Files
azionelab-v2/certbot/renew.sh
T
2026-06-24 11:06:33 +02:00

78 lines
1.7 KiB
Bash

#!/bin/sh
set -eu
domain="${LETSENCRYPT_DOMAIN:-azionelab.org}"
email="${LETSENCRYPT_EMAIL:-}"
staging="${LETSENCRYPT_STAGING:-0}"
renew_interval="${LETSENCRYPT_RENEW_INTERVAL_SECONDS:-43200}"
retry_interval="${LETSENCRYPT_RETRY_SECONDS:-300}"
case "$domain" in
"" | *[!A-Za-z0-9.-]* | .* | *. | *..* | -* | *- | *.-* | *-.*)
echo "Invalid LETSENCRYPT_DOMAIN: $domain" >&2
exit 1
;;
esac
case "$domain" in
*.*) ;;
*)
echo "LETSENCRYPT_DOMAIN must be a fully qualified domain name." >&2
exit 1
;;
esac
if [ -z "$email" ]; then
echo "LETSENCRYPT_EMAIL is required when Let's Encrypt is enabled." >&2
exit 1
fi
case "$staging" in
0 | 1) ;;
*)
echo "LETSENCRYPT_STAGING must be 0 or 1." >&2
exit 1
;;
esac
case "$renew_interval:$retry_interval" in
*[!0-9:]* | :* | *:)
echo "Certbot intervals must be positive integers." >&2
exit 1
;;
esac
if [ "$renew_interval" -eq 0 ] || [ "$retry_interval" -eq 0 ]; then
echo "Certbot intervals must be positive integers." >&2
exit 1
fi
staging_argument=""
if [ "$staging" = "1" ]; then
staging_argument="--staging"
fi
trap 'exit 0' TERM INT
while :; do
if certbot certonly \
--webroot \
--webroot-path /var/www/certbot \
--preferred-challenges http \
--cert-name "$domain" \
--domain "$domain" \
--email "$email" \
--agree-tos \
--non-interactive \
--keep-until-expiring \
$staging_argument; then
delay="$renew_interval"
else
echo "Certificate request failed; retrying after ${retry_interval}s." >&2
delay="$retry_interval"
fi
sleep "$delay" &
wait $! || true
done