Loading deploy/scripts/manage-certificates.sh +32 −16 Original line number Diff line number Diff line Loading @@ -6,51 +6,67 @@ then exit 1 fi docker run --rm \ fileToTestUpdate="/certs/live/${CERT_NAME}/chain.pem" if [ -e "${fileToTestUpdate}" ] then md5Before=$(md5sum "${fileToTestUpdate}") else md5Before=0 fi if ! docker run --rm \ -v ${CERTBOT_CONFIG_VOL_NAME}:/etc/letsencrypt \ -v ${CERTBOT_WORK_VOL_NAME}:/var/lib/letsencrypt \ -v ${CERTBOT_LOGS_VOL_NAME}:/var/log/letsencrypt \ -v ${ACME_VOL_NAME}:/var/www/html \ certbot/certbot certonly \ --expand \ --renew-with-new-domains \ --keep-until-expiring \ --webroot -w /var/www/html/ \ --cert-name ${CERT_NAME} \ -m ${EMAIL_LIST} --agree-tos --no-eff-email \ -d ${DOMAIN_LIST} \ --pre-hook "rm -f /etc/letsencrypt/UPDATED" \ --deploy-hook "touch /etc/letsencrypt/UPDATED" --no-self-upgrade then echo "Certificates creation failed!" exit 1 fi if [ -e /certs/UPDATED ] md5After=$(md5sum "${fileToTestUpdate}") if [ "${md5Before}" != "${md5After}" ] then echo "Certificates created for domains: ${DOMAIN_LIST}" echo "Updating certificates in web server service: ${SERVER_SERVICE}" secretFiles="chain fullchain privkey" secretRmParams="" secretAddParams="" for secretFile in ${secretFiles} do secretName="cert-${secretFile}" echo "Updating service secret: ${secretName}" secretRmParams="${secretRmParams} --secret-rm ${secretName}" secretAddParams="${secretAddParams} --secret-add ${secretName}" done docker service update ${secretRmParams} ${SERVER_SERVICE} docker service update \ --secret-rm ${secretName} \ ${SERVER_SERVICE} for secretFile in ${secretFiles} do secretName="cert-${secretFile}" echo "Updating service secret: ${secretName}" docker secret rm ${secretName} cat /certs/live/${CERT_NAME}/${secretFile}.pem | docker secret create \ -l com.docker.stack.namespace ${SERVER_STACK} \ ${secretName} - docker service update \ --secret-add ${secretName} \ ${SERVER_SERVICE} done echo "Certificates successfully updated" docker service update ${secretAddParams} ${SERVER_SERVICE} echo "Certificates successfully updated!" else echo "Certificates creation failed!" exit 1 echo "Certificates are still valid!" fi Loading
deploy/scripts/manage-certificates.sh +32 −16 Original line number Diff line number Diff line Loading @@ -6,51 +6,67 @@ then exit 1 fi docker run --rm \ fileToTestUpdate="/certs/live/${CERT_NAME}/chain.pem" if [ -e "${fileToTestUpdate}" ] then md5Before=$(md5sum "${fileToTestUpdate}") else md5Before=0 fi if ! docker run --rm \ -v ${CERTBOT_CONFIG_VOL_NAME}:/etc/letsencrypt \ -v ${CERTBOT_WORK_VOL_NAME}:/var/lib/letsencrypt \ -v ${CERTBOT_LOGS_VOL_NAME}:/var/log/letsencrypt \ -v ${ACME_VOL_NAME}:/var/www/html \ certbot/certbot certonly \ --expand \ --renew-with-new-domains \ --keep-until-expiring \ --webroot -w /var/www/html/ \ --cert-name ${CERT_NAME} \ -m ${EMAIL_LIST} --agree-tos --no-eff-email \ -d ${DOMAIN_LIST} \ --pre-hook "rm -f /etc/letsencrypt/UPDATED" \ --deploy-hook "touch /etc/letsencrypt/UPDATED" --no-self-upgrade then echo "Certificates creation failed!" exit 1 fi if [ -e /certs/UPDATED ] md5After=$(md5sum "${fileToTestUpdate}") if [ "${md5Before}" != "${md5After}" ] then echo "Certificates created for domains: ${DOMAIN_LIST}" echo "Updating certificates in web server service: ${SERVER_SERVICE}" secretFiles="chain fullchain privkey" secretRmParams="" secretAddParams="" for secretFile in ${secretFiles} do secretName="cert-${secretFile}" echo "Updating service secret: ${secretName}" secretRmParams="${secretRmParams} --secret-rm ${secretName}" secretAddParams="${secretAddParams} --secret-add ${secretName}" done docker service update ${secretRmParams} ${SERVER_SERVICE} docker service update \ --secret-rm ${secretName} \ ${SERVER_SERVICE} for secretFile in ${secretFiles} do secretName="cert-${secretFile}" echo "Updating service secret: ${secretName}" docker secret rm ${secretName} cat /certs/live/${CERT_NAME}/${secretFile}.pem | docker secret create \ -l com.docker.stack.namespace ${SERVER_STACK} \ ${secretName} - docker service update \ --secret-add ${secretName} \ ${SERVER_SERVICE} done echo "Certificates successfully updated" docker service update ${secretAddParams} ${SERVER_SERVICE} echo "Certificates successfully updated!" else echo "Certificates creation failed!" exit 1 echo "Certificates are still valid!" fi
