Initial commit
This commit is contained in:
commit
e4b4acc6c7
|
@ -0,0 +1,20 @@
|
||||||
|
FROM ubuntu:xenial
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
apt-get install -y python3-pip cron && \
|
||||||
|
pip3 install simp_le-client && \
|
||||||
|
find /etc/cron* -type f -delete && \
|
||||||
|
useradd simplecert && \
|
||||||
|
touch /etc/crontab
|
||||||
|
|
||||||
|
ADD start /start
|
||||||
|
ADD simplewrapper.py /usr/local/bin/simplewrapper.py
|
||||||
|
ADD crontab /etc/cron.d/
|
||||||
|
|
||||||
|
RUN chmod +x /start /usr/local/bin/simplewrapper.py && \
|
||||||
|
chmod 644 /etc/cron.d/crontab
|
||||||
|
|
||||||
|
ENTRYPOINT ["/start"]
|
||||||
|
|
||||||
|
VOLUME /srv/acme/webroot/.well-known/acme-challenge/
|
||||||
|
VOLUME /srv/acme/conf/
|
|
@ -0,0 +1,10 @@
|
||||||
|
The conf dir (-v /host/conf:/srv/acme/conf/) needs:
|
||||||
|
|
||||||
|
<domain>.com/email email address to use for the cert request
|
||||||
|
<domain>.com/aliases all hostnames INCLUDING <domain> for cert request
|
||||||
|
|
||||||
|
The webroot should be mounted to the real webhost's acme-challenge dir, like:
|
||||||
|
|
||||||
|
-v /host/real_webroot/.well-known/acme-challenge/:/srv/acme/webroot/.well-known/acme-challenge/
|
||||||
|
|
||||||
|
Master process logs in /srv/acme/logs/ are useful for debugging
|
|
@ -0,0 +1,4 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
* * * * * simplecert /usr/bin/python3 /usr/local/bin/simplewrapper.py >> /srv/acme/logs/cron.log 2>&1
|
|
@ -0,0 +1,52 @@
|
||||||
|
#!/usr/bin/env python3
|
||||||
|
|
||||||
|
from subprocess import Popen, TimeoutExpired
|
||||||
|
import os
|
||||||
|
|
||||||
|
|
||||||
|
CONF_DIR = "/srv/acme/conf/"
|
||||||
|
WEB_ROOT = "/srv/acme/webroot/"
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
for name in os.listdir(CONF_DIR):
|
||||||
|
domain_dir = os.path.join(CONF_DIR, name)
|
||||||
|
with open(os.path.join(domain_dir, "email")) as f:
|
||||||
|
email = f.read().strip()
|
||||||
|
with open(os.path.join(domain_dir, "aliases")) as f:
|
||||||
|
aliases = [i.strip() for i in f.read().strip().split()]
|
||||||
|
|
||||||
|
call_le(email, aliases, domain_dir)
|
||||||
|
|
||||||
|
|
||||||
|
def call_le(email, domain_names, cwd):
|
||||||
|
assert domain_names
|
||||||
|
os.chdir(cwd)
|
||||||
|
|
||||||
|
le_call = ["simp_le",
|
||||||
|
"--email", email,
|
||||||
|
"-f", "account_key.json",
|
||||||
|
"-f", "fullchain.pem",
|
||||||
|
"-f", "key.pem"]
|
||||||
|
|
||||||
|
for domain in domain_names:
|
||||||
|
le_call += ["-d", domain]
|
||||||
|
|
||||||
|
le_call += ["--default_root", WEB_ROOT]
|
||||||
|
|
||||||
|
p = Popen(le_call)
|
||||||
|
try:
|
||||||
|
p.wait(30)
|
||||||
|
except TimeoutExpired:
|
||||||
|
p.kill()
|
||||||
|
|
||||||
|
if p.returncode == 0:
|
||||||
|
print("renewed {}".format(domain_names[0]))
|
||||||
|
elif p.returncode == 1:
|
||||||
|
print("no renew needed for {}".format(domain_names[0]))
|
||||||
|
elif p.returncode == 2:
|
||||||
|
print("error updating {}1".format(domain_names[0]))
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
Loading…
Reference in New Issue