diff options
| author | nachoparker <nacho@ownyourbits.com> | 2018-06-20 22:11:35 +0300 |
|---|---|---|
| committer | nachoparker <nacho@ownyourbits.com> | 2018-06-21 13:33:13 +0300 |
| commit | 9983b7cff900042c89aaaa3529bd9c92407764bd (patch) | |
| tree | db5d5cee41cdcf9072d261b50a4a9cb69b64ac9f | |
| parent | a0a31b4b9679c1e455254d514219ab69e0c543c2 (diff) | |
letsencrypt: notify of renewalsv0.57.11
| -rw-r--r-- | etc/ncp-config.d/letsencrypt.sh | 24 | ||||
| -rwxr-xr-x | update.sh | 26 |
2 files changed, 48 insertions, 2 deletions
diff --git a/etc/ncp-config.d/letsencrypt.sh b/etc/ncp-config.d/letsencrypt.sh index 246244c9..8a0e06f1 100644 --- a/etc/ncp-config.d/letsencrypt.sh +++ b/etc/ncp-config.d/letsencrypt.sh @@ -9,6 +9,7 @@ DOMAIN_=mycloud.ownyourbits.com EMAIL_=mycloud@ownyourbits.com +NOTIFYUSER_=ncp NCDIR=/var/www/nextcloud OCC="$NCDIR/occ" @@ -53,24 +54,43 @@ configure() { local DOMAIN_LOWERCASE="${DOMAIN_,,}" + # Configure Apache grep -q ServerName $VHOSTCFG && \ sed -i "s|ServerName .*|ServerName $DOMAIN_|" $VHOSTCFG || \ sed -i "/DocumentRoot/aServerName $DOMAIN_" $VHOSTCFG + # Do it letsencrypt certonly -n --no-self-upgrade --webroot -w $NCDIR --hsts --agree-tos -m $EMAIL_ -d $DOMAIN_ && { + + # Set up auto-renewal cat > /etc/cron.weekly/letsencrypt-ncp <<EOF #!/bin/bash -/usr/bin/certbot renew --quiet + +# renew and notify +/usr/bin/certbot renew --quiet --renew-hook ' + sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal" \ + -l "Your SSL certificate(s) \$RENEWED_DOMAINS has been renewed for another 90 days" + ' + +# notify if fails +[[ \$? -ne 0 ]] && sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal error" \ + -l "SSL certificate renewal failed. See /var/log/letsencrypt/letsencrypt.log" + +# cleanup rm -rf $NCDIR/.well-known EOF chmod +x /etc/cron.weekly/letsencrypt-ncp + # Configure Apache sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG2 + # Configure Nextcloud sudo -u www-data php $OCC config:system:set trusted_domains 4 --value=$DOMAIN_ sudo -u www-data php $OCC config:system:set overwrite.cli.url --value=https://$DOMAIN_ @@ -78,7 +98,7 @@ EOF bash -c "sleep 2 && service apache2 reload" &>/dev/null & rm -rf $NCDIR/.well-known - # update configuration + # Update configuration [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt enable return 0 @@ -252,6 +252,32 @@ cd /var/www/nextcloud sudo -u www-data php occ config:system:set trusted_domains 1 --value=$IP EOF + # letsencrypt: notify of renewals + [[ -f /etc/cron.weekly/letsencrypt-ncp ]] && ! grep -q SSL /etc/cron.weekly/letsencrypt-ncp && { + NCDIR=/var/www/nextcloud + OCC="$NCDIR"/occ + NOTIFYUSER_=ncp + cat > /etc/cron.weekly/letsencrypt-ncp <<EOF +#!/bin/bash + +# renew and notify +/usr/bin/certbot renew --quiet --renew-hook ' + sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal" \ + -l "Your SSL certificate(s) \$RENEWED_DOMAINS has been renewed for another 90 days" + ' + +# notify if fails +[[ \$? -ne 0 ]] && sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal error" \ + -l "SSL certificate renewal failed. See /var/log/letsencrypt/letsencrypt.log" + +# cleanup +rm -rf $NCDIR/.well-known +EOF + chmod +x /etc/cron.weekly/letsencrypt-ncp + } + } # end - only live updates exit 0 |