Wrapper that facilitate manual renewal/issue of letsencrypt certificate using the certbot client

certbot_manual 1.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. #!/usr/bin/env bash
  2. . /etc/certbot/config
  3. # Create BASEDIR if missing
  4. [[ ! -d ${BASEDIR} ]] && mkdir -p ${BASEDIR}/{etc,var/log}
  5. # Run the certbot command with the correct options
  6. certbot --config-dir ${BASEDIR}/etc \
  7. --work-dir ${BASEDIR} \
  8. --logs-dir ${BASEDIR}/var/log \
  9. certonly -n --manual \
  10. --preferred-challenges http \
  11. --manual-auth-hook ${HOOKS_PATH}/authenticator.sh \
  12. --manual-cleanup-hook ${HOOKS_PATH}/cleanup.sh \
  13. --manual-public-ip-logging-ok \
  14. --agree-tos \
  15. --email ${EMAIL} \
  16. -d ${DOMAIN}
  17. # Check if certbot returned an error
  18. RET=$?
  19. [[ $RET -ne 0 ]] && echo "FAILED: $RET" > ${BASEDIR}/var/log/certbot_res.log \
  20. && exit
  21. # Or if the certificate is not yet due to renewal
  22. [[ $(tail -5 ${BASEDIR}/var/log/letsencrypt.log | grep "Cert not yet due for renewal") ]] \
  23. && echo "No renewal needed yet" \
  24. && exit
  25. # Export certificate to its final destination
  26. if [ $CAT_PRIV -eq 1 ]; then
  27. cat ${BASEDIR}/etc/live/${DOMAIN}/privkey.pem \
  28. ${BASEDIR}/etc/live/${DOMAIN}/fullchain.pem \
  29. | sudo tee ${PEMFILE}
  30. else
  31. cat ${BASEDIR}/etc/live/${DOMAIN}/fullchain.pem \
  32. | sudo tee ${PEMFILE}
  33. fi
  34. # Get Jail ID if jail needs a service restart
  35. if [ $JAIL -eq 1 ]; then
  36. JID=$(jls | grep ${JAILNAME} | awk '{print $1}')
  37. sudo jexec ${JID} service ${JAILSERVICE} restart
  38. fi