This repository has been archived by the owner on Mar 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 10
/
sign-all.sh
144 lines (114 loc) · 3.7 KB
/
sign-all.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
#!/bin/bash
# Initialize the path to root of LE-AliDNS
export LEALIDNS_ACTION=sign-all
export LEALIDNS_ROOT=$(cd `dirname $0`; pwd)/
# Load configuration
source ${LEALIDNS_ROOT}actions/load-config.sh
# The path to list file of DNS record id
export RECORD_ID_LIST_FILE=./dns-records
rm -f $RECORD_ID_LIST_FILE
declare WRITE_LOG_TARGET=$CFG_LOG_FILE
write_log() {
echo $1;
echo $1 >> $WRITE_LOG_TARGET;
}
if [[ "$CFG_ON_START" != "" && -x $CFG_ON_START ]]; then
write_log "Executing hook[before-cert] ${CFG_ON_START}...";
$CFG_ON_START
fi
if [[ "$CFG_NO_AUTO_UPGRADE" == "on" ]]; then
NO_AUTO_UPGRADE="--no-bootstrap --no-self-upgrade"
write_log "Turned off certbot aoto-updates.";
fi
if [[ "$CFG_ACME_VERSION" == "v2" ]]; then
USE_CUSTOM_SERVER="--server https://acme-v02.api.letsencrypt.org/directory"
CHALLENGE_METHOD=dns-01
write_log "Using ACMEv2 protocol.";
else
CHALLENGE_METHOD=dns
write_log "Using ACMEv1 protocol.";
fi
write_log "Sign task started at $(date '+%Y-%m-%d %H:%M:%S')";
# Split domains by ","
strsplitby() {
local OLD_IFS="$IFS";
IFS="$1";
local STR_SPLIT_RESULT=("$2");
echo $STR_SPLIT_RESULT;
IFS="$OLD_IFS";
}
CFG_DOMAINS=("$CFG_DOMAINS")
echo "Requesting certificates for domains..."
echo ""
CERTS_ROOT=/etc/letsencrypt/live/
for domain in ${CFG_DOMAINS[@]}
do
if [[ -f "${LEALIDNS_ROOT}domains/${domain}/lock" ]]
then
write_log "! Domain '${domain}' is alredy signed, ignored."
write_log " Please use renew command to refresh it."
write_log ""
continue;
fi;
ARG_DOMAINS=""
if [[ $domain =~ "," ]]
then
domains=$(strsplitby "," "$domain");
for item in ${domains[@]}
do
ARG_DOMAINS="$ARG_DOMAINS -d $domain"
done
if [[ "$ARG_DOMAINS" == "" ]]; then
continue;
fi
write_log "Requesting certificate for domains '${domain}'..."
else
if [ -f ${CERTS_ROOT}${domain}/cert.pem ]
then
write_log "! Domain '${domain}' is alredy signed, ignored."
write_log " Please use renew command to refresh it."
write_log ""
continue;
fi;
ARG_DOMAINS="-d $domain"
write_log "Requesting certificate for domain '${domain}'..."
fi
if [[ "$LEALIDNS_DRY_RUN" != "1" ]]
then
CERTBOT_RESULT=$($CFG_CERTBOT_ROOT/$CFG_CERTBOT_CMD certonly \
--manual \
--manual-public-ip-logging-ok \
$USE_CUSTOM_SERVER \
--preferred-challenges $CHALLENGE_METHOD \
--agree-tos \
--email $CFG_EMAIL \
--rsa-key-size $CFG_RSA_KEY_SIZE \
$ARG_DOMAINS \
$CFG_ON_NEW_CERT \
$NO_AUTO_UPGRADE \
--manual-auth-hook ${LEALIDNS_ROOT}actions/create-dns-record.sh)
else
echo $CFG_CERTBOT_ROOT/$CFG_CERTBOT_CMD certonly \
--manual \
--manual-public-ip-logging-ok \
$USE_CUSTOM_SERVER \
--preferred-challenges $CHALLENGE_METHOD \
--agree-tos \
--email $CFG_EMAIL \
--rsa-key-size $CFG_RSA_KEY_SIZE \
$ARG_DOMAINS \
$CFG_ON_NEW_CERT \
$NO_AUTO_UPGRADE \
--manual-auth-hook ${LEALIDNS_ROOT}actions/create-dns-record.sh
fi;
if [[ ! $domain =~ "," ]]; then
mkdir -p "${LEALIDNS_ROOT}domains/${domain}";
touch "${LEALIDNS_ROOT}domains/${domain}/lock";
fi
write_log "Details: $CERTBOT_RESULT"
done
sh ${LEALIDNS_ROOT}actions/clean-dns-record.sh
if [[ "$CFG_ON_END" != "" && -x $CFG_ON_END ]]; then
write_log "Executing hook[after-cert] ${CFG_ON_END}...";
$CFG_ON_END
fi;