This repository has been archived by the owner on Mar 2, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathnfsn-setup.sh
executable file
·69 lines (56 loc) · 2.16 KB
/
nfsn-setup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#!/usr/bin/env bash
set -o errexit -o nounset -o pipefail
readonly well_known='.well-known/acme-challenge/'
declare single_cert='true'
echo " + Cloning letsencrypt.sh git repository..."
git submodule init
git submodule update --remote
mkdir -p letsencrypt.sh/.acme-challenges
echo " + Generating configuration..."
for site_root in $(nfsn list-aliases); do
if [[ -d "${DOCUMENT_ROOT}${site_root}/" ]]; then
WELLKNOWN="${DOCUMENT_ROOT}${site_root}/${well_known}"
CONFIGDIR="letsencrypt.sh/certs/${site_root}/"
mkdir -p "${WELLKNOWN}" "${CONFIGDIR}"
echo "WELLKNOWN='${WELLKNOWN}'" > "${CONFIGDIR}/config"
echo " + Installing hook script..."
echo "HOOK='$(realpath nfsn-hook.sh)'" >> "${CONFIGDIR}/config"
chmod +x nfsn-hook.sh
unset single_cert
fi
done
if [[ "${single_cert:+true}" ]]; then
echo " + Generating fallback configuration..."
mkdir -p "${DOCUMENT_ROOT}${well_known}"
echo "WELLKNOWN='${DOCUMENT_ROOT}${well_known}'" > letsencrypt.sh/config
echo " + Installing hook script..."
echo "HOOK='$(realpath nfsn-hook.sh)'" >> letsencrypt.sh/config
chmod +x nfsn-hook.sh
fi
echo " + Generating domains.txt..."
nfsn ${single_cert:+-s} list-aliases > letsencrypt.sh/domains.txt
echo " + Performing initial run..."
letsencrypt.sh/letsencrypt.sh --cron
user_site=${MAIL##*/}
printf '
+ Done.
Now add nfsn-cron.sh to your scheduled tasks so that the certificates
will be renewed automatically. To do that, go to
https://members.nearlyfreespeech.net/%s/sites/%s/cron
and use the following settings:
Tag: letsencrypt
URL or Shell Command: %q
User: me
Hour: %d
Day of Week: Every
Date: *
The certificates will be renewed only when needed so it’s safe to
schedule the task to run daily.
+ ATTN: /usr/local/bin/nfsn currently does not support being run from
cron. A solution is being discussed; until one is available,
this task will simply check the expiration date and error if it
is within 30 days of expiry.
' \
"${user_site%_*}" "$NFSN_SITE_NAME" \
"$(realpath nfsn-cron.sh)" \
"$(( $RANDOM % 24 ))"