library/certbot/bin/run_certbot.sh

59 lines
1.5 KiB
Bash
Raw Normal View History

2018-10-27 03:58:37 +00:00
#!/bin/sh
set -e
get_certificate() {
local LIVE_DIR_PATH="/etc/letsencrypt/live"
if [ -z "$CERT_DOMAINS" ]; then
return
fi
if [ ! -d "$LIVE_DIR_PATH" ]; then
mkdir -p $LIVE_DIR_PATH
fi
# Certificates are separated by semi-colon (;). Domains on each certificate are
# separated by comma (,).
local CERT_TARGETS=${CERT_DOMAINS//;/ }
local RESULT_CODE=
echo "Cerbot start to generate certificate."
# Create or renew certificates. Don't exit on error. It's likely that certbot
# will fail on first run, if HAproxy is not running.
for DOMAINS in $CERT_TARGETS; do
local FIRST_DOMAIN=${DOMAINS//,*/ } # read first domain
echo "Certificating of $DOMAINS is start."
if [[ ! -d "$LIVE_DIR_PATH/$FIRST_DOMAIN" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/fullchain.pem" || ! -f "$LIVE_DIR_PATH/$FIRST_DOMAIN/privkey.pem" ]]; then
certbot certonly \
--agree-tos \
--email "$CERT_EMAIL" \
--domains "$DOMAINS" \
--rsa-key-size $CERT_RSA_KEY_SIZE \
--expand \
--noninteractive \
--logs-dir /var/log/letsencrypt/ \
--webroot \
--webroot-path /usr/share/nginx/html/ \
$CERT_OPTIONS || true
RESULT_CODE=$?
echo "certbot exit code $RESULT_CODE"
if [ $RESULT_CODE -ne 0 ]; then
echo "Cerbot failed for $DOMAINS. Check the logs for details."
fi
else
echo "Certificating of $DOMAINS is exist already."
fi
done
echo "Cerbot ended to generate certificate."
}
get_certificate
update_crt_list.sh