Accueil Explorer Aide
Connexion
iru
/
letsencrypt
5
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: d34fdcbf9d
Branches Tags
letsencrypt
/
renewal.sh

renewal.sh 2.1 KB
Historique Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. #!/bin/bash
    2. 

  2. 

  3. git_dir="pki"
    4. 

  4. branch="master"
    5. 

  5. log_file="/var/log/letsencrypt/letsencrypt.log"
    6. 

  6. message_file="/var/log/letsencrypt/letsencrypt_out.log"
    7. 

  7. #git_url="git.sdsys.ru/sdsys/pki.git"
    8. 

  8. 

  9. if [[ -z ${CERT_SUBDIR} ]];then echo "variable CERT_SUBDIR doesn't set"; exit 1;fi
    10. 

  10. [[ ${CERT_SUBDIR} == "dev_iru" ]] && exit 0
    11. 

  11. 

  12. mail_send() {
    13. 

  13.                 echo "$1"|mail -s "Attention! Certificate status!" \
    14. 

  14.                 -S smtp=${SMTP_SERVER} \
    15. 

  15.                 -S smtp-use-starttls \
    16. 

  16.                 -S smtp-auth=login \
    17. 

  17.                 -S ssl-verify=ignore \
    18. 

  18.                 -S smtp-auth-user=${JENKINS_MAIL_USER} \
    19. 

  19.                 -S smtp-auth-password=$(cat /run/secrets/jenkins-mail-pass) \
    20. 

  20.                 -S nss-config-dir=/etc/pki/nssdb \
    21. 

  21.                 -S from=${JENKINS_MAIL_USER} \
    22. 

  22.                 -a ${message_file} \
    23. 

  23.                 ${RECIPIENT_MAIL_BOX}
    24. 

  24. }
    25. 

  25. 

  26. git_config() {
    27. 

  27.               cd /${git_dir}
    28. 

  28.               git config --global user.email "${JENKINS_MAIL_USER}"
    29. 

  29.               git config --global user.name "Jenkins"
    30. 

  30. }
    31. 

  31. 

  32. clear_log() {
    33. 

  33.               echo -n > ${log_file}
    34. 

  34.               echo -n > ${message_file}
    35. 

  35. }
    36. 

  36. 

  37. clear_log
    38. 

  38. 

  39. [[ -d /${git_dir} ]] && rm -rf /${git_dir}
    40. 

  40. cd / && git clone https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} && cd /${git_dir} && git checkout ${branch}
    41. 

  41. if [ $? -ne 0 ];then mail_send "letsencrypt. Can't clone https://${GIT_URL}";exit 1;fi
    42. 

  42. 

  43. 

  44. #certbot renew --dry-run --config-dir /${git_dir}/letsencrypt
    45. 

  45. #if [ $? -ne 0 ];then message="letsencrypt. Can't execute "dry-run" renew procces. Renew certs and keys will be skipped!!!"; mail_send; exit 1;fi
    46. 

  46. 

  47. #clear_log
    48. 

  48. 

  49. certbot renew --config-dir /${git_dir}/${CERT_SUBDIR}/letsencrypt >> ${message_file} 2>&1
    50. 

  50. if [ $? -ne 0 ];then mail_send "LETSENCRYPT!!! Can't renew certs and keys. See log !!!";exit 1;fi
    51. 

  51. 

  52. echo "Renew keys and certs" > /tmp/commit.txt
    53. 

  53. git_config && git add -A && git commit -F /tmp/commit.txt
    54. 

  54. git push https://${GIT_USER}:$(cat /run/secrets/provision-pass)@${GIT_URL} ${branch}
    55. 

  55. if [ $? -ne 0 ];then mail_send "letsencrypt. Can't push diff to https://${GIT_URL} !!!";exit 1;fi
    56. 

  56. 

  57. mail_send "LETSENCRYPT!!! Renew Certs and Keys are success!!!"
    58. 

  58.