|
|
@@ -1678,15 +1678,20 @@ function get_cjdns_password {
|
|
1678
|
1678
|
# script to automatically renew any Let's Encrypt certificates
|
|
1679
|
1679
|
function letsencrypt_renewals {
|
|
1680
|
1680
|
renewals_script=/etc/cron.monthly/letsencrypt
|
|
|
1681
|
+ renewals_retry_script=/etc/cron.daily/letsencrypt
|
|
1681
|
1682
|
renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
|
|
1682
|
1683
|
renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
|
|
1683
|
1684
|
|
|
|
1685
|
+ # the main script tries to renew once per month
|
|
1684
|
1686
|
echo '#!/bin/bash' > $renewals_script
|
|
1685
|
1687
|
echo '' >> $renewals_script
|
|
1686
|
1688
|
echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
|
|
1687
|
1689
|
echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
|
|
1688
|
1690
|
echo '' >> $renewals_script
|
|
1689
|
1691
|
echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
|
|
|
1692
|
+ echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
|
|
|
1693
|
+ echo ' rm ~/letsencrypt_failed' >> $renewals_script
|
|
|
1694
|
+ echo ' fi' >> $renewals_script
|
|
1690
|
1695
|
echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
|
|
1691
|
1696
|
echo -n "awk -F ':' '{print " >> $renewals_script
|
|
1692
|
1697
|
echo -n '$2' >> $renewals_script
|
|
|
@@ -1705,11 +1710,51 @@ function letsencrypt_renewals {
|
|
1705
|
1710
|
echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
|
|
1706
|
1711
|
echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
|
|
1707
|
1712
|
echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_script
|
|
|
1713
|
+ echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
|
|
|
1714
|
+ echo ' touch ~/letsencrypt_failed' >> $renewals_script
|
|
|
1715
|
+ echo ' fi' >> $renewals_script
|
|
1708
|
1716
|
echo ' fi' >> $renewals_script
|
|
1709
|
1717
|
echo ' fi' >> $renewals_script
|
|
1710
|
1718
|
echo ' done' >> $renewals_script
|
|
1711
|
1719
|
echo 'fi' >> $renewals_script
|
|
1712
|
1720
|
chmod +x $renewals_script
|
|
|
1721
|
+
|
|
|
1722
|
+ # a secondary script keeps trying to renew after a failure
|
|
|
1723
|
+ echo '#!/bin/bash' > $renewals_retry_script
|
|
|
1724
|
+ echo '' >> $renewals_retry_script
|
|
|
1725
|
+ echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
|
|
|
1726
|
+ echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
|
|
|
1727
|
+ echo '' >> $renewals_retry_script
|
|
|
1728
|
+ echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
|
|
|
1729
|
+ echo ' if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
|
|
|
1730
|
+ echo ' rm ~/letsencrypt_failed' >> $renewals_retry_script
|
|
|
1731
|
+ echo -n ' ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
|
|
|
1732
|
+ echo -n "awk -F ':' '{print " >> $renewals_retry_script
|
|
|
1733
|
+ echo -n '$2' >> $renewals_retry_script
|
|
|
1734
|
+ echo "}')" >> $renewals_retry_script
|
|
|
1735
|
+ echo ' ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
|
|
|
1736
|
+ echo ' for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
|
|
|
1737
|
+ echo -n ' LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
|
|
|
1738
|
+ echo -n "awk -F '/' '{print " >> $renewals_retry_script
|
|
|
1739
|
+ echo -n '$5' >> $renewals_retry_script
|
|
|
1740
|
+ echo "}')" >> $renewals_retry_script
|
|
|
1741
|
+ echo ' if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
|
|
|
1742
|
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
|
|
|
1743
|
+ echo ' if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
|
|
|
1744
|
+ echo " echo \"${renewal_failure_msg}\n\n\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
|
|
|
1745
|
+ echo ' ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
|
|
|
1746
|
+ echo -n " cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
|
|
|
1747
|
+ echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
|
|
|
1748
|
+ echo ' rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
|
|
|
1749
|
+ echo ' if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
|
|
|
1750
|
+ echo ' touch ~/letsencrypt_failed' >> $renewals_retry_script
|
|
|
1751
|
+ echo ' fi' >> $renewals_retry_script
|
|
|
1752
|
+ echo ' fi' >> $renewals_retry_script
|
|
|
1753
|
+ echo ' fi' >> $renewals_retry_script
|
|
|
1754
|
+ echo ' done' >> $renewals_retry_script
|
|
|
1755
|
+ echo ' fi' >> $renewals_retry_script
|
|
|
1756
|
+ echo 'fi' >> $renewals_retry_script
|
|
|
1757
|
+ chmod +x $renewals_retry_script
|
|
1713
|
1758
|
}
|
|
1714
|
1759
|
|
|
1715
|
1760
|
function save_firewall_settings {
|
Bob Mottram
9 年前