psi-jack/acme-tool
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Updated cron handling, hook details, more verbose output

Browse source
This commit is contained in:
Eric Renfro 2018-05-11 21:39:03 -04:00
parent e052241f80
commit 194a9a4385
Signed by: psi-jack
GPG key ID: 14977F3A50D9A5BF
2 changed files with 45 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
acme-tool
View file

@ -58,6 +58,11 @@ else
fi fi
fi fi
# Cleanup (Just in case...)
if [[ -f "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then
rm -f "${LE_WORKING_DIR}/hooks/renew.flg"
fi
# Functions # Functions
@ -119,10 +124,12 @@ run-hook() {
while read s while read s
do do
echo "Running hooks in ${hook}:$(basename "$s")"
"$s" $* "$s" $*
err=$? err=$?
if [[ $err -ne 0 ]]; then if [[ $err -ne 0 ]]; then
echo "Error running hooks for ${hook}:$(basename "$s")"
let errors++ let errors++
fi fi
done < <(run-parts "${hook_dir}/${hook}") done < <(run-parts "${hook_dir}/${hook}")
@ -229,7 +236,7 @@ issue_certs() {
echo "Running Lets Encrypt on $domain for RSA${keysize_rsa}" echo "Running Lets Encrypt on $domain for RSA${keysize_rsa}"
"$LE_WORKING_DIR"/acme.sh \ "$LE_WORKING_DIR"/acme.sh \
--issue --dns dns_aws --keylength $keysize_rsa \ --issue --dns dns_aws --keylength $keysize_rsa \
--post-hook "$script_name hook sync.d" \ --post-hook "$script_name hook deploy.d" \
$(get_arg_domains "$domain") $args $(get_arg_domains "$domain") $args
fi fi
@ -237,13 +244,27 @@ issue_certs() {
echo "Running Lets Encrypt on $domain for EC${keysize_ecc}" echo "Running Lets Encrypt on $domain for EC${keysize_ecc}"
"$LE_WORKING_DIR"/acme.sh \ "$LE_WORKING_DIR"/acme.sh \
--issue --dns dns_aws --keylength ec-$keysize_ecc \ --issue --dns dns_aws --keylength ec-$keysize_ecc \
--post-hook "$script_name hook sync.d" \ --post-hook "$script_name hook deploy.d" \
$(get_arg_domains "$domain") $args $(get_arg_domains "$domain") $args
fi fi
} }
cron_certs() { cron_certs() {
"${LE_WORKING_DIR}"/acme.sh --cron --home ${LE_WORKING_DIR} --renew-hook "${script_name} sync upload" if [[ "$cron_issue" == true ]]; then
"${LE_WORKING_DIR}"/acme.sh --cron --home "${LE_WORKING_DIR}" --renew-hook "${script_name} hook renew.d"
if [[ -r "${LE_WORKING_DIR}/hooks/renew.flg" ]]; then
rm -f "${LE_WORKING_DIR}/hooks/renew.flg"
if [[ "$cron_upload" == true ]]; then
s3_upload
else
run-hook deploy.d
fi
fi
elif [[ "$cron_download" == true ]]; then
if s3_check; then
s3_download
fi
fi
} }
create_certs() { create_certs() {
@ -287,9 +308,11 @@ s3_upload() {
for dompart in "${domain}" "${domain}_ecc"; do for dompart in "${domain}" "${domain}_ecc"; do
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
echo "Uploading certs for ${domain}:${dompart}"
run-hook pre.d "$domain" run-hook pre.d "$domain"
aws s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/" aws --exact-timestamps s3 sync "${LE_WORKING_DIR}/${dompart}/" "${s3_bucket}${s3_folder}${dompart}/"
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo "Error uploading ${domain}:${dompart}"
let errors++ let errors++
fi fi
run-hook post.d "$domain" run-hook post.d "$domain"
@ -312,7 +335,7 @@ s3_check() {
for domain in $(get_acme_domains); do for domain in $(get_acme_domains); do
for dompart in "$domain" "${domain}_ecc"; do for dompart in "$domain" "${domain}_ecc"; do
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | grep download &>/dev/null
if [[ $? -eq 0 ]]; then if [[ $? -eq 0 ]]; then
status=0 status=0
fi fi
@ -329,7 +352,7 @@ s3_show() {
for domain in $(get_acme_domains); do for domain in $(get_acme_domains); do
for dompart in "$domain" "${domain}_ecc"; do for dompart in "$domain" "${domain}_ecc"; do
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
aws --dryrun s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|" aws --dryrun --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" | sed -e "s|.* to .*\/\(${dompart}.*\)$|\1|"
fi fi
done done
done done
@ -346,18 +369,21 @@ s3_download() {
for dompart in "${domain}" "${domain}_ecc"; do for dompart in "${domain}" "${domain}_ecc"; do
if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then if [[ -d "${LE_WORKING_DIR}/${dompart}" ]]; then
aws s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/" echo "Downloading certs for ${domain}:${dompart}"
aws --exact-timestamps s3 sync "${s3_bucket}${s3_folder}${dompart}/" "${LE_WORKING_DIR}/${dompart}/"
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
echo "Error downloading certs in ${domain}:${dompart}"
let errors++ let errors++
fi fi
fi fi
done done
if [[ $errors -eq 0 ]]; then
run-hook deploy.d "$domain"
fi
totalerrors=$((totalerrors+errors)) totalerrors=$((totalerrors+errors))
done done
if [[ $totalerrors -eq 0 ]]; then
run-hook deploy.d "$domain"
fi
return $totalerrors return $totalerrors
} }
@ -473,19 +499,20 @@ case ${1,,} in
;; ;;
hook) hook)
if [[ -n "$2" ]]; then if [[ -n "$2" ]]; then
shift 2 #shift 2
case ${2,,} in case "${2,,}" in
pre.d) run-hook pre.d $*;; pre.d) run-hook pre.d $*;;
post.d) run-hook post.d $*;; post.d) run-hook post.d $*;;
sync.d) run-hook sync.d $*;; sync.d) run-hook sync.d $*;;
deploy.d) run-hook deploy.d $*;; deploy.d) run-hook deploy.d $*;;
renew.d) touch "${LE_WORKING_DIR}/hooks/renew.flg";;
*) echo "ERROR: Unknown hook \"${2,,}\". Available hooks:" *) echo "ERROR: Unknown hook \"${2,,}\". Available hooks:"
echo " pre.d Before running issue/renew/sync" echo " pre.d Before running issue/renew/sync"
echo " post.d After running issue/renew/sync" echo " post.d After running issue/renew/sync"
echo " sync.d After running issue/renew" echo " sync.d After running issue/renew"
echo " deploy.d After successfully running issue/renew/sync" echo " deploy.d After successfully running issue/renew/sync"
error 6 exit 6
;; ;;
esac esac
fi fi

6
acme-tool.conf.sample
View file

@ -2,6 +2,8 @@
keysize_rsa=4096 keysize_rsa=4096
keysize_ecc=256 keysize_ecc=256
s3_bucket=s3://linux-help-certs/ s3_bucket=s3://my-certs-bucket/
s3_folder= s3_folder=
cron_issue=true
cron_upload=false
cron_download=false