit 1 fi #End load config separator="==========" #Set cloudflare token in file because certbot requires it inside a file. cloudflare_token_file="./cf-tmp" echo "dns_cloudflare_api_token = ${cloudflare_token}" > ${cloudflare_token_file} chmod 600 ${cloudflare_token_file} new_ssl_command=${new_ssl_command//#cloudflare_token_file#/$cloudflare_token_file} renew_command=${renew_command//#cloudflare_token_file#/$cloudflare_token_file} #Set certs folder new_ssl_command=${new_ssl_command//#certs_dir#/$certs_dir} renew_command=${renew_command//#certs_dir#/$certs_dir} #Set domain arg domain_arg=" -d ${domain} -d \*.${domain} " new_ssl_command=${new_ssl_command//#domain_arg#/$domain_arg} renew_command=${renew_command//#domain_arg#/$domain_arg} #Set email arg email_arg=" --email ${email} " new_ssl_command=${new_ssl_command//#email_arg#/$email_arg} renew_command=${renew_command//#email_arg#/$email_arg} #Set dry run flag in command if true. dry_run_arg="" if [ "$dry_run" = true ] ; then dry_run_arg=" --dry-run" fi new_ssl_command=${new_ssl_command//#dry_run_arg#/$dry_run_arg} renew_command=${renew_command//#dry_run_arg#/$dry_run_arg} certbotNotice="It's not a dry-run, therefore don't keep generating/renewing certificates (more than 5 in a day), as certbot has rate limitations."; #Check if certificate exist live_cert_file="${certs_dir}/live/${domain}/cert.pem" if [ -f "$live_cert_file" ] then #Renew last_modified_time=$(date -r "${live_cert_file}") echo "${separator}" echo "Certificates folder exist: ${live_certs_dir}" echo "TRYING TO RENEW CERTIFICATES..." echo "${separator}" if [ "$dry_run" = true ] ; then echo -e "${separator}\n[DRY-RUN ENABLED]\n${separator}\n" else echo -e "${separator}\n[${certbotNotice}]\n${separator}\n" fi echo -e "Output from renew command:\n" eval "${renew_command}" if [ $? -eq 0 ]; then echo -e "${separator}\nCommand exited successfully.\n${separator}\n" #Check if file is modified. new_modified_time=$(date -r "${live_cert_file}") if [ "$last_modified_time" != "$new_modified_time" ]; then echo -e "${separator}\nChange found in: ${live_cert_file}, therefore executing posthook.\n${separator}\n"; eval "${post_hook}" if [ $? -eq 0 ]; then echo -e "\n${separator}\nPost hook successfully executed.\n${separator}\n" else echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}" fi else echo -e "${separator}\nNo change in certificate so posthook is ignored.\n${separator}" fi else echo -e "\n${separator}\nERROR! Exiting.\n${separator}" fi else #Create echo "${separator}" echo "Certificates folder does not exist: ${live_certs_dir}" echo "TRYING TO CREATE SSL CERTIFICATES..." if [ "$dry_run" = true ] ; then echo -e "${separator}\n[DRY-RUN ENABLED]\n${separator}\n" else echo -e "${separator}\n[${certbotNotice}]\n${separator}\n" fi echo -e "Output from new ssl command:\n" eval "${new_ssl_command}" if [ $? -eq 0 ]; then echo -e "\n${separator}\nCommand exited successfully therefore executing posthook.\n${separator}\n" eval "${post_hook}" if [ $? -eq 0 ]; then echo -e "\n${separator}\nPost hook successfully executed.\n${separator}\n" else echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}" fi else echo -e "\n${separator}\nERROR! Exiting.\n${separator}" fi fi echo "" #Remove tmp file rm -f ${cloudflare_token_file}