-
Notifications
You must be signed in to change notification settings - Fork 9
/
certbot.sh
executable file
·93 lines (78 loc) · 2.29 KB
/
certbot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#!/bin/bash
set -e
# set TOS="--agree-tos" in your env to auto-agree.
# `certbot certonly` will ask for your confirmation otherwise.
BASEDIR=${BASEDIR:-/etc/letsencrypt}
LIVEDIR=${LIVEDIR:-${BASEDIR}/live}
CERTBOT="/usr/bin/certbot --text --webroot -w /var/lib/certbot/"
SYMLINK=/etc/nginx/ssl/latest
function fail ()
{
(>&2 echo $@)
exit 1
}
function log ()
{
[ ${VERBOSE} -eq 0 ] || echo $@
}
################################################################################
# http://stackoverflow.com/a/7948533/203515
# NOTE: This requires GNU getopt. On Mac OS X and FreeBSD, you have to install this
# separately; see below.
TEMP=`getopt -o vCLR: --long verbose,nocert,nolink,noreload \
-n 'certbot.sh' -- "$@"`
if [ $? != 0 ] ; then echo "Terminating..." >&2 ; exit 1 ; fi
# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"
VERBOSE=0
CERT=1
LINK=1
RELOAD=1
while true; do
case "$1" in
-v | --verbose ) VERBOSE=1; shift ;;
-C | --nocert ) CERT=0; shift ;;
-L | --nolink ) LINK=0; shift ;;
-R | --noreload ) RELOAD=0; shift ;;
-- ) shift; break ;;
* ) break ;;
esac
done
# done with option parsing
#################################################################################
# not verbose? hush certbot
[ ${VERBOSE} -eq 0 ] && CERTBOT="${CERTBOT} -q"
function install_link ()
{
LATEST=$(ls -td1 ${LIVEDIR}/* | head -n1)
log "Using live directory: ${LATEST}"
rm -f ${SYMLINK}
ln -sf ${LATEST} ${SYMLINK}
}
function certbot_init ()
{
[ -n "${EMAIL}" ] || fail "EMAIL environment variable missing"
[ -n "${DOMAINS}" ] || fail "DOMAINS environment variable missing"
# expand ${DOMAINS} and replace whitespace with commas, certbot accepts
# comma-separated lists of domains or multiple -d parameters
DOMAINS=$(eval echo $DOMAINS | sed -e "s| \+|,|g")
log "Requesting initial certificate for ${DOMAINS}"
${CERTBOT} certonly ${TOS} --email ${EMAIL} -d ${DOMAINS}
}
function certbot_renew ()
{
log "Renewing existing certificate"
${CERTBOT} renew
}
function certbot ()
{
[ -d ${LIVEDIR} ] && certbot_renew || certbot_init
}
function reload_nginx ()
{
log "Reloading nginx"
nginx -s reload
}
[ ${CERT} -eq 0 ] || certbot
[ ${LINK} -eq 0 ] || install_link
[ ${RELOAD} -eq 0 ] || reload_nginx