Updated cron handling, hook details, more verbose output
This commit is contained in:
parent
e052241f80
commit
194a9a4385
GPG Key ID:
14977F3A50D9A5BF
55
acme-tool
55
acme-tool
|
|
@ -58,6 +58,11 @@ else
|
|||
fi
|
||||
fi
|
||||
|
||||
# Cleanup (Just in case...)
|
||||
if [[ -f "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then
|
||||
rm -f "${LE_WORKING_DIR}/hooks/renew.flg"
|
||||
fi
|
||||
|
||||
|
||||
# Functions
|
||||
|
||||
|
|
@ -119,10 +124,12 @@ run-hook() {
|
|||
|
||||
while read s
|
||||
do
|
||||
echo "Running hooks in ${hook}:$(basename "$s")"
|
||||
"$s" $*
|
||||
err=$?
|
||||
|
||||
if [[ $err -ne 0 ]]; then
|
||||
echo "Error running hooks for ${hook}:$(basename "$s")"
|
||||
let errors++
|
||||
fi
|
||||
done < <(run-parts "${hook_dir}/${hook}")
|
||||
|
|
@ -229,7 +236,7 @@ issue_certs() {
|
|||
echo "Running Lets Encrypt on $domain for RSA${keysize_rsa}"
|
||||
"$LE_WORKING_DIR"/acme.sh \
|
||||
--issue --dns dns_aws --keylength $keysize_rsa \
|
||||
--post-hook "$script_name hook sync.d" \
|
||||
--post-hook "$script_name hook deploy.d" \
|
||||
$(get_arg_domains "$domain") $args
|
||||
fi
|
||||
|
||||
|
|
@ -237,13 +244,27 @@ issue_certs() {
|
|||
echo "Running Lets Encrypt on $domain for EC${keysize_ecc}"
|
||||
"$LE_WORKING_DIR"/acme.sh \
|
||||
--issue --dns dns_aws --keylength ec-$keysize_ecc \
|
||||
--post-hook "$script_name hook sync.d" \
|
||||
--post-hook "$script_name hook deploy.d" \
|
||||
$(get_arg_domains "$domain") $args
|
||||
fi
|
||||
}
|
||||
|
||||
cron_certs() {
|
||||
"${LE_WORKING_DIR}"/acme.sh --cron --home ${LE_WORKING_DIR} --renew-hook "${script_name} sync upload"
|
||||
if [[ "$cron_issue" == true ]]; then
|
||||
"${LE_WORKING_DIR}"/acme.sh --cron --home "${LE_WORKING_DIR}" --renew-hook "${script_name} hook renew.d"
|
||||
if [[ -r "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then
|
||||
rm -f "${LE_WORKING_DIR}/hooks/renew.flg"
|
||||
if [[ "$cron_upload" == true ]]; then
|
||||
s3_upload
|
||||
else
|
||||
run-hook deploy.d
|
||||
fi
|
||||
fi
|
||||
elif [[ "$cron_download" == true ]]; then
|
||||
if s3_check; then
|
||||
s3_download
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
create_certs() {
|
||||
|
|
@ -287,9 +308,11 @@ s3_upload() {
|
|||
|
||||
for dompart in "${domain}" "${domain}_ecc"; do
|
||||
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
|
||||
echo "Uploading certs for ${domain}:${dompart}"
|
||||
run-hook pre.d "$domain"
|
||||
aws s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/"
|
||||
aws --exact-timestamps s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error uploading ${domain}:${dompart}"
|
||||
let errors++
|
||||
fi
|
||||
run-hook post.d "$domain"
|
||||
|
|
@ -312,7 +335,7 @@ s3_check() {
|
|||
for domain in $(get_acme_domains); do
|
||||
for dompart in "$domain" "${domain}_ecc"; do
|
||||
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
|
||||
aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null
|
||||
aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null
|
||||
if [[ $? -eq 0 ]]; then
|
||||
status=0
|
||||
fi
|
||||
|
|
@ -329,7 +352,7 @@ s3_show() {
|
|||
for domain in $(get_acme_domains); do
|
||||
for dompart in "$domain" "${domain}_ecc"; do
|
||||
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
|
||||
aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|"
|
||||
aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|"
|
||||
fi
|
||||
done
|
||||
done
|
||||
|
|
@ -346,18 +369,21 @@ s3_download() {
|
|||
|
||||
for dompart in "${domain}" "${domain}_ecc"; do
|
||||
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
|
||||
aws s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/"
|
||||
echo "Downloading certs for ${domain}:${dompart}"
|
||||
aws --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/"
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "Error downloading certs in ${domain}:${dompart}"
|
||||
let errors++
|
||||
fi
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ $errors -eq 0 ]]; then
|
||||
run-hook deploy.d "$domain"
|
||||
fi
|
||||
totalerrors=$((totalerrors+errors))
|
||||
done
|
||||
|
||||
if [[ $totalerrors -eq 0 ]]; then
|
||||
run-hook deploy.d "$domain"
|
||||
fi
|
||||
|
||||
return $totalerrors
|
||||
}
|
||||
|
||||
|
|
@ -473,19 +499,20 @@ case ${1,,} in
|
|||
;;
|
||||
hook)
|
||||
if [[ -n "$2" ]]; then
|
||||
shift 2
|
||||
#shift 2
|
||||
|
||||
case ${2,,} in
|
||||
case "${2,,}" in
|
||||
pre.d) run-hook pre.d $*;;
|
||||
post.d) run-hook post.d $*;;
|
||||
sync.d) run-hook sync.d $*;;
|
||||
deploy.d) run-hook deploy.d $*;;
|
||||
renew.d) touch "${LE_WORKING_DIR}/hooks/renew.flg";;
|
||||
*) echo "ERROR: Unknown hook \"${2,,}\". Available hooks:"
|
||||
echo " pre.d Before running issue/renew/sync"
|
||||
echo " post.d After running issue/renew/sync"
|
||||
echo " sync.d After running issue/renew"
|
||||
echo " deploy.d After successfully running issue/renew/sync"
|
||||
error 6
|
||||
exit 6
|
||||
;;
|
||||
esac
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -2,6 +2,8 @@
|
|||
|
||||
keysize_rsa=4096
|
||||
keysize_ecc=256
|
||||
s3_bucket=s3://linux-help-certs/
|
||||
s3_bucket=s3://my-certs-bucket/
|
||||
s3_folder=
|
||||
|
||||
cron_issue=true
|
||||
cron_upload=false
|
||||
cron_download=false
|
||||
|
|
|
|||
Loading…
Reference in New Issue