free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

Secondary script which tries to renew letsencrypt certs after failure

Bob Mottram 9 years ago
parent
9456dad28d
commit
70158b613b
1 changed files with 45 additions and 0 deletions
Unified View Show Diff Stats
  1. 45
    0
      src/freedombone

+ 45
- 0
src/freedombone View File

1678 
 # script to automatically renew any Let's Encrypt certificates
 1678 
 # script to automatically renew any Let's Encrypt certificates
1679 
 function letsencrypt_renewals {
 1679 
 function letsencrypt_renewals {
1680 
     renewals_script=/etc/cron.monthly/letsencrypt
 1680 
     renewals_script=/etc/cron.monthly/letsencrypt
1681 
+    renewals_retry_script=/etc/cron.daily/letsencrypt
1681 
     renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
 1682 
     renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
1682 
     renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
 1683 
     renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
1683
1684
1685 
+    # the main script tries to renew once per month
1684 
     echo '#!/bin/bash' > $renewals_script
 1686 
     echo '#!/bin/bash' > $renewals_script
1685 
     echo '' >> $renewals_script
 1687 
     echo '' >> $renewals_script
1686 
     echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
 1688 
     echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_script
1687 
     echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
 1689 
     echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_script
1688 
     echo '' >> $renewals_script
 1690 
     echo '' >> $renewals_script
1689 
     echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
 1691 
     echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_script
1692 
+    echo '    if [ -f ~/letsencrypt_failed ]; then' >> $renewals_script
1693 
+    echo '        rm ~/letsencrypt_failed' >> $renewals_script
1694 
+    echo '    fi' >> $renewals_script
1690 
     echo -n '    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
 1695 
     echo -n '    ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_script
1691 
     echo -n "awk -F ':' '{print " >> $renewals_script
 1696 
     echo -n "awk -F ':' '{print " >> $renewals_script
1692 
     echo -n '$2' >> $renewals_script
 1697 
     echo -n '$2' >> $renewals_script
1705 
     echo -n "                cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
 1710 
     echo -n "                cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_script
1706 
     echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
 1711 
     echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_script
1707 
     echo '               rm ~/temp_renewletsencrypt.txt' >> $renewals_script
 1712 
     echo '               rm ~/temp_renewletsencrypt.txt' >> $renewals_script
1713 
+    echo '               if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_script
1714 
+    echo '                   touch ~/letsencrypt_failed' >> $renewals_script
1715 
+    echo '               fi' >> $renewals_script
1708 
     echo '            fi' >> $renewals_script
 1716 
     echo '            fi' >> $renewals_script
1709 
     echo '        fi' >> $renewals_script
 1717 
     echo '        fi' >> $renewals_script
1710 
     echo '    done' >> $renewals_script
 1718 
     echo '    done' >> $renewals_script
1711 
     echo 'fi' >> $renewals_script
 1719 
     echo 'fi' >> $renewals_script
1712 
     chmod +x $renewals_script
 1720 
     chmod +x $renewals_script
1721 
+
1722 
+    # a secondary script keeps trying to renew after a failure
1723 
+    echo '#!/bin/bash' > $renewals_retry_script
1724 
+    echo '' >> $renewals_retry_script
1725 
+    echo "PROJECT_NAME='${PROJECT_NAME}'" >> $renewals_retry_script
1726 
+    echo 'COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt' >> $renewals_retry_script
1727 
+    echo '' >> $renewals_retry_script
1728 
+    echo 'if [ -d /etc/letsencrypt ]; then' >> $renewals_retry_script
1729 
+    echo '    if [ -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
1730 
+    echo '        rm ~/letsencrypt_failed' >> $renewals_retry_script
1731 
+    echo -n '        ADMIN_USERNAME=$(cat $COMPLETION_FILE | grep "Admin user" | ' >> $renewals_retry_script
1732 
+    echo -n "awk -F ':' '{print " >> $renewals_retry_script
1733 
+    echo -n '$2' >> $renewals_retry_script
1734 
+    echo "}')" >> $renewals_retry_script
1735 
+    echo '        ADMIN_EMAIL_ADDRESS=$ADMIN_USERNAME@$HOSTNAME' >> $renewals_retry_script
1736 
+    echo '        for d in /etc/letsencrypt/live/*/ ; do' >> $renewals_retry_script
1737 
+    echo -n '            LETSENCRYPT_DOMAIN=$(echo "$d" | ' >> $renewals_retry_script
1738 
+    echo -n "awk -F '/' '{print " >> $renewals_retry_script
1739 
+    echo -n '$5' >> $renewals_retry_script
1740 
+    echo "}')" >> $renewals_retry_script
1741 
+    echo '            if [ -f /etc/nginx/sites-available/$LETSENCRYPT_DOMAIN ]; then' >> $renewals_retry_script
1742 
+    echo '                ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt' >> $renewals_retry_script
1743 
+    echo '                if [ ! "$?" = "0" ]; then' >> $renewals_retry_script
1744 
+    echo "                   echo \"${renewal_failure_msg}\n\n\" > ~/temp_renewletsencrypt.txt" >> $renewals_retry_script
1745 
+    echo '                   ${PROJECT_NAME}-renew-cert -h $LETSENCRYPT_DOMAIN -p letsencrypt >> ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
1746 
+    echo -n "                    cat ~/temp_renewletsencrypt.txt | mail -s \"${renewal_email_title}\" " >> $renewals_retry_script
1747 
+    echo '$ADMIN_EMAIL_ADDRESS' >> $renewals_retry_script
1748 
+    echo '                   rm ~/temp_renewletsencrypt.txt' >> $renewals_retry_script
1749 
+    echo '                   if [ ! -f ~/letsencrypt_failed ]; then' >> $renewals_retry_script
1750 
+    echo '                       touch ~/letsencrypt_failed' >> $renewals_retry_script
1751 
+    echo '                   fi' >> $renewals_retry_script
1752 
+    echo '                fi' >> $renewals_retry_script
1753 
+    echo '            fi' >> $renewals_retry_script
1754 
+    echo '        done' >> $renewals_retry_script
1755 
+    echo '    fi' >> $renewals_retry_script
1756 
+    echo 'fi' >> $renewals_retry_script
1757 
+    chmod +x $renewals_retry_script
1713 
 }
 1758 
 }
1714
1759
1715 
 function save_firewall_settings {
 1760 
 function save_firewall_settings {