This repository has been archived by the owner on Dec 24, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathdocker-run.sh
executable file
·62 lines (52 loc) · 1.58 KB
/
docker-run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
#!/bin/bash -x
# Entrypoint script to run inside the container
# Expects the following env variables:
# - GRACE_DAYS - [optional] number of days before a certificate expires, default 10
# - MAIN_DOMAIN - the primary domain (e.g. mydomain.com)
# - EMAIL - email address to authenticate to LetsEncrypt (e.g. office@mydomain.com)
set -o pipefail -o noclobber -o nounset
[[ " $* " =~ " --staging " ]] && \
ACME_SERVER=${ACME_SERVER:-https://acme-staging-v02.api.letsencrypt.org/directory} || \
ACME_SERVER=${ACME_SERVER:-https://acme-v02.api.letsencrypt.org/directory}
esc_newline() {
sed 's,$,\\n,' | tr -d '\n'
}
VARS='MAIN_DOMAIN EMAIL'
for v in $VARS; do
eval "X=\$$v"
if [ -z "$X" ]; then
echo "[ERROR] You need to set $v env variable!"
exit 1
fi
done
GRACE_DAYS=${GRACE_DAYS:-10}
BASE_DIR=`readlink -f ${BASH_SOURCE[0]} | grep -o '.*/'`
RENEW=
CERT=`cat /etc/letsencrypt/live/$MAIN_DOMAIN/cert.pem`
if [[ -z "$CERT" || $? -ne 0 ]]; then
echo "[ERROR] No certificate found, creating a new one"
CERT=
RENEW=1
else
openssl x509 -noout -checkend `expr $GRACE_DAYS \* 24 \* 60 \* 60` <<< "$CERT"
RET=$?
[[ $RET -eq 1 ]] && RENEW=1
fi
if [[ -n "$RENEW" ]]; then
echo "++ Renewing... ++"
certbot \
certonly \
--manual \
--preferred-challenges dns \
--manual-auth-hook ${BASE_DIR}certbot-auth-hook.sh \
--manual-cleanup-hook ${BASE_DIR}certbot-cleanup-hook.sh \
--server "$ACME_SERVER" \
-n \
--agree-tos \
-d "*.$MAIN_DOMAIN" \
-m $EMAIL
if [[ $? -ne 0 ]]; then
echo "[ERROR] Certificate renewal failed!"
exit 1
fi
fi