Skip to content

Use installed cert (key3.db) lmt as basis for install logic #17

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bdurrow wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Use installed cert (key3.db) lmt as basis for install logic #17

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c9b7004
Bring fatal error output in line with others.
bdurrow Apr 21, 2020
0685218
Use installed cert (key3.db) lmt as basis for install logic
bdurrow Apr 21, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 22 additions & 8 deletions renew.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
#!/bin/bash
#set -x



# Copyright (c) 2017 Antonia Stevens [email protected]

Expand All @@ -23,33 +24,45 @@

# Set strict mode
set -euo pipefail
certbot_debug_args=""

#For debugging uncomment these
#set -x
#certbot_debug_args="--force-renewal"

# Version
# shellcheck disable=2034
version='0.0.3'

letsencrypt_live_dir="/etc/letsencrypt/live"
installed_cert_db="/etc/httpd/alias/key3.db"

# Function to print to stderr
errcho(){ >&2 echo $@; }

# Exit if not being run as root
if [ "${EUID:-$(id -u)}" -ne "0" ] ; then
errcho "This script needs superuser privileges, suggest running it as root"
errcho "FATAL: This script needs superuser privileges, suggest running it as root."
exit 1
fi

if ! which ipa >/dev/null ; then
errcho "ipa not found; you probably need to update your PATH."
errcho "FATAL: ipa not found; you probably need to update your PATH."
exit 1
fi

if ! which ipa-server-certinstall >/dev/null ; then
errcho "ipa-server-certinstall not found; you probably need to update your PATH."
errcho "FATAL: ipa-server-certinstall not found; you probably need to update your PATH."
exit 1
fi

# Start Unix time
start_time_epoch="$(date +%s)"
#Determine method to detect need for cert install
if [ -n ${installed_cert_db} -a -e ${installed_cert_db} ]; then
find_newer_arg="-newer ${installed_cert_db}"
else
errcho "WARNING: Falling back to current time for cert install logic"
#Using this logic cert install will be "singleshot"
find_newer_arg="-newermt @$(date +%s)"
fi

# If there is no TTY then it's not interactive
if ! [[ -t 1 ]]; then
Expand Down Expand Up @@ -182,6 +195,7 @@ certbot certonly --quiet \
--manual-public-ip-logging-ok \
--manual-auth-hook "${auth_hook}" \
${domain_args} \
${certbot_debug_args} \
--agree-tos \
--email "${email}" \
--expand \
Expand All @@ -191,7 +205,7 @@ certbot certonly --quiet \
#Note, this used to be calculated before the certbot command was executed
#but it only makes sense to do it afterwards.
letsencrypt_pem_dir="$(find -L ${letsencrypt_live_dir} \
-newermt @${start_time_epoch} \
${find_newer_arg} \
-type f \
-name 'privkey.pem' \
-exec dirname {} \;)"
Expand Down