rob
/
lehook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove extraneous deploy causing confusing log messages about not needing cert deployment. 

When using -A, correctly show summary of deployed certs and restarted services
This commit is contained in:
Rob Pearce 2024-09-20 10:43:03 +10:00
parent b7c4fec190
commit fbf4daac7c
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lehook.sh
View File

@ -157,7 +157,7 @@ function checkcert() {
else
rsum=$(echo "$rsum" | awk '{ print $1 }')
if [[ $lsum == $rsum ]]; then
[[ $quiet -ne 1 ]] && echo "Ok"
[[ $quiet -ne 1 ]] && echo "Ok [$rsum]"
else
[[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]"
rv=1
@ -192,7 +192,7 @@ while getopts "$ARGS" i; do
c)
cronmode=1
recurseargs="$recurseargs -c"
recurseargs="$recurseargs -$i"
;;
h)
usage;
@ -289,6 +289,7 @@ function dodeploy() {
local nok nfail okservs failservs s
certdirs=""
for d in $domains; do
[[ $d == -* ]] && continue; # Just in case we somehow catch arguments
thisone=$certbase/$d
if [[ -d $thisone ]]; then
certdirs="$certdirs $thisone"
@ -325,7 +326,7 @@ function dodeploy() {
if [[ $force -eq 1 ]]; then
needupdate=1
else
out "* Checking existing certs"
out "* Checking existing certs for $domain on $r"
needupdate=0
checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1
if [[ $needupdate -eq 0 ]]; then
@ -385,7 +386,7 @@ function dodeploy() {
fi
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
if [[ ! -z $newcerts ]]; then
echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted $okservs"
echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted${okservs}"
if [[ $nfail -ge 1 ]]; then
echo ", FAILED to restart $failservs)"
else
@ -487,12 +488,14 @@ if [[ $mode == "generate" ]]; then
elif [[ $mode == "renew" ]]; then
rv=0
extraargs=""
deployargs=""
renewed=0
[[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal"
[[ $alsodeploy -eq 1 ]] && deployargs="--deploy-hook $DIR/lehook-deploy.sh"
cp -f /dev/null /tmp/lh-renew
for this in $domains; do
[[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew
res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew)
res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh $deployargs $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew)
rv=$((rv + $?))
[[ $verbose -eq 1 ]] && echo "$res"
if [[ "$res" =~ "not due for" ]]; then
@ -505,16 +508,22 @@ elif [[ $mode == "renew" ]]; then
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //')
echo "$this has been renewed. New expiry: $exp"
if [[ $alsodeploy -eq 1 ]]; then
# Show which certs were deployed
grep "^Refreshed" <<< "$res" | sed 's/^Refreshed/Deployed/'
fi
fi
else
echo "Error renewing $this. Certbot output:"
echo "$res"
fi
done
if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then
dodeploy
rv=$?
fi
# Not required - depooy is done via --deploy-hook
#if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then
# dodeploy
# rv=$?
#fi
elif [[ $mode == "test" ]]; then
nowdate="$(date +%s)"
echo "== Test mode."