containerized ACME client
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 

59 lines
1.4 KiB

  1. #!/usr/bin/env python3
  2. from subprocess import Popen, TimeoutExpired
  3. import os
  4. OUTPUT_DIR = "/srv/acme/certs/"
  5. CONF_DIR = "/srv/acme/conf/"
  6. WEB_ROOT = "/srv/acme/webroot/"
  7. def main():
  8. for name in os.listdir(CONF_DIR):
  9. domain_dir = os.path.join(CONF_DIR, name)
  10. with open(os.path.join(domain_dir, "email")) as f:
  11. email = f.read().strip()
  12. with open(os.path.join(domain_dir, "aliases")) as f:
  13. aliases = [i.strip() for i in f.read().strip().split()]
  14. output_dir = os.path.join(OUTPUT_DIR, name)
  15. os.makedirs(output_dir, exist_ok=True)
  16. os.chdir(output_dir)
  17. call_le(email, aliases)
  18. def call_le(email, domain_names):
  19. assert domain_names
  20. le_call = ["simp_le",
  21. "--email", email,
  22. "-f", "account_key.json",
  23. "-f", "fullchain.pem",
  24. "-f", "key.pem",
  25. "-f", "account_reg.json"]
  26. for domain in domain_names:
  27. le_call += ["-d", domain]
  28. le_call += ["--default_root", WEB_ROOT]
  29. p = Popen(le_call)
  30. try:
  31. p.wait(30)
  32. except TimeoutExpired:
  33. p.kill()
  34. if p.returncode == 0:
  35. print("renewed {}".format(domain_names[0]))
  36. elif p.returncode == 1:
  37. print("no renew needed for {}".format(domain_names[0]))
  38. elif p.returncode == 2:
  39. print("error updating {}1".format(domain_names[0]))
  40. return p.returncode
  41. if __name__ == '__main__':
  42. main()