-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathupdate_certs
More file actions
executable file
·69 lines (59 loc) · 2.27 KB
/
update_certs
File metadata and controls
executable file
·69 lines (59 loc) · 2.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env zsh
set -euo pipefail 2>/dev/null || { set -euo; setopt pipefail; }
IFS=$'\n\t'
VERBOSE=0
usage() {
cat <<EOF
Usage: $0 [-v] [-h]
-v Verbose output
-h Show this help and exit
EOF
}
info() { printf '%s\n' "$1"; }
debug() { if [[ ${VERBOSE:-0} -eq 1 ]]; then printf '%s\n' "$1"; fi }
error() { printf '%s\n' "$1" >&2; exit 1; }
while getopts "vh" opt; do
case "${opt}" in
v) VERBOSE=1 ;;
h) usage; exit 0 ;;
*) usage; exit 1 ;;
esac
done
shift $((OPTIND - 1))
get_env_var() {
local key="$1" file="$2" val
val=$(grep -E "^${key}=" "$file" | tail -n1 | sed -E 's/^[^=]*=//; s/^\"?(.*)\"?$/\1/; s/[[:space:]]*$//' || true)
printf '%s' "${val:-}"
}
SCRIPT_PATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )"
DOMAIN=$(get_env_var "MY_DOMAIN" "${SCRIPT_PATH}/.env")
if [ -z "${DOMAIN}" ]; then
error "Variable 'MY_DOMAIN' isn't set in '${SCRIPT_PATH}/.env', quitting ..."
fi
NETWORK_DEVICES=$(get_env_var "NETWORK_DEVICES" "${SCRIPT_PATH}/.env")
if [ -z "${NETWORK_DEVICES}" ]; then
error "Variable 'NETWORK_DEVICES' isn't set in '${SCRIPT_PATH}/.env', quitting ..."
fi
DEVICES=("${(@s/,/)NETWORK_DEVICES}")
CONTAINERS_PATH=$(get_env_var "CONTAINERS_PATH" "${SCRIPT_PATH}/.env")
if [ -z "${CONTAINERS_PATH}" ]; then
error "Variable 'CONTAINERS_PATH' isn't set in '${SCRIPT_PATH}/.env', quitting ..."
fi
CERT_PATH="${CONTAINERS_PATH}/caddy/data/certificates/acme-v02.api.letsencrypt.org-directory"
for i in "${DEVICES[@]}"; do
DEVICE_CERT_PATH="${CERT_PATH}/${i}.${DOMAIN}/$i.$DOMAIN"
LOCAL_CERT=$(sudo md5sum $DEVICE_CERT_PATH.crt | cut -d ' ' -f1)
REMOTE_CERT=$(ssh $i "md5sum /etc/uhttpd.crt | cut -d ' ' -f1")
if [[ $VERBOSE -eq 1 ]]; then
echo "Checking certificate for $i.$DOMAIN: $LOCAL_CERT"
echo "Remote certificate for $i.$DOMAIN: $REMOTE_CERT"
fi
if [ "$LOCAL_CERT" != "$REMOTE_CERT" ]; then
sudo scp -O $DEVICE_CERT_PATH.crt $i:/etc/uhttpd.crt && sudo scp -O $DEVICE_CERT_PATH.key $i:/etc/uhttpd.key \
&& ssh $i '/etc/init.d/uhttpd restart' && echo "$i.$DOMAIN: Certificate updated and uhttpd service restarted."
else
if [[ $VERBOSE -eq 1 ]]; then
echo "Certificate for $i is up to date, no action needed."
fi
fi
done