Revoke old certs in a separated script

We cannot call letsencrypt.sh from a hook script, as there's a lock file
tags/smeserver-letsencrypt-client-0.2.4-1
Daniel Berteaud 9 years ago
parent 0540516807
commit bae49f049e
  1. 1
      root/etc/e-smith/templates.metadata/etc/cron.daily/letsencrypt.sh
  2. 10
      root/etc/e-smith/templates/etc/cron.daily/letsencrypt.sh/10All
  3. 13
      root/etc/e-smith/templates/etc/crontab/80letsencrypt
  4. 7
      root/etc/letsencrypt.sh/hooks_deploy_cert.d/10smeserver.sh

@ -0,0 +1,10 @@
{
if (($letsencrypt{'status'} || 'disabled') eq 'enabled'){
$OUT .= "/usr/bin/letsencrypt.sh -c 2>&1 | 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
if (($letsencrypt{'RevokeOldCertificates'} || 'disabled') =~ m/^enabled|on|yes|1$/){
$OUT .= "/usr/bin/le_revoke.sh 2>&1 | 2>&1 | awk '{ print strftime(), $0; fflush(); }' >> /var/log/letsencrypt.sh.log\n";
}
}
}

@ -1,13 +0,0 @@
{
my $le = $letsencrypt{'status'} || 'disabled';
if ($le eq 'enabled'){
$OUT .= '# Letsencrypt renewal' . "\n";
$OUT .= '2 4 * * * root sleep $[ $RANDOM \% 3600 ]; /usr/bin/letsencrypt.sh -c >> /var/log/letsencrypt.sh.log 2>&1' . "\n";
}
else{
$OUT .= '# Letsencrypt is disabled' . "\n";
}
}

@ -45,10 +45,3 @@ else
/usr/bin/sv 1 /service/imaps
fi
fi
# Now revoke old certificates
CUR_CRT=$(readlink /home/e-smith/db/letsencrypt.sh/certs/$DOM/cert.pem)
for cert in $(find /home/e-smith/db/letsencrypt.sh/certs/$DOM/ -type f -name cert\*.pem -exec basename "{}" \;); do
if [[ "$cert" != "$CUR_CRT" ]]; then
/usr/bin/letsencrypt.sh -r /home/e-smith/db/letsencrypt.sh/certs/$DOM/$cert
fi
done

Loading…
Cancel
Save