ansible-roles/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2

35 lines
1.2 KiB
Django/Jinja

#!/bin/bash
RENEW_BEFORE={{ letsencrypt_renew_before }}
LETSENCRYPT_BIN={{ letsencrypt_auto }}
LE_CERT_DIR={{ letsencrypt_certs_dir }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LOG_DIR={{ letsencrypt_logdir }}
VALIDITY_RETVAL=0
RETVAL=0
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
if [ -f $LE_CERT_DIR/cert.pem ] ; then
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
VALIDITY_RETVAL=$?
if [ $VALIDITY_RETVAL -eq 0 ] ; then
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
exit 0
fi
fi
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
$LETSENCRYPT_BIN certonly --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
RETVAL=$?
# Run the reconfiguration scripts to make the involved services load the new certificate
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
if [ -x $f ] ; then
echo "Running $f" >> $LOG_DIR/letsencrypt_request.log
$f >> $LOG_DIR/letsencrypt_request.log 2>&1
fi
done
exit 0