From 06b38f55f4fe2ce7fa5cc07ec2cc0b3485cc3a7a Mon Sep 17 00:00:00 2001 From: Derek Smith Date: Fri, 22 Apr 2022 16:17:14 -0400 Subject: [PATCH] Certificate renewal is only supported on AWS... For now... Signed-off-by: Derek Smith --- generate_certs.sh | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) diff --git a/generate_certs.sh b/generate_certs.sh index 69b4aba..a20e95e 100755 --- a/generate_certs.sh +++ b/generate_certs.sh @@ -1,22 +1,27 @@ #!/bin/bash -set -exuo nounset +set -exu cd "$(dirname "$0")" -# let's do a refresh of the certificates. Let's Encrypt will not run if it's not time. -docker pull certbot/certbot -docker run -it --rm \ - --name certbot \ - -p 80:80 \ - -p 443:443 \ - -v /etc/letsencrypt:/etc/letsencrypt \ - -v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot \ - certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$NEXTCLOUD_FQDN" -d "$MATRIX_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS" -#-d "$GITEA_FQDN" -# backup the certs to our SITE_PATH/certs.tar.gz so we have them handy (for local development) -ssh "$FQDN" sudo tar -zcvf "$REMOTE_HOME/certs.tar.gz" -C /etc ./letsencrypt -ssh "$FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/certs.tar.gz" +if [ "$VPS_HOSTING_TARGET" = aws ]; then + # let's do a refresh of the certificates. Let's Encrypt will not run if it's not time. + docker pull certbot/certbot -# now pull the tarballs down the local machine. -scp "$FQDN:$REMOTE_HOME/certs.tar.gz" "$SITE_PATH/certs.tar.gz" + docker run -it --rm \ + --name certbot \ + -p 80:80 \ + -p 443:443 \ + -v /etc/letsencrypt:/etc/letsencrypt \ + -v /var/lib/letsencrypt:/var/lib/letsencrypt certbot/certbot \ + certonly -v --noninteractive --agree-tos --key-type ecdsa --standalone --expand -d "$DOMAIN_NAME" -d "$FQDN" -d "$NEXTCLOUD_FQDN" -d "$MATRIX_FQDN" -d "$GITEA_FQDN" --email "$CERTIFICATE_EMAIL_ADDRESS" + + # backup the certs to our SITE_PATH/certs.tar.gz so we have them handy (for local development) + ssh "$FQDN" sudo tar -zcvf "$REMOTE_HOME/certs.tar.gz" -C /etc ./letsencrypt + ssh "$FQDN" sudo chown ubuntu:ubuntu "$REMOTE_HOME/certs.tar.gz" + + # now pull the tarballs down the local machine. + scp "$FQDN:$REMOTE_HOME/certs.tar.gz" "$SITE_PATH/certs.tar.gz" +else + echo "INFO: Skipping certificate renewal since we're on hosting provider=lxd." +fi \ No newline at end of file