evoacme: improve variables
This commit is contained in:
parent
65ccc2c0b5
commit
9fccd7e682
|
@ -40,7 +40,7 @@ sed_cert_path_for_apache() {
|
||||||
|
|
||||||
debug "Apache detected... first configuration in ${vhost_full_path}"
|
debug "Apache detected... first configuration in ${vhost_full_path}"
|
||||||
[ -f "${vhost_full_path}" ] && sed -i "s~^SSLCertificateFile.*$~SSLCertificateFile ${cert_path}~" "${vhost_full_path}"
|
[ -f "${vhost_full_path}" ] && sed -i "s~^SSLCertificateFile.*$~SSLCertificateFile ${cert_path}~" "${vhost_full_path}"
|
||||||
${APACHE2CTL_BIN} -t
|
$(command -v apache2ctl) -t
|
||||||
}
|
}
|
||||||
|
|
||||||
sed_cert_path_for_nginx() {
|
sed_cert_path_for_nginx() {
|
||||||
|
@ -50,7 +50,7 @@ sed_cert_path_for_nginx() {
|
||||||
|
|
||||||
debug "Nginx detected... first configuration in ${vhost_full_path}"
|
debug "Nginx detected... first configuration in ${vhost_full_path}"
|
||||||
[ -f "${vhost_full_path}" ] && sed -i "s~^ssl_certificate[^_].*$~ssl_certificate ${cert_path};~" "${vhost_full_path}"
|
[ -f "${vhost_full_path}" ] && sed -i "s~^ssl_certificate[^_].*$~ssl_certificate ${cert_path};~" "${vhost_full_path}"
|
||||||
${NGINX_BIN} -t
|
$(command -v nginx) -t
|
||||||
}
|
}
|
||||||
|
|
||||||
x509_verify() {
|
x509_verify() {
|
||||||
|
@ -64,15 +64,18 @@ x509_enddate() {
|
||||||
}
|
}
|
||||||
|
|
||||||
main() {
|
main() {
|
||||||
|
# Read configuration file, if it exists
|
||||||
[ -f /etc/default/evoacme ] && . /etc/default/evoacme
|
[ -f /etc/default/evoacme ] && . /etc/default/evoacme
|
||||||
[ -z "${SSL_KEY_DIR}" ] && SSL_KEY_DIR=/etc/ssl/private
|
|
||||||
[ -z "${ACME_DIR}" ] && ACME_DIR=/var/lib/letsencrypt
|
# Default value for main variables
|
||||||
[ -z "${CSR_DIR}" ] && CSR_DIR=/etc/ssl/requests
|
SSL_KEY_DIR=${SSL_KEY_DIR:-"/etc/ssl/private"}
|
||||||
[ -z "${CRT_DIR}" ] && CRT_DIR=/etc/letsencrypt
|
ACME_DIR=${ACME_DIR:-"/var/lib/letsencrypt"}
|
||||||
[ -z "${LOG_DIR}" ] && LOG_DIR=/var/log/evoacme
|
CSR_DIR=${CSR_DIR:-"/etc/ssl/requests"}
|
||||||
[ -z "${SSL_MINDAY}" ] && SSL_MINDAY=30
|
CRT_DIR=${CRT_DIR:-"/etc/letsencrypt"}
|
||||||
[ -z "${SELF_SIGNED_DIR}" ] && SELF_SIGNED_DIR=/etc/ssl/self-signed
|
LOG_DIR=${LOG_DIR:-"/var/log/evoacme"}
|
||||||
[ -z "${DH_DIR}" ] && DH_DIR=etc/ssl/dhparam
|
SSL_MINDAY=${SSL_MINDAY:-"30"}
|
||||||
|
SELF_SIGNED_DIR=${SELF_SIGNED_DIR:-"/etc/ssl/self-signed"}
|
||||||
|
SSL_EMAIL=${SSL_EMAIL:-""}
|
||||||
|
|
||||||
CRON=${CRON:-"0"}
|
CRON=${CRON:-"0"}
|
||||||
TEST=${TEST:-"0"}
|
TEST=${TEST:-"0"}
|
||||||
|
@ -80,24 +83,13 @@ main() {
|
||||||
|
|
||||||
[ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
|
[ "$1" = "-h" ] || [ "$1" = "--help" ] && usage && exit 0
|
||||||
# check arguments
|
# check arguments
|
||||||
[ "$#" -ge 3 ] || [ "$#" -le 0 ] && error "invalid argument(s)"
|
[ "$#" -eq 1 ] || error "invalid argument(s)"
|
||||||
[ "$#" -eq 2 ] && [ "$1" != "--cron" ] && error "invalid argument(s)"
|
|
||||||
|
|
||||||
[ "$#" -eq 1 ] && VHOST=$(basename "$1" .conf) && CRON=NO
|
VHOST=$(basename "$1" .conf)
|
||||||
[ "$#" -eq 2 ] && VHOST=$(basename "$2" .conf) && CRON=YES
|
|
||||||
|
|
||||||
# check for important programs
|
# check for important programs
|
||||||
OPENSSL_BIN=$(command -v openssl)
|
OPENSSL_BIN=$(command -v openssl) || error "openssl command not installed"
|
||||||
if [ "$?" -eq 0 ]; then
|
CERTBOT_BIN=$(command -v certbot) || error "certbot command not installed"
|
||||||
