forked from ISTI-ansible-roles/ansible-roles
46 lines
1.5 KiB
Django/Jinja
46 lines
1.5 KiB
Django/Jinja
#!/bin/bash
|
|
|
|
RENEW_BEFORE={{ letsencrypt_renew_before }}
|
|
LETSENCRYPT_BIN={{ letsencrypt_auto }}
|
|
LE_CERT_DIR={{ letsencrypt_certs_dir }}
|
|
LE_SERVICES_SCRIPT_DIR={{ letsencrypt_services_scripts_dir }}
|
|
LOG_DIR={{ letsencrypt_logdir }}
|
|
VALIDITY_RETVAL=0
|
|
DOMAINS="{{ letsencrypt_domains }}"
|
|
CERT_DOMAINS_LIST=
|
|
ACTION=certonly
|
|
RETVAL=0
|
|
|
|
# Check if the cert file exists. If not, it is a certificate request and not a renewal.
|
|
if [ -f $LE_CERT_DIR/cert.pem ] ; then
|
|
VALIDITY_CHECK=$( openssl x509 -checkend $RENEW_BEFORE -noout -in $LE_CERT_DIR/cert.pem )
|
|
VALIDITY_RETVAL=$?
|
|
if [ $VALIDITY_RETVAL -eq 0 ] ; then
|
|
echo "The certificate is still valid" >> $LOG_DIR/letsencrypt_request.log
|
|
exit 0
|
|
else
|
|
ACTION=renew
|
|
fi
|
|
fi
|
|
|
|
if [ "$ACTION" === "certonly" ] ; then
|
|
for dom in $DOMAINS ; do
|
|
CERT_DOMAINS_LIST+=" -d $dom"
|
|
done
|
|
fi
|
|
|
|
# Ask for a new certificate. First request or renewal are the same. We only support the standalone method right now
|
|
$LETSENCRYPT_BIN $ACTION $CERT_DOMAINS_LIST --http-01-port {{ letsencrypt_standalone_port }} --config /etc/letsencrypt/cli.ini >> $LOG_DIR/letsencrypt_request.log 2>&1
|
|
RETVAL=$?
|
|
|
|
# Run the reconfiguration scripts to make the involved services load the new certificate
|
|
for f in $( /bin/ls -1 $LE_SERVICES_SCRIPT_DIR ) ; do
|
|
if [ -x $LE_SERVICES_SCRIPT_DIR/$f ] ; then
|
|
echo "Running $LE_SERVICES_SCRIPT_DIR/$f" >> $LOG_DIR/letsencrypt_request.log
|
|
$LE_SERVICES_SCRIPT_DIR/$f >> $LOG_DIR/letsencrypt_request.log 2>&1
|
|
fi
|
|
done
|
|
|
|
exit 0
|
|
|