forked from ss/sovereign-stack
Certificate renewal is only supported on AWS... For now...
Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
parent
dcf4f16cf7
commit
06b38f55f4
@ -1,8 +1,10 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -exuo nounset
|
set -exu
|
||||||
cd "$(dirname "$0")"
|
cd "$(dirname "$0")"
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$VPS_HOSTING_TARGET" = aws ]; then
|
||||||
# let's do a refresh of the certificates. Let's Encrypt will not run if it's not time.
|
# let's do a refresh of the certificates. Let's Encrypt will not run if it's not time.
|
||||||
docker pull certbot/certbot
|
docker pull certbot/certbot
|
||||||
|
|
||||||
@ -12,11 +14,14 @@ docker run -it --rm \
|
|||||||
-p 443:443 \
|
-p 443:443 \
|
||||||
-v /etc/letsencrypt:/etc/letsencrypt \
|
-v /etc/letsencrypt:/etc/letsencrypt \
|
||||||
-v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot \
|
-v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot \
|
||||||
certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$NEXTCLOUD_FQDN" -d "$MATRIX_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$NEXTCLOUD_FQDN" -d "$MATRIX_FQDN" -d "$GITEA_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS"
|
||||||
#-d "$GITEA_FQDN"
|
|
||||||
# backup the certs to our SITE_PATH/certs.tar.gz so we have them handy (for local development)
|
# backup the certs to our SITE_PATH/certs.tar.gz so we have them handy (for local development)
|
||||||
ssh "$FQDN" sudo tar -zcvf "$REMOTE_HOME/certs.tar.gz" -C /etc ./letsencrypt
|
ssh "$FQDN" sudo tar -zcvf "$REMOTE_HOME/certs.tar.gz" -C /etc ./letsencrypt
|
||||||
ssh "$FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/certs.tar.gz"
|
ssh "$FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/certs.tar.gz"
|
||||||
|
|
||||||
# now pull the tarballs down the local machine.
|
# now pull the tarballs down the local machine.
|
||||||
scp "$FQDN:$REMOTE_HOME/certs.tar.gz" "$SITE_PATH/certs.tar.gz"
|
scp "$FQDN:$REMOTE_HOME/certs.tar.gz" "$SITE_PATH/certs.tar.gz"
|
||||||
|
else
|
||||||
|
echo "INFO: Skipping certificate renewal since we're on hosting provider=lxd."
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user