stop to reacreate keys on restart

This commit is contained in:
Valder Gallo 2018-06-27 21:59:43 -03:00
parent 91af6eaabc
commit cf136e28d8
3 changed files with 24 additions and 16 deletions

View File

@ -1,5 +1,5 @@
FROM nginx
MAINTAINER Elliot Saba <staticfloat@gmail.com>
LABEL maintainer="Valder Gallo <valergallo@gmail.com>"
VOLUME /etc/letsencrypt
EXPOSE 80

View File

@ -14,28 +14,26 @@ auto_enable_configs
nginx -g "daemon off;" &
export NGINX_PID=$!
# Next, run certbot to request all the ssl certs we can find
/scripts/run_certbot.sh
# Lastly, run startup scripts
for f in /scripts/startup/*.sh; do
if [[ -x "$f" ]]; then
if [ -x "$f" ]; then
echo "Running startup script $f"
$f
fi
done
echo "Done with startup"
now=$(date)
last_sync_file="/etc/letsencrypt/last_sync.txt"
if [[ ! -e "$last_sync_file" ]]; then
mkdir -p /Scripts
if [ ! -e "$last_sync_file" ]; then
touch "$last_sync_file"
# run certbot to request all the ssl certs we can find
echo "Run first time certbot"
/scripts/run_certbot.sh
fi
last_sync=$(stat -c %y "$last_sync_file")
updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) ))
one_week_sec=604800
# Instead of trying to run `cron` or something like that, just leep and run `certbot`.
while [ true ]; do
@ -43,8 +41,17 @@ while [ true ]; do
sleep 604800 &
SLEEP_PID=$!
# re-run certbot
/scripts/run_certbot.sh
last_sync_sec=$(stat -c %Y "$last_sync_file")
now_sec=$(date -d now +%s)
runned_sec=$(( ($now_sec - $last_sync_sec) ))
is_finshed_week_sec=$(( ($one_week_sec - $runned_sec) ))
echo "Not run_certbot.sh"
if [ $is_finshed_week_sec -lt 0 ]; then
# re-run certbot
echo "Run certbot"
/scripts/run_certbot.sh
fi
# Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap
wait "$SLEEP_PID"

View File

@ -62,14 +62,15 @@ get_certificate() {
PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory'
STAGING_URL='https://acme-staging.api.letsencrypt.org/directory'
if [[ ! "${IS_STAGING}" = "1" ]]; then
if [ "${IS_STAGING}" = "1" ]; then
letsencrypt_url=STAGING_URL
echo "Staging on"
else
echo "Staging ..."
elses
letsencrypt_url=PRODUCTION_URL
echo "Production on"
echo "Production ..."
fi
echo "running certbot ... $letsencrypt_url"
certbot certonly --agree-tos --keep -n --text --email $2 --server \
$letsencrypt_url -d $1 --http-01-port 1337 \
--standalone --standalone-supported-challenges http-01 --debug