error "openssl command not installed"
|
|
||||||
fi
|
|
||||||
CERTBOT_BIN=$(command -v certbot)
|
|
||||||
if [ "$?" -eq 0 ]; then
|
|
||||||
error "certbot command not installed"
|
|
||||||
fi
|
|
||||||
|
|
||||||
APACHE2CTL_BIN=$(command -v apache2ctl)
|
|
||||||
NGINX_BIN=$(command -v nginx)
|
|
||||||
|
|
||||||
# double check for directories
|
# double check for directories
|
||||||
[ ! -d "${ACME_DIR}" ] && error "${ACME_DIR} is not a directory"
|
[ ! -d "${ACME_DIR}" ] && error "${ACME_DIR} is not a directory"
|
||||||
|
@ -116,13 +108,10 @@ main() {
|
||||||
|
|
||||||
# Hook for evoadmin-web in cluster mode : check master status
|
# Hook for evoadmin-web in cluster mode : check master status
|
||||||
evoadmin_state_file="/home/${VHOST}/state"
|
evoadmin_state_file="/home/${VHOST}/state"
|
||||||
if [ -f "${evoadmin_state_file}" ]; then
|
[ -f "${evoadmin_state_file}" ] \
|
||||||
grep -q "STATE=master" "${evoadmin_state_file}"
|
&& grep -q "STATE=slave" "${evoadmin_state_file}" \
|
||||||
if [ "$?" != 0 ]; then
|
&& debug "We are slave of this evoadmin cluster. Quit!" \
|
||||||
debug "We are not the master of this evoadmin cluster. Quit!"
|
&& exit 0
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
#### INIT OR RENEW?
|
#### INIT OR RENEW?
|
||||||
|
|
||||||
|
@ -183,20 +172,21 @@ main() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# create a certificate with certbot
|
# create a certificate with certbot
|
||||||
sudo -u acme ${CERTBOT_BIN} \
|
sudo -u acme \
|
||||||
|
${CERTBOT_BIN} \
|
||||||
certonly \
|
certonly \
|
||||||
${CERTBOT_MODE} \
|
${CERTBOT_MODE} \
|
||||||
${CERTBOT_REGISTRATION} \
|
${CERTBOT_REGISTRATION} \
|
||||||
--non-interactive \
|
--non-interactive \
|
||||||
--webroot \
|
--webroot \
|
||||||
--csr "${CSR_FILE}" \
|
--csr "${CSR_FILE}" \
|
||||||
--webroot-path "${ACME_DIR}" \
|
--webroot-path "${ACME_DIR}" \
|
||||||
--cert-path "${NEW_CERT}" \
|
--cert-path "${NEW_CERT}" \
|
||||||
--fullchain-path "${NEW_FULLCHAIN}" \
|
--fullchain-path "${NEW_FULLCHAIN}" \
|
||||||
--chain-path "${NEW_CHAIN}" \
|
--chain-path "${NEW_CHAIN}" \
|
||||||
--logs-dir "$LOG_DIR" \
|
--logs-dir "$LOG_DIR" \
|
||||||
2>&1 \
|
2>&1 \
|
||||||
| grep -v "certbot.crypto_util"
|
| grep -v "certbot.crypto_util"
|
||||||
|
|
||||||
# verify if all is right
|
# verify if all is right
|
||||||
x509_verify "${NEW_CERT}" || error "${NEW_CERT} is invalid"
|
x509_verify "${NEW_CERT}" || error "${NEW_CERT} is invalid"
|
||||||
|
@ -221,8 +211,7 @@ main() {
|
||||||
|
|
||||||
# reload apache if present
|
# reload apache if present
|
||||||
if [ -n "$(pidof apache2)" ]; then
|
if [ -n "$(pidof apache2)" ]; then
|
||||||
${APACHE2CTL_BIN} -t 2>/dev/null
|
if [ $(${APACHE2CTL_BIN} -t 2>/dev/null) ]; then
|
||||||
if [ "$?" -eq 0 ]; then
|
|
||||||
debug "Apache detected... reloading"
|
debug "Apache detected... reloading"
|
||||||
service apache2 reload
|
service apache2 reload
|
||||||
else
|
else
|
||||||
|
@ -232,8 +221,7 @@ main() {
|
||||||
|
|
||||||
# reload nginx if present
|
# reload nginx if present
|
||||||
if [ -n "$(pidof nginx)" ]; then
|
if [ -n "$(pidof nginx)" ]; then
|
||||||
${NGINX_BIN} -t 2>/dev/null
|
if [ $(${NGINX_BIN} -t 2>/dev/null) ]; then
|
||||||
if [ "$?" -eq 0 ]; then
|
|
||||||
debug "Nginx detected... reloading"
|
debug "Nginx detected... reloading"
|
||||||
service nginx reload
|
service nginx reload
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in a new issue