bundles/letsencrypt: generate a dummy certificate, if no certificate already exists
This commit is contained in:
parent
014b6029c5
commit
228786f6aa
GPG key ID:
12E3D2136B818350
3 changed files with 45 additions and 5 deletions
|
|
@ -0,0 +1,29 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
domain=$1
|
||||||
|
just_check=$2
|
||||||
|
|
||||||
|
cert_path="/var/lib/dehydrated/certs/$domain"
|
||||||
|
|
||||||
|
already_exists=false
|
||||||
|
if [ -f "$cert_path/privkey.pem" -a -f "$cert_path/fullchain.pem" ]
|
||||||
|
then
|
||||||
|
already_exists=true
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$just_check" = true ]
|
||||||
|
then
|
||||||
|
if [ "$already_exists" = true ]
|
||||||
|
then
|
||||||
|
exit 0
|
||||||
|
else
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$already_exists" != true ]
|
||||||
|
then
|
||||||
|
openssl req -x509 -newkey rsa:4096 -nodes -days 3650 -subj "/CN=$domain" -keyout "$cert_path/privkey.pem" -out "$cert_path/fullchain.pem"
|
||||||
|
chmod 0600 "$cert_path/privkey.pem"
|
||||||
|
cp "$pubkey" "$cert_path/chain.pem"
|
||||||
|
fi
|
||||||
|
|
@ -9,15 +9,23 @@ actions = {
|
||||||
'command': 'dehydrated --cron --accept-terms --challenge http-01',
|
'command': 'dehydrated --cron --accept-terms --challenge http-01',
|
||||||
'triggered': True,
|
'triggered': True,
|
||||||
'needs': {
|
'needs': {
|
||||||
'pkg_apt:dehydrated',
|
|
||||||
'pkg_apt:nginx',
|
|
||||||
},
|
|
||||||
'needed_by': {
|
|
||||||
'svc_systemd:nginx',
|
'svc_systemd:nginx',
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for domain, _ in node.metadata.get('letsencrypt/domains').items():
|
||||||
|
actions['letsencrypt_ensure-some-certificate_{}'.format(domain)] = {
|
||||||
|
'command': '/etc/dehydrated/letsencrypt-ensure-some-certificate {}'.format(domain),
|
||||||
|
'unless': '/etc/dehydrated/letsencrypt-ensure-some-certificate {} true'.format(domain),
|
||||||
|
'needs': {
|
||||||
|
'file:/etc/dehydrated/letsencrypt-ensure-some-certificate',
|
||||||
|
},
|
||||||
|
'needed_by': {
|
||||||
|
'svc_systemd:nginx',
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
files = {
|
files = {
|
||||||
'/etc/dehydrated/domains.txt': {
|
'/etc/dehydrated/domains.txt': {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
|
|
@ -34,4 +42,7 @@ files = {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
'mode': '0755',
|
'mode': '0755',
|
||||||
},
|
},
|
||||||
|
'/etc/dehydrated/letsencrypt-ensure-some-certificate': {
|
||||||
|
'mode': '0755',
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -89,4 +89,4 @@ for vhost, config in node.metadata.get('nginx/vhosts', {}).items():
|
||||||
directories['/var/www/{}'.format(vhost)].update(config.get('webroot_config', {}))
|
directories['/var/www/{}'.format(vhost)].update(config.get('webroot_config', {}))
|
||||||
|
|
||||||
if node.metadata['nginx']['use_ssl_for_all_connections']:
|
if node.metadata['nginx']['use_ssl_for_all_connections']:
|
||||||
files['/etc/nginx/sites/{}'.format(vhost)]['needs'].add('action:letsencrypt_update_certificates')
|
files['/etc/nginx/sites/{}'.format(vhost)]['needs'].add('action:letsencrypt_ensure-some-certificate_{}'.format(config['domain']))
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue