X-Git-Url: https://defaria.com/gitweb/?a=blobdiff_plain;f=bin%2Fcertbot_cleanup.sh;h=400c9a2c8088cd5f7732d2f1e589118390e38458;hb=d3c598399f93a1ca4ffc9f4aedd7907f4157ca43;hp=a337cf544893a75dce3879f808023e1468b651e2;hpb=872647ca498f25c7de2a0e92f19403b71d957e1a;p=clearscm.git diff --git a/bin/certbot_cleanup.sh b/bin/certbot_cleanup.sh index a337cf5..400c9a2 100755 --- a/bin/certbot_cleanup.sh +++ b/bin/certbot_cleanup.sh @@ -12,30 +12,54 @@ # # See also: https://help.dreamhost.com/hc/en-us/articles/217555707-DNS-API-commands # -# Crontab: 0 0 1 * * certbot renew --manual-auth-hook /path/to/certbot_authentication.sh --manual-cleanup-hook /path/to/certbot_cleanup.sh +# Crontab: 0 0 20 Jan,Apr,Jul,Oct * certbot renew # # Author: Andrew@DeFaria.com # Created: Fri 04 Jun 2021 11:20:16 PDT -# Modified: +# Modified: Mon Oct 24 11:53:38 AM PDT 2022 # Language: Bash # # (c) Copyright 2021, ClearSCM, Inc., all rights reserved # ################################################################################ +certdir="/System/Certificates" + +mkdir -p $certdir + +logfile="$certdir/$(basename $0).log" + +rm -f $logfile + +function log { + echo $1 >> $logfile +} # log + +log "Starting $0" + # The following are environment variables that certbot passes to us # -# CERTBOT_DOMAIN: Domain being authenticated. For example, -# _acme-challenge.example.com for a wildcart cert or -# _acme-challenge.subdomain.example.com for a subdomain -# Note: Pass in $1 for testing or use the default of -# CERTBOT_DOMAIN -domain=${1:-CERTBOT_DOMAIN} +# CERTBOT_DOMAIN: Domain being authenticated. +# CERTBOT_VALIDATION: Validation string for domain +# +# Check that CERTBOT_DOMAIN and CERTBOT_VALIDATION have been passed in properly +if [ -z "$CERTBOT_DOMAIN"]; then + log "CERTBOT_DOMAIN not passed in!" + exit 1 +else + log "CERTBOT_DOMAIN = $CERTBOT_DOMAIN" +fi -# CERTBOT_VALIDATION: The validation string. Pass in $2 or use the default of -# CERTBOT_VALIDATION -value=${2:-CERTBOT_VALIDATION} +if [ -z "$CERTBOT_VALIDATION"]; then + log "CERTBOT_VALIDATION not passed in!" + exit 1 +else + log "CERTBOT_VALIDATION = $CERTBOT_VALIDATION" +fi -# Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api +# My DNS registar is Dreamhost. These variables are specific to their DNS API. +# Yours will probably be different. +# +# Dreamhost key - generate at https://panel.dreamhost.com/?tree=home.api key=KHY6UJQXD9MEJZHR # URL where the REST endpoint is @@ -43,15 +67,19 @@ url="https://api.dreamhost.com/?key=$key" # Remove a TXT record. Oddly you must also specify the value. function removeTXT { - echo "Removing TXT record $CERTBOT_DOMAIN_DOMAIN = $CERTBOT_VALIDATION" - cmd="$url&unique_id=$(uuidgen)&cmd=dns-remove_record&record=$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION" + log "Removing TXT record $CERTBOT_DOMAIN = $CERTBOT_VALIDATION" + cmd="$url&unique_id=$(uuidgen)&cmd=dns-remove_record&record=_acme-challenge.$CERTBOT_DOMAIN&type=TXT&value=$CERTBOT_VALIDATION" + log "cmd: $cmd" - response=$(wget -O- -q "$cmd") + response=$(wget -O- -q "$cmd") - echo "$response" + log "Response = $response" } # removeTXT removeTXT # Removal is instanteous but propagation will take some time. No need to wait -# around though... \ No newline at end of file +# around though... + +# Now deploy new certs +/opt/clearscm/bin/certbot_deploy.sh