forked from Yannik/qnap-letsencrypt
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrenew_certificate.sh
executable file
·61 lines (50 loc) · 2.72 KB
/
renew_certificate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash
set -o errexit
trap cleanup ERR
cleanup() {
echo "An error occured. Restoring system state."
[ -n "$pid" ] && kill -9 $pid
rm -rf tmp-webroot
/etc/init.d/stunnel.sh start
/etc/init.d/Qthttpd.sh start
}
# do nothing if certificate is valid for more than 30 days (30*24*60*60)
echo "Checking whether to renew certificate on $(date -R)"
[ -s letsencrypt/signed.crt ] && openssl x509 -noout -in letsencrypt/signed.crt -checkend 2592000 && exit
if python -c "import SimpleHTTPServer" 2> /dev/null; then
PYTHON=python
elif "$(/sbin/getcfg Python Install_Path -f /etc/config/qpkg.conf)/bin/python2" -c "import SimpleHTTPServer" 2> /dev/null; then
PYTHON="$(/sbin/getcfg Python Install_Path -f /etc/config/qpkg.conf)/bin/python2"
elif "$(/sbin/getcfg Python Install_Path -f /etc/config/qpkg.conf)/src/bin/python2" -c "import SimpleHTTPServer" 2> /dev/null; then
PYTHON="$(/sbin/getcfg Python Install_Path -f /etc/config/qpkg.conf)/src/bin/python2"
elif "$(/sbin/getcfg Python3 Install_Path -f /etc/config/qpkg.conf)/python3/bin/python3" -c "import http.server" 2> /dev/null; then
PYTHON="$(/sbin/getcfg Python3 Install_Path -f /etc/config/qpkg.conf)/python3/bin/python3"
elif "$(/sbin/getcfg Entware Install_Path -f /etc/config/qpkg.conf)/bin/python" -c "import SimpleHTTPServer" 2> /dev/null; then
PYTHON="$(/sbin/getcfg Entware Install_Path -f /etc/config/qpkg.conf)/bin/python"
elif "$(/sbin/getcfg Entware Install_Path -f /etc/config/qpkg.conf)/bin/python3" -c "import http.server" 2> /dev/null; then
PYTHON="$(/sbin/getcfg Entware Install_Path -f /etc/config/qpkg.conf)/bin/python3"
else
echo "Error: You need to install the python 2.7 or 3.5 qpkg!"
exit 1
fi
echo "Renewing certificate..."
echo "Stopping Qthttpd hogging port 80.."
/etc/init.d/Qthttpd.sh stop
mkdir -p tmp-webroot/.well-known/acme-challenge
cd tmp-webroot
"$PYTHON" ../HTTPServer.py &
pid=$!
cd ..
echo "Started python HTTP server with pid $pid"
export SSL_CERT_FILE=cacert.pem
"$PYTHON" acme-tiny/acme_tiny.py --account-key letsencrypt/account.key --csr letsencrypt/domain.csr --acme-dir tmp-webroot/.well-known/acme-challenge > letsencrypt/signed.crt.tmp
mv letsencrypt/signed.crt.tmp letsencrypt/signed.crt
echo "Downloading intermediate certificate..."
wget --no-verbose -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > letsencrypt/intermediate.pem
cat letsencrypt/signed.crt letsencrypt/intermediate.pem > letsencrypt/chained.pem
echo "Stopping stunnel and setting new stunnel certificates..."
/etc/init.d/stunnel.sh stop
cat letsencrypt/keys/domain.key letsencrypt/chained.pem > /etc/stunnel/stunnel.pem
cp letsencrypt/intermediate.pem /etc/stunnel/uca.pem
echo "Done! Service startup and cleanup will follow now..."
cleanup