#
# See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands
#
-# Crontab: 0 0 1 * * certbot renew --manual-auth-hook /path/to/certbot_authentication.sh --manual-cleanup-hook /path/to/certbot_cleanup.sh
+# Crontab: 0 0 20 Jan,Apr,Jul,Oct * certbot renew
+#
+# Note: If you symlink /etc/letsencrypt/renewal-hooks/{pre|post|deploy}
+# to the proper scripts then all you need is certbox renew. Also
+# if certbot doesn't think it's time to renew certs you can force it
+# with --force-renewal
#
# Author: Andrew@DeFaria.com
# Created: Fri 04 Jun 2021 11:20:16 PDT
-# Modified:
+# Modified: Mon Oct 24 11:53:38 AM PDT 2022
# Language: Bash
#
# (c) Copyright 2021, ClearSCM, Inc., all rights reserved
#
################################################################################
-logfile="/tmp/$(basename $0).log"
+certdir=/System/Certificates
+
+mkdir -p $certdir
+
+logfile="$certdir/$(basename $0).log"
+
rm -f $logfile
function log {
function addTXT {
log "Adding TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION"
cmd="$url&unique_id=$(uuidgen)&cmd=dns-add_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION"
-
+
log "cmd = $cmd"
-
+
response=$(wget -O- -q "$cmd")
-
+
log "Response = $response"
} # addTXT
# Verifies that the TXT record has propogated.
function verifyPropagation {
log "Enter verifyPropagation"
-
- # We will try 4 times waiting 5 minutes in between
- max_attempts=4
- time_between_attempts=300 # 5 minutes (we might be able to shorten this)
-
+
+ # We will try 20 times waiting 1 minutes in between
+ max_attempts=20
+ time_between_attempts=60
+
# Obviously it's not propagated immediately so first wait
attempt=0
- while [ $attempt -lt 4 ]; do
+ while [ $attempt -lt $max_attempts ]; do
log "Waiting $time_between_attempts seconds for TXT record $CERTBOT_DOMAIN to propagate..."
sleep $time_between_attempts
-
+
((attempt++))
log "Attempt #$attempt: Validating of propagation of TXT record $CERTBOT_DOMAIN"
TXT=$(nslookup -type=TXT _acme-challenge.$CERTBOT_DOMAIN | grep -vi "can't find" | grep $CERTBOT_DOMAIN)
-
+
if [ -n "$TXT" ]; then
log "TXT record _acme-challenge.$CERTBOT_DOMAIN propagated"
return
log "TXT record _acme-challenge.$CERTBOT_DOMAIN not propagated yet"
fi
done
-
+
log "ERROR: Unable to validate propagation"
exit 1
} # verifyPropagation
verifyPropagation
# If we get here then new certs are produced but need to be made available
-# for importation to the Synology. /System/tmp is a directory that is
-# on the Synology mounted via NFS.
-cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/privkey.pem /System/tmp && chmod 444 /System/tmp/privkey.pem
-cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/cert.pem /System/tmp && chmod 444 /System/tmp/cert.pem
-cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/chain.pem /System/tmp && chmod 444 /System/tmp/chain.pem
-
-echo "Now go to DSM > Control Panel > Security > Certificate, select $CERTBOT_DOMAIN"
-echo "then Add, Replace an existing certificate for *.$CERTBOT_DOMAIN, Import"
-echo "Certificate and supply privkey.pem, cert.pem, and chain.pem for Private Key"
-echo "Certificate, and Intermediate certificate."
+# for importation to the Synology. $certdir is a directory that is on the
+# Synology mounted via NFS.
+cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/privkey.pem $certdir && chmod 444 $certdir/privkey.pem
+cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/cert.pem $certdir && chmod 444 $certdir/cert.pem
+cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/chain.pem $certdir && chmod 444 $certdir/chain.pem
+cp /etc/letsencrypt/live/$CERTBOT_DOMAIN/fullchain.pem $certdir && chmod 444 $certdir/fullchain.pem
projects / clearscm.git / blobdiff