jansendotsh/cfrenewal.sh

## cfrenewal.sh
#!/bin/bash

# Variables
DO_TOKEN=SANITIZED
EFF_EMAIL="garrett@jansen.sh"
CUSTOM_DOMAIN="s.jnsn.link"
CFLARE_EMAIL=SANITIZED
CFLARE_TOKEN=SANITIZED

# Check to see if certbot directories have been made here before
if [ ! -d "/data/certbot-cloudflare" ]
then
        mkdir -p /data/certbot-cloudflare/{etc,log,var}
fi

# Checks for docker & jq
type docker >/dev/null 2>&1 || { echo >&2 "Docker not installed. Renewal failed." >> /data/certbot-cloudflare/log/cron.log; exit 1; }
type jq >/dev/null 2>&1 || { echo >&2 "jq not installed. Renewal failed." >> /data/certbot-cloudflare/log/cron.log; exit 1; }

# Create Cloudflare configuration
tee /data/certbot-cloudflare/etc/cloudflare.ini >/dev/null <<EOF
dns_cloudflare_email = $CFLARE_EMAIL
dns_cloudflare_api_key = $CFLARE_TOKEN
EOF

# Pull Docker container for certbot renewal with cloudflare
docker run --rm -it \
	-v /data/certbot-cloudflare/etc:/etc/letsencrypt \
        -v /data/certbot-cloudflare/var:/var/lib/letsencrypt \
        -v /data/certbot-cloudflare/log:/var/log/letsencrypt \
		certbot/dns-cloudflare certonly \
        --dns-cloudflare \
        --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
        --email $EFF_EMAIL --agree-tos --no-eff-email \
        -d $CUSTOM_DOMAIN

# Upload cert & save ID (yes, the sed nonsense is necessary to replace newlines with characters
CERT_ID=$(curl -X POST   -H "Content-Type: application/json" \
    -H "Authorization: Bearer $DO_TOKEN" \
    -d '{"name": "'"sjnsn-`date +%Y%m%d`"'", "type": "custom", "private_key": "'"$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /data/certbot-cloudflare/etc/live/s.jnsn.link/privkey.pem)"'","leaf_certificate": "'"$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /data/certbot-cloudflare/etc/live/s.jnsn.link/fullchain.pem)"'"}' \
    "https://api.digitalocean.com/v2/certificates" | \
    jq '.certificate.id' | \
    sed -e 's/^"//' -e 's/"$//')

# Grab endpoint for the domain
ENDPOINT_ID=$(curl -X GET -H "Content-Type: application/json" \
    -H "Authorization: Bearer $DO_TOKEN" \
    "https://api.digitalocean.com/v2/cdn/endpoints" | \
    jq '.endpoints[] | select(.custom_domain != null) | select(.custom_domain | contains("s.jnsn.link"))' | \
    jq '.id' | \
    sed -e 's/^"//' -e 's/"$//')

# Set new cert to endpoint
curl -X PUT -H "Content-Type: application/json" \
    -H "Authorization: Bearer $DO_TOKEN" \
    -d '{"certificate_id": "'"$CERT_ID"'","custom_domain": "'"$CUSTOM_DOMAIN"'"}' \
    "https://api.digitalocean.com/v2/cdn/endpoints/$ENDPOINT_ID"
	#!/bin/bash

	# Variables
	DO_TOKEN=SANITIZED
	EFF_EMAIL="garrett@jansen.sh"
	CUSTOM_DOMAIN="s.jnsn.link"
	CFLARE_EMAIL=SANITIZED
	CFLARE_TOKEN=SANITIZED

	# Check to see if certbot directories have been made here before
	if [ ! -d "/data/certbot-cloudflare" ]
	then
	mkdir -p /data/certbot-cloudflare/{etc,log,var}
	fi

	# Checks for docker & jq
	type docker >/dev/null 2>&1 \|\| { echo >&2 "Docker not installed. Renewal failed." >> /data/certbot-cloudflare/log/cron.log; exit 1; }
	type jq >/dev/null 2>&1 \|\| { echo >&2 "jq not installed. Renewal failed." >> /data/certbot-cloudflare/log/cron.log; exit 1; }

	# Create Cloudflare configuration
	tee /data/certbot-cloudflare/etc/cloudflare.ini >/dev/null <<EOF
	dns_cloudflare_email = $CFLARE_EMAIL
	dns_cloudflare_api_key = $CFLARE_TOKEN
	EOF

	# Pull Docker container for certbot renewal with cloudflare
	docker run --rm -it \
	-v /data/certbot-cloudflare/etc:/etc/letsencrypt \
	-v /data/certbot-cloudflare/var:/var/lib/letsencrypt \
	-v /data/certbot-cloudflare/log:/var/log/letsencrypt \
	certbot/dns-cloudflare certonly \
	--dns-cloudflare \
	--dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
	--email $EFF_EMAIL --agree-tos --no-eff-email \
	-d $CUSTOM_DOMAIN

	# Upload cert & save ID (yes, the sed nonsense is necessary to replace newlines with characters
	CERT_ID=$(curl -X POST -H "Content-Type: application/json" \
	-H "Authorization: Bearer $DO_TOKEN" \
	-d '{"name": "'"sjnsn-`date +%Y%m%d`"'", "type": "custom", "private_key": "'"$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /data/certbot-cloudflare/etc/live/s.jnsn.link/privkey.pem)"'","leaf_certificate": "'"$(sed -E ':a;N;$!ba;s/\r{0,1}\n/\\n/g' /data/certbot-cloudflare/etc/live/s.jnsn.link/fullchain.pem)"'"}' \
	"https://api.digitalocean.com/v2/certificates" \| \
	jq '.certificate.id' \| \
	sed -e 's/^"//' -e 's/"$//')

	# Grab endpoint for the domain
	ENDPOINT_ID=$(curl -X GET -H "Content-Type: application/json" \
	-H "Authorization: Bearer $DO_TOKEN" \
	"https://api.digitalocean.com/v2/cdn/endpoints" \| \
	jq '.endpoints[] \| select(.custom_domain != null) \| select(.custom_domain \| contains("s.jnsn.link"))' \| \
	jq '.id' \| \
	sed -e 's/^"//' -e 's/"$//')

	# Set new cert to endpoint
	curl -X PUT -H "Content-Type: application/json" \
	-H "Authorization: Bearer $DO_TOKEN" \
	-d '{"certificate_id": "'"$CERT_ID"'","custom_domain": "'"$CUSTOM_DOMAIN"'"}' \
	"https://api.digitalocean.com/v2/cdn/endpoints/$ENDPOINT_ID"