From 194a9a43859d4c7ab9b2d9e3127314fd296c42ff Mon Sep 17 00:00:00 2001 From: Eric Renfro Date: Fri, 11 May 2018 21:39:03 -0400 Subject: [PATCH] Updated cron handling, hook details, more verbose output --- acme-tool | 55 ++++++++++++++++++++++++++++++++----------- acme-tool.conf.sample | 6 +++-- 2 files changed, 45 insertions(+), 16 deletions(-) diff --git a/acme-tool b/acme-tool index d9213e5..faa6245 100755 --- a/acme-tool +++ b/acme-tool @@ -58,6 +58,11 @@ else fi fi +# Cleanup (Just in case...) +if [[ -f "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then + rm -f "${LE_WORKING_DIR}/hooks/renew.flg" +fi + # Functions @@ -119,10 +124,12 @@ run-hook() { while read s do + echo "Running hooks in ${hook}:$(basename "$s")" "$s" $* err=$? if [[ $err -ne 0 ]]; then + echo "Error running hooks for ${hook}:$(basename "$s")" let errors++ fi done < <(run-parts "${hook_dir}/${hook}") @@ -229,7 +236,7 @@ issue_certs() { echo "Running Lets Encrypt on $domain for RSA${keysize_rsa}" "$LE_WORKING_DIR"/acme.sh \ --issue --dns dns_aws --keylength $keysize_rsa \ - --post-hook "$script_name hook sync.d" \ + --post-hook "$script_name hook deploy.d" \ $(get_arg_domains "$domain") $args fi @@ -237,13 +244,27 @@ issue_certs() { echo "Running Lets Encrypt on $domain for EC${keysize_ecc}" "$LE_WORKING_DIR"/acme.sh \ --issue --dns dns_aws --keylength ec-$keysize_ecc \ - --post-hook "$script_name hook sync.d" \ + --post-hook "$script_name hook deploy.d" \ $(get_arg_domains "$domain") $args fi } cron_certs() { - "${LE_WORKING_DIR}"/acme.sh --cron --home ${LE_WORKING_DIR} --renew-hook "${script_name} sync upload" + if [[ "$cron_issue" == true ]]; then + "${LE_WORKING_DIR}"/acme.sh --cron --home "${LE_WORKING_DIR}" --renew-hook "${script_name} hook renew.d" + if [[ -r "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then + rm -f "${LE_WORKING_DIR}/hooks/renew.flg" + if [[ "$cron_upload" == true ]]; then + s3_upload + else + run-hook deploy.d + fi + fi + elif [[ "$cron_download" == true ]]; then + if s3_check; then + s3_download + fi + fi } create_certs() { @@ -287,9 +308,11 @@ s3_upload() { for dompart in "${domain}" "${domain}_ecc"; do if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then + echo "Uploading certs for ${domain}:${dompart}" run-hook pre.d "$domain" - aws s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/" + aws --exact-timestamps s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/" if [[ $? -ne 0 ]]; then + echo "Error uploading ${domain}:${dompart}" let errors++ fi run-hook post.d "$domain" @@ -312,7 +335,7 @@ s3_check() { for domain in $(get_acme_domains); do for dompart in "$domain" "${domain}_ecc"; do if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then - aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null + aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null if [[ $? -eq 0 ]]; then status=0 fi @@ -329,7 +352,7 @@ s3_show() { for domain in $(get_acme_domains); do for dompart in "$domain" "${domain}_ecc"; do if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then - aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|" + aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|" fi done done @@ -346,18 +369,21 @@ s3_download() { for dompart in "${domain}" "${domain}_ecc"; do if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then - aws s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" + echo "Downloading certs for ${domain}:${dompart}" + aws --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" if [[ $? -ne 0 ]]; then + echo "Error downloading certs in ${domain}:${dompart}" let errors++ fi fi done - - if [[ $errors -eq 0 ]]; then - run-hook deploy.d "$domain" - fi totalerrors=$((totalerrors+errors)) done + + if [[ $totalerrors -eq 0 ]]; then + run-hook deploy.d "$domain" + fi + return $totalerrors } @@ -473,19 +499,20 @@ case ${1,,} in ;; hook) if [[ -n "$2" ]]; then - shift 2 + #shift 2 - case ${2,,} in + case "${2,,}" in pre.d) run-hook pre.d $*;; post.d) run-hook post.d $*;; sync.d) run-hook sync.d $*;; deploy.d) run-hook deploy.d $*;; + renew.d) touch "${LE_WORKING_DIR}/hooks/renew.flg";; *) echo "ERROR: Unknown hook \"${2,,}\". Available hooks:" echo " pre.d Before running issue/renew/sync" echo " post.d After running issue/renew/sync" echo " sync.d After running issue/renew" echo " deploy.d After successfully running issue/renew/sync" - error 6 + exit 6 ;; esac fi diff --git a/acme-tool.conf.sample b/acme-tool.conf.sample index 7fe3ab4..20192d1 100644 --- a/acme-tool.conf.sample +++ b/acme-tool.conf.sample @@ -2,6 +2,8 @@ keysize_rsa=4096 keysize_ecc=256 -s3_bucket=s3://linux-help-certs/ +s3_bucket=s3://my-certs-bucket/ s3_folder= - +cron_issue=true +cron_upload=false +cron_download=false