diff options
Diffstat (limited to 'etc/ncp-config.d/letsencrypt.sh')
-rw-r--r-- | etc/ncp-config.d/letsencrypt.sh | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/etc/ncp-config.d/letsencrypt.sh b/etc/ncp-config.d/letsencrypt.sh index 246244c9..8a0e06f1 100644 --- a/etc/ncp-config.d/letsencrypt.sh +++ b/etc/ncp-config.d/letsencrypt.sh @@ -9,6 +9,7 @@ DOMAIN_=mycloud.ownyourbits.com EMAIL_=mycloud@ownyourbits.com +NOTIFYUSER_=ncp NCDIR=/var/www/nextcloud OCC="$NCDIR/occ" @@ -53,24 +54,43 @@ configure() { local DOMAIN_LOWERCASE="${DOMAIN_,,}" + # Configure Apache grep -q ServerName $VHOSTCFG && \ sed -i "s|ServerName .*|ServerName $DOMAIN_|" $VHOSTCFG || \ sed -i "/DocumentRoot/aServerName $DOMAIN_" $VHOSTCFG + # Do it letsencrypt certonly -n --no-self-upgrade --webroot -w $NCDIR --hsts --agree-tos -m $EMAIL_ -d $DOMAIN_ && { + + # Set up auto-renewal cat > /etc/cron.weekly/letsencrypt-ncp <<EOF #!/bin/bash -/usr/bin/certbot renew --quiet + +# renew and notify +/usr/bin/certbot renew --quiet --renew-hook ' + sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal" \ + -l "Your SSL certificate(s) \$RENEWED_DOMAINS has been renewed for another 90 days" + ' + +# notify if fails +[[ \$? -ne 0 ]] && sudo -u www-data php $OCC notification:generate \ + $NOTIFYUSER_ "SSL renewal error" \ + -l "SSL certificate renewal failed. See /var/log/letsencrypt/letsencrypt.log" + +# cleanup rm -rf $NCDIR/.well-known EOF chmod +x /etc/cron.weekly/letsencrypt-ncp + # Configure Apache sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG sed -i "s|SSLCertificateFile.*|SSLCertificateFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/fullchain.pem|" $VHOSTCFG2 sed -i "s|SSLCertificateKeyFile.*|SSLCertificateKeyFile /etc/letsencrypt/live/$DOMAIN_LOWERCASE/privkey.pem|" $VHOSTCFG2 + # Configure Nextcloud sudo -u www-data php $OCC config:system:set trusted_domains 4 --value=$DOMAIN_ sudo -u www-data php $OCC config:system:set overwrite.cli.url --value=https://$DOMAIN_ @@ -78,7 +98,7 @@ EOF bash -c "sleep 2 && service apache2 reload" &>/dev/null & rm -rf $NCDIR/.well-known - # update configuration + # Update configuration [[ "$DOCKERBUILD" == 1 ]] && update-rc.d letsencrypt enable return 0 |