diff --git a/root/etc/e-smith/templates.metadata/etc/cron.daily/letsencrypt.sh b/root/etc/e-smith/templates.metadata/etc/cron.daily/letsencrypt.sh new file mode 100644 index 0000000..6bbf39b --- /dev/null +++ b/root/etc/e-smith/templates.metadata/etc/cron.daily/letsencrypt.sh @@ -0,0 +1 @@ +PERMS=0755 diff --git a/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All b/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All new file mode 100644 index 0000000..68bdaf5 --- /dev/null +++ b/root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All @@ -0,0 +1,10 @@ +{ + +if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){ + $OUT .= "/usr/bin/letsencrypt.sh -c 2>&1 | 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; + if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){ + $OUT .= "/usr/bin/le_revoke.sh 2>&1 | 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> /var/log/letsencrypt.sh.log\n"; + } +} + +} diff --git a/root/etc/e-smith/templates/etc/crontab/80letsencrypt b/root/etc/e-smith/templates/etc/crontab/80letsencrypt deleted file mode 100644 index d1caafe..0000000 --- a/root/etc/e-smith/templates/etc/crontab/80letsencrypt +++ /dev/null @@ -1,13 +0,0 @@ -{ - -my $le = $letsencrypt{'status'} || 'disabled'; - -if ($le eq 'enabled'){ - $OUT .= '# Letsencrypt renewal' . "\n"; - $OUT .= '2 4 * * * root sleep $[ $RANDOM \% 3600 ]; /usr/bin/letsencrypt.sh -c >> /var/log/letsencrypt.sh.log 2>&1' . "\n"; -} -else{ - $OUT .= '# Letsencrypt is disabled' . "\n"; -} - -} diff --git a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh index 3acd658..bd0edf8 100644 --- a/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh +++ b/root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh @@ -45,10 +45,3 @@ else /usr/bin/sv 1 /service/imaps fi fi -# Now revoke old certificates -CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem) -for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do - if [[ "$cert" != "$CUR_CRT" ]]; then - /usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert - fi -done