change to s6
This commit is contained in:
85
root/certbot-prepare.sh
Normal file
85
root/certbot-prepare.sh
Normal file
@ -0,0 +1,85 @@
|
||||
#!/command/with-contenv bash
|
||||
# shellcheck shell=bash
|
||||
|
||||
#Creating needed folders and files if they don't already exist
|
||||
if [ ! -d /config/.secrets ]
|
||||
then
|
||||
mkdir /config/.secrets
|
||||
fi
|
||||
|
||||
if [ ! -d /config/letsencrypt ]
|
||||
then
|
||||
mkdir /config/letsencrypt
|
||||
fi
|
||||
|
||||
if [ ! -d /config/letsencrypt/keys ]
|
||||
then
|
||||
mkdir /config/letsencrypt/keys
|
||||
fi
|
||||
|
||||
if [ ! -d /config/logs ]
|
||||
then
|
||||
mkdir /config/logs
|
||||
fi
|
||||
|
||||
if [ ! -f /config/logs/renew.log ]
|
||||
then
|
||||
touch /config/logs/renew.log
|
||||
fi
|
||||
|
||||
if [ ! -f /config/.crontab.txt ]
|
||||
then
|
||||
touch /config/.crontab.txt
|
||||
fi
|
||||
|
||||
if [ ! -f /config/.secrets/cloudflare.ini ]
|
||||
then
|
||||
touch /config/.secrets/cloudflare.ini
|
||||
fi
|
||||
|
||||
if [ -n "$CLOUDFLARE_TOKEN" ]
|
||||
then
|
||||
echo "Cloudflare token is present"
|
||||
|
||||
echo "dns_cloudflare_api_token = $CLOUDFLARE_TOKEN" >> /config/.secrets/cloudflare.ini
|
||||
|
||||
fi
|
||||
|
||||
if [ ! -s /config/.secrets/cloudflare.ini ]
|
||||
then
|
||||
echo "cloudflare.ini is empty - please add your Cloudflare credentials or API key before continuing. This can be done as an ENV var, or by editing the file directly"
|
||||
|
||||
exit 22
|
||||
fi
|
||||
|
||||
#Securing cloudflare.ini to supress warnings
|
||||
chmod 600 /config/.secrets/cloudflare.ini
|
||||
|
||||
echo "Creating certificates, or attempting to renew if they already exist"
|
||||
|
||||
if [[ $STAGING = true ]]
|
||||
then
|
||||
echo "Using staging endpoint - THIS SHOULD BE USED FOR TESTING ONLY"
|
||||
certbot certonly --staging --non-interactive --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --key-path /config/letsencrypt/keys --expand --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
|
||||
echo "Creation/renewal attempt complete"
|
||||
elif [[ $STAGING = false ]]
|
||||
then
|
||||
echo "Using production endpoint"
|
||||
certbot certonly --non-interactive --config-dir /config/letsencrypt --work-dir /config/.tmp --logs-dir /config/logs --key-path /config/letsencrypt/keys --expand --agree-tos --dns-cloudflare --dns-cloudflare-propagation-seconds $PROPOGATION_TIME --dns-cloudflare-credentials /config/.secrets/cloudflare.ini --email $EMAIL -d $DOMAINS
|
||||
echo "Creation/renewal attempt complete"
|
||||
else
|
||||
echo "Unrecognised option for STAGING variable - check your configuration"
|
||||
|
||||
exit 22
|
||||
fi
|
||||
|
||||
if [[ $GENERATE_DHPARAM = true ]] && [[ ! -s /config/letsencrypt/keys/ssl-dhparams.pem ]]
|
||||
then
|
||||
echo "Generating Diffie-Hellman keys, saved to /config/letsencrypt/keys"
|
||||
openssl dhparam -out /config/letsencrypt/keys/ssl-dhparams.pem 4096
|
||||
fi
|
||||
|
||||
echo "$INTERVAL /certbot-renew.sh >> /config/logs/renew.log" > /config/.crontab.txt
|
||||
|
||||
echo "Starting automatic renewal job. Schedule is $INTERVAL"
|
||||
crontab /config/.crontab.txt
|
||||
Reference in New Issue
Block a user