stop to reacreate keys on restart
This commit is contained in:
parent
91af6eaabc
commit
cf136e28d8
|
@ -1,5 +1,5 @@
|
|||
FROM nginx
|
||||
MAINTAINER Elliot Saba <staticfloat@gmail.com>
|
||||
LABEL maintainer="Valder Gallo <valergallo@gmail.com>"
|
||||
|
||||
VOLUME /etc/letsencrypt
|
||||
EXPOSE 80
|
||||
|
|
|
@ -14,28 +14,26 @@ auto_enable_configs
|
|||
nginx -g "daemon off;" &
|
||||
export NGINX_PID=$!
|
||||
|
||||
# Next, run certbot to request all the ssl certs we can find
|
||||
/scripts/run_certbot.sh
|
||||
|
||||
# Lastly, run startup scripts
|
||||
for f in /scripts/startup/*.sh; do
|
||||
if [[ -x "$f" ]]; then
|
||||
if [ -x "$f" ]; then
|
||||
echo "Running startup script $f"
|
||||
$f
|
||||
fi
|
||||
done
|
||||
echo "Done with startup"
|
||||
|
||||
now=$(date)
|
||||
last_sync_file="/etc/letsencrypt/last_sync.txt"
|
||||
|
||||
if [[ ! -e "$last_sync_file" ]]; then
|
||||
mkdir -p /Scripts
|
||||
if [ ! -e "$last_sync_file" ]; then
|
||||
touch "$last_sync_file"
|
||||
|
||||
# run certbot to request all the ssl certs we can find
|
||||
echo "Run first time certbot"
|
||||
/scripts/run_certbot.sh
|
||||
fi
|
||||
|
||||
last_sync=$(stat -c %y "$last_sync_file")
|
||||
updated_days=$(( ($(date -d now +%s) - $(date -d last_sync +%s) )/(60*60*24) ))
|
||||
one_week_sec=604800
|
||||
|
||||
# Instead of trying to run `cron` or something like that, just leep and run `certbot`.
|
||||
while [ true ]; do
|
||||
|
@ -43,8 +41,17 @@ while [ true ]; do
|
|||
sleep 604800 &
|
||||
SLEEP_PID=$!
|
||||
|
||||
# re-run certbot
|
||||
/scripts/run_certbot.sh
|
||||
last_sync_sec=$(stat -c %Y "$last_sync_file")
|
||||
now_sec=$(date -d now +%s)
|
||||
runned_sec=$(( ($now_sec - $last_sync_sec) ))
|
||||
is_finshed_week_sec=$(( ($one_week_sec - $runned_sec) ))
|
||||
|
||||
echo "Not run_certbot.sh"
|
||||
if [ $is_finshed_week_sec -lt 0 ]; then
|
||||
# re-run certbot
|
||||
echo "Run certbot"
|
||||
/scripts/run_certbot.sh
|
||||
fi
|
||||
|
||||
# Wait on sleep so that when we get ctrl-c'ed it kills everything due to our trap
|
||||
wait "$SLEEP_PID"
|
||||
|
|
|
@ -62,14 +62,15 @@ get_certificate() {
|
|||
PRODUCTION_URL='https://acme-v01.api.letsencrypt.org/directory'
|
||||
STAGING_URL='https://acme-staging.api.letsencrypt.org/directory'
|
||||
|
||||
if [[ ! "${IS_STAGING}" = "1" ]]; then
|
||||
if [ "${IS_STAGING}" = "1" ]; then
|
||||
letsencrypt_url=STAGING_URL
|
||||
echo "Staging on"
|
||||
else
|
||||
echo "Staging ..."
|
||||
elses
|
||||
letsencrypt_url=PRODUCTION_URL
|
||||
echo "Production on"
|
||||
echo "Production ..."
|
||||
fi
|
||||
|
||||
echo "running certbot ... $letsencrypt_url"
|
||||
certbot certonly --agree-tos --keep -n --text --email $2 --server \
|
||||
$letsencrypt_url -d $1 --http-01-port 1337 \
|
||||
--standalone --standalone-supported-challenges http-01 --debug
|
||||
|
|
Loading…
Reference in New Issue