5 LOGFILE
=/var
/log
/letsencrypt.log
7 echo "Running on $(date)..." >> ${LOGFILE}
9 # Check if we have a web server running.
10 PORT80
=$
(lsof
-ti :80 |
wc -l)
12 # If no web server then start one and open port 80.
13 if [ $PORT80 = 0 ]; then
14 cd /var
/www
/challenges
15 nohup python3
-m http.server
80 > /dev
/null
2>&1 &
16 iptables
-A INPUT
-i venet0
-p tcp
--dport 80 -m conntrack
--ctstate NEW
-j ACCEPT
17 ip6tables
-A INPUT
-i venet0
-p tcp
--dport 80 -m conntrack
--ctstate NEW
-j ACCEPT
21 cd /etc
/ssl
/letsencrypt
23 # Get a updated certificate.
24 for i
in `seq 1 3`; do
25 if acme-tiny
--account-key account.key
--csr domain.csr
--acme-dir /var
/www
/challenges \
26 > signed_new.crt
2>> ${LOGFILE}
29 wget
-q -O chain_new.pem https
://letsencrypt.org
/certs
/lets-encrypt-r3-cross-signed.pem
31 # Check that the cert is valid.
32 if openssl verify
-CAfile chain_new.pem signed_new.crt
; then
33 mv -f chain_new.pem chain.pem
34 mv -f signed_new.crt signed.crt
35 cat signed.crt chain.pem
> fullchain.pem
38 echo "[Success] Acme tiny successfully renewed certificate." |
tee -a ${LOGFILE}
42 for serv
in apache nginx dovecot postfix
; do
43 systemctl is-active
--quiet ${serv} && systemctl reload
${serv}
46 echo "[Error] Acme tiny have problems." |
tee -a ${LOGFILE} >&2
50 # Sleep for max 9999 seconds, then try again.
51 echo "[Notice] Acme tiny retry triggered." |
tee -a ${LOGFILE} >&2
52 sleep `tr -cd 0-9 < /dev/urandom | head -c 4`
56 # Stop temp web server and close port 80 if needed.
57 if [ $PORT80 = 0 ]; then
58 iptables
-D INPUT
-i venet0
-p tcp
--dport 80 -m conntrack
--ctstate NEW
-j ACCEPT
59 ip6tables
-D INPUT
-i venet0
-p tcp
--dport 80 -m conntrack
--ctstate NEW
-j ACCEPT
projects / shutils.git / blob