Skip to content

Instantly share code, notes, and snippets.

@longsleep

longsleep/.gitignore

Last active June 27, 2023 08:25
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save longsleep/159194f69f0b935483843560411ad890 to your computer and use it in GitHub Desktop.
Save longsleep/159194f69f0b935483843560411ad890 to your computer and use it in GitHub Desktop.
Download ZIP
The run-lego.sh
Raw
.gitignore
/.env
/.lego
/*-hook*
/hooks
/lego
Raw
run-lego.sh
#!/bin/bash
#
# Runs lego with hook support. Requires https://github.com/go-acme/lego
#
# Copyright (C) 2018 Simon Eisenmann <simon@longsleep.org>
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
set -e
set -u
set -o pipefail
SCRIPT=$(realpath -s "$0")
BINDIR=$(dirname $(readlink -f "$0"))
[ -f "${BINDIR}/.env" ] && source "${BINDIR}/.env"
LEGO=${LEGO:-/usr/local/sbin/lego}
DOMAINS=${DOMAINS:-}
EMAIL=${EMAIL:-}
GROUP=${GROUP:-www-data}
DAYS=${DAYS:-}
HOOK=${HOOK:-echo "Done!"}
export CLOUDFLARE_DNS_API_TOKEN=${CLOUDFLARE_DNS_API_TOKEN:-}
export LEGO_PATH=${LEGO_PATH:-${BINDIR}/.lego}
if [ -z "${DOMAINS}" ]; then
echo "DOMAINS is empty, aborting."
exit 1
fi
if [ -z "${EMAIL}" ]; then
echo "EMAIL is empty, aborting."
exit 1
fi
if [ -z "${CLOUDFLARE_DNS_API_TOKEN}" ]; then
echo "CLOUDFLARE_DNS_API_TOKEN is empty, aborting."
exit 1
fi
# Handle parameters.
case "${1:-""}" in
install)
if [[ ! -x "${LEGO}" ]]; then
echo "Downloading latest lego to ${LEGO} ..."
URL=$(curl -s https://api.github.com/repos/go-acme/lego/releases/latest | grep 'browser_' | cut -d\" -f4 | grep '_linux_amd64.tar.gz')
curl -L "$URL" | tar -C $(dirname ${LEGO}) -zx lego
echo "Installed lego (${LEGO}):"
else
echo "Already installed lego (${LEGO}):"
fi
${LEGO} --version
exit 0
;;
enable)
(crontab -l; echo "0 */12 * * * test -x ${SCRIPT} && perl -e 'sleep int(rand(300))' && ${SCRIPT} renew >/dev/null";) | crontab -
exit 0
;;
run-hook|renew-hook)
for domain in $DOMAINS; do
domain=$(echo "$domain" | sed s'/^*./_./')
chgrp $GROUP "${LEGO_PATH}/certificates/${domain}".* || true
chmod g+r "${LEGO_PATH}/certificates/${domain}".* || true
done
exec sh -c "${HOOK}"
exit 0
;;
run)
set -- "$@" --run-hook="${SCRIPT} run-hook"
;;
renew)
set -- "$@" --renew-hook="${SCRIPT} renew-hook"
if [ -n "${DAYS}" ]; then
set -- "$@" --days=${DAYS}
fi
;;
*)
;;
esac
if [ ! -x "${LEGO}" ]; then
echo "Lego not found at ${LEGO}, please run '${0} install' first ..."
exit 1
fi
for domain in $DOMAINS; do
set -- --domains="$domain" "$@"
done
if [ -z "${SERVER+z}" ]; then
# Use staging, if not set explicitly.
SERVER=https://acme-staging-v02.api.letsencrypt.org/directory
fi
if [ -n "${SERVER}" ]; then
set -- --server="${SERVER}" "$@"
fi
# Run lego, pass along parameters.
exec $LEGO --accept-tos --dns=cloudflare --email="${EMAIL}" "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment