63 lines
1.8 KiB
Bash
63 lines
1.8 KiB
Bash
#!/bin/sh
|
|
#
|
|
# This script manages the init and renewal of SSL certificates using Certbot with Cloudflare DNS.
|
|
#
|
|
# https://certbot-dns-cloudflare.readthedocs.io/en/stable/
|
|
# https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-commands
|
|
|
|
echo "Starting Certbot Manager..."
|
|
|
|
# Function to handle graceful shutdown
|
|
cleanup() {
|
|
echo "Shutting down certbot manager..."
|
|
exit 0
|
|
}
|
|
|
|
# Set up signal handling
|
|
trap cleanup TERM INT
|
|
|
|
# Check if certificate exists, if not, create it
|
|
if [ ! -f /etc/letsencrypt/live/smartconnect.internal.yel.or.id/fullchain.pem ]; then
|
|
echo "No certificate found, obtaining initial certificate..."
|
|
|
|
certbot certonly \
|
|
--dns-cloudflare \
|
|
--dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
|
|
--non-interactive --agree-tos --no-eff-email --keep-until-expiring \
|
|
-m hendra@yel.or.id \
|
|
-d smartconnect.internal.yel.or.id
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "Initial certificate obtained successfully!"
|
|
else
|
|
echo "Failed to obtain initial certificate!"
|
|
exit 1
|
|
fi
|
|
else
|
|
echo "Certificate already exists, skipping initial acquisition."
|
|
fi
|
|
|
|
# Start renewal loop
|
|
echo "Starting renewal monitoring..."
|
|
while true; do
|
|
echo "$(date): Checking for certificate renewal..."
|
|
|
|
# Run certbot renew (only renews if needed)
|
|
certbot renew \
|
|
--dns-cloudflare \
|
|
--dns-cloudflare-credentials /root/.secrets/certbot/cloudflare.ini \
|
|
--quiet \
|
|
--deploy-hook "docker compose -f /root/sc/docker-compose.yml restart sc7"
|
|
|
|
if [ $? -eq 0 ]; then
|
|
echo "$(date): Certificate renewal check completed successfully"
|
|
else
|
|
echo "$(date): Certificate renewal check failed"
|
|
fi
|
|
|
|
echo "$(date): Sleeping for 12 hours..."
|
|
|
|
# Sleep for 12 hours with signal handling
|
|
sleep 43200 &
|
|
wait $!
|
|
done |