Loading deployment/salt/base/docker-compose.sls +1 −1 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ docker-running: cron-renew-ssl-certs: cron.present: - name: bash /mnt/repo-base/scripts/ssl-renew.sh - name: bash /mnt/repo-base/scripts/ssl-renew.sh >> /mnt/repo-base/volumes/letsencrypt/letsencrypt-cron.log 2>&1 - user: root - special: '@daily' - identifier: 'refresh-tls-certs' Loading scripts/ssl-renew.sh +6 −7 Original line number Diff line number Diff line #!/usr/bin/env bash set -e #set -e source /mnt/repo-base/scripts/base.sh Loading @@ -13,22 +13,21 @@ CONFIG=/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat OPENSSLBIN=/usr/bin/openssl CERTSTOREBASE=/mnt/repo-base/config-dynamic/letsencrypt/certstore CERTSTORE=$CERTSTOREBASE/live SERVERADMIN="admin@$DOMAIN" PUBIP=0.0.0.0 CERTBOT_IMAGE="certbot/certbot:v0.33.1" CERTBOT_IMAGE="certbot/certbot:v0.36.0" cat "$CONFIG" | while read DOMAIN; do # For the first run, we have to use standalone auth because Nginx won't start without the cert files present. if [ ! -f "$CERTSTORE/$DOMAIN/fullchain.pem" ] then docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \ docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/repo-base/volumes/letsencrypt:/var/log/letsencrypt \ -p $PUBIP:80:80 -p $PUBIP:443:443 \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $ALT_EMAIL -d $DOMAIN \ --standalone else docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \ docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/repo-base/volumes/letsencrypt:/var/log/letsencrypt \ -v /mnt/repo-base/config-dynamic/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $ALT_EMAIL -d $DOMAIN \ --webroot -w /etc/letsencrypt/acme-challenge \ --post-hook "touch /etc/letsencrypt/live/$DOMAIN/cert-updated" CERT_UPDATED_FILE="$CERTSTORE/$DOMAIN/cert-updated" Loading Loading
deployment/salt/base/docker-compose.sls +1 −1 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ docker-running: cron-renew-ssl-certs: cron.present: - name: bash /mnt/repo-base/scripts/ssl-renew.sh - name: bash /mnt/repo-base/scripts/ssl-renew.sh >> /mnt/repo-base/volumes/letsencrypt/letsencrypt-cron.log 2>&1 - user: root - special: '@daily' - identifier: 'refresh-tls-certs' Loading
scripts/ssl-renew.sh +6 −7 Original line number Diff line number Diff line #!/usr/bin/env bash set -e #set -e source /mnt/repo-base/scripts/base.sh Loading @@ -13,22 +13,21 @@ CONFIG=/mnt/repo-base/config-dynamic/letsencrypt/autorenew/ssl-domains.dat OPENSSLBIN=/usr/bin/openssl CERTSTOREBASE=/mnt/repo-base/config-dynamic/letsencrypt/certstore CERTSTORE=$CERTSTOREBASE/live SERVERADMIN="admin@$DOMAIN" PUBIP=0.0.0.0 CERTBOT_IMAGE="certbot/certbot:v0.33.1" CERTBOT_IMAGE="certbot/certbot:v0.36.0" cat "$CONFIG" | while read DOMAIN; do # For the first run, we have to use standalone auth because Nginx won't start without the cert files present. if [ ! -f "$CERTSTORE/$DOMAIN/fullchain.pem" ] then docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \ docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/repo-base/volumes/letsencrypt:/var/log/letsencrypt \ -p $PUBIP:80:80 -p $PUBIP:443:443 \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $ALT_EMAIL -d $DOMAIN \ --standalone else docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt \ docker run -t --rm -v $CERTSTOREBASE:/etc/letsencrypt -v /mnt/repo-base/volumes/letsencrypt:/var/log/letsencrypt \ -v /mnt/repo-base/config-dynamic/letsencrypt/acme-challenge:/etc/letsencrypt/acme-challenge \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $SERVERADMIN -d $DOMAIN \ "$CERTBOT_IMAGE" certonly --non-interactive --agree-tos -m $ALT_EMAIL -d $DOMAIN \ --webroot -w /etc/letsencrypt/acme-challenge \ --post-hook "touch /etc/letsencrypt/live/$DOMAIN/cert-updated" CERT_UPDATED_FILE="$CERTSTORE/$DOMAIN/cert-updated" Loading
