Skip to content

Commit

Permalink
Use pip-installed certbot if available
Browse files Browse the repository at this point in the history
See bluecherrydvr#635

Give pip-installed one a priority as it's more likely to be up to date,
which is useful long-term as LetsEncrypt matters sometimes change on
short notice.
  • Loading branch information
andrey-utkin committed Dec 19, 2023
1 parent e2bc876 commit 4c37d1e
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 5 deletions.
2 changes: 1 addition & 1 deletion misc/cron/bluecherry-subdomain-cert-renewal
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# | | | | |
# * * * * * user-name command to be executed
* * */5 * * root certbot renew --config-dir=/usr/share/bluecherry/nginx-includes/letsencrypt/ >/dev/null 2>&1
* * */5 * * root /usr/share/bluecherry/subdomain-cert-renewal &>/dev/null
*/5 * * * * root curl -k https://localhost:7001/subdomainprovidercron >/dev/null 2>&1

# vim: syntax=crontab
13 changes: 13 additions & 0 deletions misc/subdomain-cert-renewal
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
#!/bin/bash
set -euo pipefail

# Suppress the output of the rest of the script.
# To debug, redirect to a real file.
exec &> /dev/null

CERTBOT=/root/.local/bin/certbot
if ! [[ -x "$CERTBOT" ]]; then
CERTBOT=certbot
fi

"$CERTBOT" renew --config-dir=/usr/share/bluecherry/nginx-includes/letsencrypt/
13 changes: 9 additions & 4 deletions scripts/update_subdomain_certs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -51,11 +51,16 @@ chmod 600 $credentials
# Generate certificates
echo "Generating certs..."

certbot certonly --non-interactive --agree-tos --work-dir=/tmp --logs-dir=/tmp \
CERTBOT=/root/.local/bin/certbot
if ! [[ -x "$CERTBOT" ]]; then
CERTBOT=certbot
fi

"$CERTBOT" certonly --non-interactive --agree-tos --work-dir=/tmp --logs-dir=/tmp \
--config-dir=/usr/share/bluecherry/nginx-includes/letsencrypt/ \
--dns-subdomain-provider-credentials $credentials \
-m $email --authenticator dns-subdomain-provider \
-d $subdomain.bluecherry.app -v
--dns-subdomain-provider-credentials "$credentials" \
-m "$email" --authenticator dns-subdomain-provider \
-d "$subdomain".bluecherry.app -v

rm $credentials

Expand Down

0 comments on commit 4c37d1e

Please sign in to comment.