3,7 → 3,7 |
# $Id$ |
# |
# alcasar-letsencrypt.sh |
# by Tom HOUDAYER |
# by Tom HOUDAYER & Rexy |
# |
# This script is distributed under the Gnu General Public License (GPL) |
# |
10,16 → 10,13 |
# Manage Let's Encrypt for ALCASAR integration |
|
CONF_FILE="/usr/local/etc/alcasar-letsencrypt" |
|
ACCOUNT_EMAIL="" |
DOMAIN="" |
DNS_API="" |
|
DEBUG=false |
STAGING_SERVER="" |
FORCE="" |
OPT_PARAMS="" |
|
ACMESH_HOME="/usr/local/etc/letsencrypt" |
ACMESH_BIN="/opt/acme.sh/acme.sh" |
|
27,7 → 24,6 |
--issue -d alcasar.domain.tld --email alcasar@domain.tld [--dns-api dns_registrar] [--force] [--staging] |
--renew [-d alcasar.domain.tld] [--force] [--staging]" |
|
|
################################################################################ |
# ISSUE # |
################################################################################ |
36,9 → 32,7 |
echo "The client does not seem to be installed." |
return 1 |
fi |
|
TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE) |
|
if [ ! -z $ACCOUNT_EMAIL ]; then |
emailField=" --accountemail $ACCOUNT_EMAIL" |
sed -i "s/^email=.*/email=$ACCOUNT_EMAIL/" $CONF_FILE |
55,13 → 49,10 |
$OPT_PARAMS \ |
> $TMP_OUTPUT 2>&1 |
exitCode=$? |
|
$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n" |
|
sed -i "s/^domainRequest=.*/domainRequest=$DOMAIN/" $CONF_FILE |
sed -i "s/^dateIssueRequest=.*/dateIssueRequest=$(date +%s)/" $CONF_FILE |
sed -i "s/^dnsapi=.*/dnsapi=${DNS_API:="dns"}/" $CONF_FILE |
|
if ! _handle_client_response $TMP_OUTPUT; then |
if [ $exitCode -ne 0 ]; then |
echo -e "Error!\n" |
73,11 → 64,9 |
cat $TMP_OUTPUT |
fi |
fi |
|
rm -f $TMP_OUTPUT |
} |
|
|
################################################################################ |
# RENEW # |
################################################################################ |
86,9 → 75,7 |
echo "The client does not seem to be installed." |
return 1 |
fi |
|
TMP_OUTPUT=$(mktemp --suffix=_ALCASAR-LE) |
|
$DEBUG && debugOpt=" --debug" || debugOpt="" |
[ ! -z "$DNS_API" ] && dnsApiOpt="" || dnsApiOpt="--yes-I-know-dns-manual-mode-enough-go-ahead-please" |
$ACMESH_BIN --config-home $ACMESH_HOME/data \ |
97,9 → 84,7 |
$OPT_PARAMS \ |
> $TMP_OUTPUT 2>&1 |
exitCode=$? |
|
$DEBUG && cat $TMP_OUTPUT && echo -e "\n\n" |
|
if ! _handle_client_response $TMP_OUTPUT; then |
if [ $exitCode -ne 0 ]; then |
echo -e "Error!\n" |
111,11 → 96,9 |
cat $TMP_OUTPUT |
fi |
fi |
|
rm -f $TMP_OUTPUT |
} |
|
|
################################################################################ |
# CRON TASK # |
################################################################################ |
126,7 → 109,6 |
fi |
} |
|
|
################################################################################ |
# HANDLE CLIENT RESPONSE # |
################################################################################ |
138,7 → 120,6 |
if [ $(cat $responseFile | grep "Add the following TXT record:" -c) -ne 0 ]; then |
challenge=$(cat $responseFile | grep -E "TXT value: '[0-9a-zA-Z_-]+'" -o | cut -d"'" -f2) |
sed -i "s/^challenge=.*/challenge=$challenge/" $CONF_FILE |
|
echo "Add the following TXT record:" |
echo "Domain: '_acme-challenge.$DOMAIN'" |
echo "TXT value: '$challenge'" |
146,7 → 127,6 |
sed -i "s/^challenge=.*/challenge=/" $CONF_FILE |
sed -i "s/^dateIssued=.*/dateIssued=$(date +%s)/" $CONF_FILE |
sed -i "s/^dateNextRenewal=.*/dateNextRenewal=$(date +%s -d '2 months - 3 days')/" $CONF_FILE |
|
install_cert |
logger -t alcasar-letsencrypt "Certificate \"$DOMAIN\" imported." |
echo "Certificate imported." |
178,11 → 158,9 |
else |
return 2 |
fi |
|
return 0 |
} |
|
|
################################################################################ |
# INSTALL CERTIFICATE # |
################################################################################ |
193,13 → 171,11 |
echo "Certificate not found." |
return 1 |
fi |
|
/usr/local/bin/alcasar-importcert.sh \ |
-i $LE_cert_folder"/"$DOMAIN.cer \ |
-k $LE_cert_folder"/"$DOMAIN.key \ |
-c $LE_cert_folder/fullchain.cer \ |
> /dev/null 2>&1 |
|
if [ $? -ne 0 ]; then |
echo "Error." |
return 1 |
206,7 → 182,6 |
fi |
} |
|
|
################################################################################ |
# MAIN # |
################################################################################ |
215,9 → 190,7 |
echo "$usage" |
exit 1 |
fi |
|
cmd="" |
|
while [ $# -gt 0 ]; do |
case $1 in |
-\? | -h | --help) |
224,7 → 197,6 |
echo "$usage" |
exit 0 |
;; |
|
--issue) |
cmd="issue" |
shift 1 |
241,7 → 213,6 |
cmd="install-cert" |
shift 1 |
;; |
|
--email) |
ACCOUNT_EMAIL="$2" |
shift 2 |
266,7 → 237,6 |
DEBUG=true |
shift 1 |
;; |
|
*) |
found=false |
for param in "--dnssleep"; do |
277,7 → 247,6 |
break |
fi |
done |
|
if ! $found; then |
echo "Unknown argument: $1" |
echo "$usage" |
308,6 → 277,5 |
install-cert) |
install_cert |
;; |
|
*) exit 1 ;; |
esac |