59 lines
1.5 KiB
Bash
59 lines
1.5 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
get_certificate() {
|
||
|
local LIVE_DIR_PATH="/etc/letsencrypt/live"
|
||
|
|
||
|
if [ -z "$CERT_DOMAINS" ]; then
|
||
|
return
|
||
|
fi
|
||
|
|
||
|
if [ ! -d "$LIVE_DIR_PATH" ]; then
|
||
|
mkdir -p $LIVE_DIR_PATH
|
||
|
fi
|
||
|
|
||
|
# Certificates are separated by semi-colon (;). Domains on each certificate are
|
||
|
# separated by comma (,).
|
||
|
local CERT_TARGETS=${CERT_DOMAINS//;/ }
|
||
|
local RESULT_CODE=
|
||
|
|
||
|
echo "Cerbot start to generate certificate."
|
||
|
|
||
|
# Create or renew certificates. Don't exit on error. It's likely that certbot
|
||
|
# will fail on first run, if HAproxy is not running.
|
||
|
for DOMAINS in $CERT_TARGETS; do
|
||
|
local FIRST_DOMAIN=${DOMAINS//,*/ } # read first domain
|
||
|
echo "Certificating of $DOMAINS is start."
|
||
|
|
||
|
if [[ ! -d "$LIVE_DIR_PATH/$FIRST_DOMAIN" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/fullchain.pem" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/privkey.pem" ]]; then
|
||
|
certbot certonly \
|
||
|
--agree-tos \
|
||
|
--email "$CERT_EMAIL" \
|
||
|
--domains "$DOMAINS" \
|
||
|
--rsa-key-size $CERT_RSA_KEY_SIZE \
|
||
|
--expand \
|
||
|
--noninteractive \
|
||
|
--logs-dir /var/log/letsencrypt/ \
|
||
|
--webroot \
|
||
|
--webroot-path /usr/share/nginx/html/ \
|
||
|
$CERT_OPTIONS || true
|
||
|
|
||
|
RESULT_CODE=$?
|
||
|
echo "certbot exit code $RESULT_CODE"
|
||
|
|
||
|
if [ $RESULT_CODE -ne 0 ]; then
|
||
|
echo "Cerbot failed for $DOMAINS. Check the logs for details."
|
||
|
fi
|
||
|
else
|
||
|
echo "Certificating of $DOMAINS is exist already."
|
||
|
fi
|
||
|
|
||
|
done
|
||
|
|
||
|
echo "Cerbot ended to generate certificate."
|
||
|
}
|
||
|
|
||
|
get_certificate
|
||
|
|
||
|
update_crt_list.sh
|