update

2022-04-18 11:21:20 +08:00
commit 45a7af638f
210 changed files with 8997 additions and 0 deletions
--- a/letsencrypt/ADD/ccmd
+++ b/letsencrypt/ADD/ccmd
@@ -0,0 +1,79 @@
+#!/bin/bash
+
+##################################################
+# Mount dir                                      #
+# - /etc/letsencrypt                             #
+# - /var/log/letsencrypt                         #
+# ENV                                            #
+# - DOMAINS                                      #
+##################################################
+
+set -euo pipefail
+export LANG=en_US.UTF-8
+trap Quit EXIT
+
+GOT_SIGTERM=
+
+function Print {
+    local file=/dev/null
+    [ '-f' = "$1" ] && file=$2 && shift && shift
+    date +"[%F %T] $*" | tee -a $file
+}
+
+function Quit {
+    while :; do
+        pkill -f python && Print killing python ... || break
+        sleep 1
+    done
+    Print Container stopped.
+    test -n "$GOT_SIGTERM"
+}
+
+function Usage {
+    Print 'This container should run with
+    **host network**
+    **env DOMAINS**
+    **/etc/letsencrypt and /var/log/letsencrypt mounted from host**
+    '
+}
+
+function StartProc {
+    if [ ! -e /etc/letsencrypt/accounts ]; then
+        Print Register ...
+        certbot register --register-unsafely-without-email --agree-tos
+        if echo "$DOMAINS" | grep -qo '^*'; then
+            Print Request wildcard certificate ...
+            certbot certonly -q --manual \
+                --manual-auth-hook /etc/letsencrypt/manual-hook.sh \
+                -d "$DOMAINS" --preferred-challenges dns \
+                --server https://acme-v02.api.letsencrypt.org/directory
+        else
+            Print Request certificate ...
+            certbot certonly -q -n --standalone -d $DOMAINS
+        fi
+        Print Generate dhparam.pem ...
+        openssl dhparam -out /etc/letsencrypt/dhparam.pem 2048 \
+            &>/var/log/letsencrypt/dhparam.out
+    else
+        if echo "$DOMAINS" | grep -qo '^*'; then
+            Print Renew wildcard certificate ...
+            certbot certonly --force-renewal -q --manual \
+                --manual-auth-hook /etc/letsencrypt/manual-hook.sh \
+                -d "$DOMAINS" --preferred-challenges dns \
+                --server https://acme-v02.api.letsencrypt.org/directory
+        else
+            Print Renew certificate ...
+            certbot renew -q --force-renewal
+        fi
+    fi
+}
+
+function Main {
+    Usage
+    trap "GOT_SIGTERM=1; Print Got SIGTERM ..." SIGTERM
+    StartProc
+}
+
+# Start here
+Main
+