ansible-roles/letsencrypt-client/templates/letsencrypt-cert-request.sh.j2

46 lines
1.5 KiB
Plaintext
Raw Normal View History

#!/bin/bash
RENEW_BEFORE={{ letsencrypt_renew_before }}
LETSENCRYPT_BIN={{ letsencrypt_auto }}
LE_CERT_DIR={{ letsencrypt_certs_dir }}
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
LOG_DIR={{ letsencrypt_logdir }}
VALIDITY_RETVAL=0
DOMAINS="{{ letsencrypt_domains }}"
CERT_DOMAINS_LIST=
ACTION=certonly
RETVAL=0
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
if [ -f $LE_CERT_DIR/cert.pem ] ; then
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
VALIDITY_RETVAL=$?
if [ $VALIDITY_RETVAL -eq 0 ] ; then
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
exit 0
else
ACTION=renew
fi
fi
if [ "$ACTION" === "certonly" ] ; then
for dom in $DOMAINS ; do
CERT_DOMAINS_LIST+=" -d $dom"
done
fi
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
RETVAL=$?
# Run the reconfiguration scripts to make the involved services load the new certificate
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
$LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
fi
done
exit 0