144 lines
4.3 KiB
Bash
144 lines
4.3 KiB
Bash
#!/bin/bash
|
|
|
|
echo ""
|
|
|
|
#chdir to current dir.
|
|
cd "$(dirname "$0")"
|
|
|
|
#Load config
|
|
config_file=$1
|
|
if [ ! -f "$config_file" ]; then
|
|
echo -e "Error: You must provide config file to load as argument or config file does not exist: ${config_file}\n"
|
|
exit 1
|
|
fi
|
|
|
|
source $config_file
|
|
|
|
#Check certs dir exist
|
|
certs_dir="${certs_dir%/}" #Remove trailing slash
|
|
if [ ! -d "$certs_dir" ]; then
|
|
echo -e "Error: Certs dir does not exist: ${certs_dir}\n"
|
|
exit 1
|
|
fi
|
|
certs_dir=$(readlink -f $certs_dir) #absolute path from relative
|
|
|
|
#Check cloudflare token set
|
|
if [ -z "${cloudflare_token}" ]; then
|
|
echo -e "Error: You must provide cloudflare_token.\n"
|
|
exit 1
|
|
fi
|
|
|
|
#Check cloudflare token set
|
|
if [ -z "${domain}" ]; then
|
|
echo -e "Error: You must provide domain.\n"
|
|
exit 1
|
|
fi
|
|
|
|
#End load config
|
|
|
|
separator="=========="
|
|
|
|
#Set cloudflare token in file because certbot requires it inside a file.
|
|
cloudflare_token_file="./cf-tmp"
|
|
echo "dns_cloudflare_api_token = ${cloudflare_token}" > ${cloudflare_token_file}
|
|
chmod 600 ${cloudflare_token_file}
|
|
new_ssl_command=${new_ssl_command//#cloudflare_token_file#/$cloudflare_token_file}
|
|
renew_command=${renew_command//#cloudflare_token_file#/$cloudflare_token_file}
|
|
|
|
#Set certs folder
|
|
new_ssl_command=${new_ssl_command//#certs_dir#/$certs_dir}
|
|
renew_command=${renew_command//#certs_dir#/$certs_dir}
|
|
|
|
#Set domain arg
|
|
domain_arg=" -d ${domain} -d \*.${domain} "
|
|
new_ssl_command=${new_ssl_command//#domain_arg#/$domain_arg}
|
|
renew_command=${renew_command//#domain_arg#/$domain_arg}
|
|
|
|
#Set email arg
|
|
email_arg=" --email ${email} "
|
|
new_ssl_command=${new_ssl_command//#email_arg#/$email_arg}
|
|
renew_command=${renew_command//#email_arg#/$email_arg}
|
|
|
|
#Set dry run flag in command if true.
|
|
dry_run_arg=""
|
|
if [ "$dry_run" = true ] ; then
|
|
dry_run_arg=" --dry-run"
|
|
fi
|
|
new_ssl_command=${new_ssl_command//#dry_run_arg#/$dry_run_arg}
|
|
renew_command=${renew_command//#dry_run_arg#/$dry_run_arg}
|
|
|
|
certbotNotice="It's not a dry-run, therefore don't keep generating/renewing certificates (more than 5 in a day), as certbot has rate limitations.";
|
|
|
|
#Check if certificate exist
|
|
live_cert_file="${certs_dir}/live/${domain}/cert.pem"
|
|
if [ -f "$live_cert_file" ]
|
|
then
|
|
#Renew
|
|
last_modified_time=$(date -r "${live_cert_file}")
|
|
|
|
echo "${separator}"
|
|
echo "Certificates folder exist: ${live_certs_dir}"
|
|
echo "TRYING TO RENEW CERTIFICATES..."
|
|
echo "${separator}"
|
|
if [ "$dry_run" = true ] ; then
|
|
echo -e "${separator}\n[DRY-RUN ENABLED]\n${separator}\n"
|
|
else
|
|
echo -e "${separator}\n[${certbotNotice}]\n${separator}\n"
|
|
fi
|
|
echo -e "Output from renew command:\n"
|
|
|
|
eval "${renew_command}"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo -e "${separator}\nCommand exited successfully.\n${separator}\n"
|
|
|
|
#Check if file is modified.
|
|
new_modified_time=$(date -r "${live_cert_file}")
|
|
if [ "$last_modified_time" != "$new_modified_time" ]; then
|
|
echo -e "${separator}\nChange found in: ${live_cert_file}, therefore executing posthook.\n${separator}\n";
|
|
|
|
eval "${post_hook}"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo -e "\n${separator}\nPost hook successfully executed.\n${separator}\n"
|
|
else
|
|
echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}"
|
|
fi
|
|
else
|
|
echo -e "${separator}\nNo change in certificate so posthook is ignored.\n${separator}"
|
|
fi
|
|
else
|
|
echo -e "\n${separator}\nERROR! Exiting.\n${separator}"
|
|
fi
|
|
else
|
|
#Create
|
|
echo "${separator}"
|
|
echo "Certificates folder does not exist: ${live_certs_dir}"
|
|
echo "TRYING TO CREATE SSL CERTIFICATES..."
|
|
if [ "$dry_run" = true ] ; then
|
|
echo -e "${separator}\n[DRY-RUN ENABLED]\n${separator}\n"
|
|
else
|
|
echo -e "${separator}\n[${certbotNotice}]\n${separator}\n"
|
|
fi
|
|
echo -e "Output from new ssl command:\n"
|
|
|
|
eval "${new_ssl_command}"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo -e "\n${separator}\nCommand exited successfully therefore executing posthook.\n${separator}\n"
|
|
eval "${post_hook}"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "Post hook successfully executed."
|
|
else
|
|
echo -e "\n${separator}\nERROR! Unable to execute post hook.\n${separator}"
|
|
fi
|
|
else
|
|
echo -e "\n${separator}\nERROR! Exiting.\n${separator}"
|
|
fi
|
|
fi
|
|
|
|
echo ""
|
|
|
|
#Remove tmp file
|
|
rm -f ${cloudflare_token_file} |