xueshanf/lego-admin.sh

## lego-admin.sh
#!/bin/bash
#
# Lego-admin.sh - create, renew, revoke certificates
#

### START CONFIGURATION ###

# Where lego stores certificattes
LEGO_HOME=/efs/lego
certificates=$LEGO_HOME/certificates

# The pems directory to store cert bundles used in web servers cert path such as haproxy
PEMS=$LEGO_HOME/certificates/pems

# List of fqdn to be managed - generated by confd or whatever automated process
domains=$(cat $LEGO_HOME/workspace/domains | grep -v ^$ |grep -v ^#)

# Let's encrypt service endpoints
production=https://acme-v01.api.letsencrypt.org/directory
staging=https://acme-staging.api.letsencrypt.org/directory

# Change to use $production for production
server=$staging

# Email for notification
email=admin@examplecom

# Lego options
flags=" --server=$server \
     --email=$email \
     --accept-tos \
     --key-type=rsa2048 \
     --path=/root/lego/ \
     --dns=route53 \
     --pem"

# Renew if certs have less than days_remain
days_remain="30"

# Lego image
IMAGE=lego

# Deployment key. IAM role works too, if AWS metadata url is not blocked for containers
AWS_CONFIG=/root/.aws

# Logs
log=/tmp/lego.log
rm -rf $log

### END OF CONFIGURATION ###

# Pull image
docker pull xenolf/lego
docker tag xenolf/lego lego
docker rm /lego > /dev/null 2>&1

for i in $domains
do
    opts="${flags} --d=$i"
    if [ -f "$LEGO_HOME/certificates/$i.crt" ];
    then
        action="renew"
        args=" --days=${days_remain}"
    else
        action="run"
        args=""
    fi

    echo "=== $action $i  ==="
    docker run --name lego -v /root/.aws:/root/.aws -v /efs/lego:/root/lego --rm -it lego $opts $action $args
    [ -f $i.pem ] && mv $i.pem $PEMS
done > $log
	#!/bin/bash
	#
	# Lego-admin.sh - create, renew, revoke certificates
	#

	### START CONFIGURATION ###

	# Where lego stores certificattes
	LEGO_HOME=/efs/lego
	certificates=$LEGO_HOME/certificates

	# The pems directory to store cert bundles used in web servers cert path such as haproxy
	PEMS=$LEGO_HOME/certificates/pems

	# List of fqdn to be managed - generated by confd or whatever automated process
	domains=$(cat $LEGO_HOME/workspace/domains \| grep -v ^$ \|grep -v ^#)

	# Let's encrypt service endpoints
	production=https://acme-v01.api.letsencrypt.org/directory
	staging=https://acme-staging.api.letsencrypt.org/directory

	# Change to use $production for production
	server=$staging

	# Email for notification
	email=admin@examplecom

	# Lego options
	flags=" --server=$server \
	--email=$email \
	--accept-tos \
	--key-type=rsa2048 \
	--path=/root/lego/ \
	--dns=route53 \
	--pem"

	# Renew if certs have less than days_remain
	days_remain="30"

	# Lego image
	IMAGE=lego

	# Deployment key. IAM role works too, if AWS metadata url is not blocked for containers
	AWS_CONFIG=/root/.aws

	# Logs
	log=/tmp/lego.log
	rm -rf $log

	### END OF CONFIGURATION ###

	# Pull image
	docker pull xenolf/lego
	docker tag xenolf/lego lego
	docker rm /lego > /dev/null 2>&1

	for i in $domains
	do
	opts="${flags} --d=$i"
	if [ -f "$LEGO_HOME/certificates/$i.crt" ];
	then
	action="renew"
	args=" --days=${days_remain}"
	else
	action="run"
	args=""
	fi

	echo "=== $action $i ==="
	docker run --name lego -v /root/.aws:/root/.aws -v /efs/lego:/root/lego --rm -it lego $opts $action $args
	[ -f $i.pem ] && mv $i.pem $PEMS
	done > $log