#!/bin/bash # Check to see if certs for the specified domain exist # Attempt to retrieve certs if missing or # if present attempt to renew them # # WARNING: # This script is called weekly from /etc/periodic/weekly/croncert.sh # # Duing the weekly check, if certs are renewed, # the mosquitto process is restarted, causing # a brief (few second) unavoidable service disruption # # If the environment varialbe TESTCERT is defined, this script # will use --staging --test-cert for obtaining a cert and --dry-run for renewal # This allows the user to test out the configuration and connectivity for obtaining # certs without running into LetsEncrypt limits. It's advisable to define TESTCERT # when initially bringing up the container. Once the logs (docker logs ) # show that LetsEncrypt is working fine, then remove TESTCERT environment variable # to let this script obtain and manage the real certificates # FOLDER="/etc/letsencrypt/live/$DOMAIN" echo "Dealing with certificates..." echo "Location: $FOLDER" if [ -d "$FOLDER" ]; then echo "Certificates exist, attempting to renew..." if [ ! -z "$TESTCERT" ]; then echo "Renew dry run ..." certbot renew --dry-run --noninteractive --post-hook "/restart.sh" else echo "Renew certs ..." certbot renew --noninteractive --post-hook "/restart.sh" fi else if [ ! -z "$DOMAIN" ]; then if [ ! -z "$EMAIL" ]; then if [ ! -z "$TESTCERT" ]; then echo "Obtaining TEST cert for $DOMAIN" certbot certonly \ --staging \ --test-cert \ --standalone \ --agree-tos \ --preferred-challenges http-01 \ -n \ -d $DOMAIN \ -m $EMAIL else echo "Obtaining cert for $DOMAIN" certbot certonly \ --standalone \ --agree-tos \ --preferred-challenges http-01 \ -n \ -d $DOMAIN \ -m $EMAIL fi else echo 'ERROR: $EMAIL must be defined' fi else echo 'ERROR: $DOMAIN must be defined' fi fi