free
/
freedombone
Suivre 1
Favoriser 0
Bifurcation 0
Code Tickets 0 Demandes d'ajout 0 Versions 0 Wiki Activité
Parcourir la source

Renewal of letsencrypt certs as a cron job

Bob Mottram il y a 9 ans
Parent
0318ca8edf
révision
6ce7fc8a94
1 fichiers modifiés avec 35 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 35
    0
      src/freedombone

+ 35
- 0
src/freedombone Voir le fichier 

@@ -1506,6 +1506,40 @@ function get_cjdns_password {
1506 1506 
   fi
1507 1507 
 }
1508 1508
1509 
+# script to automatically renew any Let's Encrypt certificates
1510 
+function letsencrypt_renewals {
1511 
+  renewals_script=/etc/cron.monthly/letsencrypt
1512 
+  renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
1513 
+  renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
1514 
+
1515 
+  echo '#!/bin/bash' > $renewals_script
1516 
+  echo '' >> $renewals_script
1517 
+  echo "PROJECT_NAME='freedombone'" >> $renewals_script
1518 
+  echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
1519 
+  echo '' >> $renewals_script
1520 
+  echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
1521 
+  echo -n '    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
1522 
+  echo -n "awk -F ':' '{print " >> $renewals_script
1523 
+  echo -n '$2' >> $renewals_script
1524 
+  echo "}')" >> $renewals_script
1525 
+  echo '    ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_script
1526 
+  echo '    for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_script
1527 
+  echo -n '        LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_script
1528 
+  echo -n "awk -F '/' '{print " >> $renewals_script
1529 
+  echo -n '$5' >> $renewals_script
1530 
+  echo "}')" >> $renewals_script
1531 
+  echo '        if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_script
1532 
+  echo '            ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_script
1533 
+  echo '            if [ ! "$?" = "0" ]; then' >> $renewals_script
1534 
+  echo -n "                echo '$renewal_failure_msg' | mail -s '$renewal_email_title' " >> $renewals_script
1535 
+  echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
1536 
+  echo '            fi' >> $renewals_script
1537 
+  echo '        fi' >> $renewals_script
1538 
+  echo '    done' >> $renewals_script
1539 
+  echo 'fi' >> $renewals_script
1540 
+  chmod +x renewals_script
1541 
+}
1542 
+
1509 1543 
 function save_firewall_settings {
1510 1544 
   iptables-save > /etc/firewall.conf
1511 1545 
   ip6tables-save > /etc/firewall6.conf
 
@@ -8946,6 +8980,7 @@ check_hwrng
8946 8980 
 search_for_attached_usb_drive
8947 8981 
 regenerate_ssh_keys
8948 8982 
 create_upgrade_script
8983 
+letsencrypt_renewals
8949 8984 
 install_zeronet
8950 8985 
 install_watchdog_script
8951 8986 
 configure_avahi