Remove extraneous deploy causing confusing log messages about not needing cert deployment.
When using -A, correctly show summary of deployed certs and restarted services
This commit is contained in:
parent
b7c4fec190
commit
fbf4daac7c
27
lehook.sh
27
lehook.sh
|
|
@ -157,7 +157,7 @@ function checkcert() {
|
||||||
else
|
else
|
||||||
rsum=$(echo "$rsum" | awk '{ print $1 }')
|
rsum=$(echo "$rsum" | awk '{ print $1 }')
|
||||||
if [[ $lsum == $rsum ]]; then
|
if [[ $lsum == $rsum ]]; then
|
||||||
[[ $quiet -ne 1 ]] && echo "Ok"
|
[[ $quiet -ne 1 ]] && echo "Ok [$rsum]"
|
||||||
else
|
else
|
||||||
[[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]"
|
[[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]"
|
||||||
rv=1
|
rv=1
|
||||||
|
|
@ -192,7 +192,7 @@ while getopts "$ARGS" i; do
|
||||||
|
|
||||||
c)
|
c)
|
||||||
cronmode=1
|
cronmode=1
|
||||||
recurseargs="$recurseargs -c"
|
recurseargs="$recurseargs -$i"
|
||||||
;;
|
;;
|
||||||
h)
|
h)
|
||||||
usage;
|
usage;
|
||||||
|
|
@ -289,6 +289,7 @@ function dodeploy() {
|
||||||
local nok nfail okservs failservs s
|
local nok nfail okservs failservs s
|
||||||
certdirs=""
|
certdirs=""
|
||||||
for d in $domains; do
|
for d in $domains; do
|
||||||
|
[[ $d == -* ]] && continue; # Just in case we somehow catch arguments
|
||||||
thisone=$certbase/$d
|
thisone=$certbase/$d
|
||||||
if [[ -d $thisone ]]; then
|
if [[ -d $thisone ]]; then
|
||||||
certdirs="$certdirs $thisone"
|
certdirs="$certdirs $thisone"
|
||||||
|
|
@ -325,7 +326,7 @@ function dodeploy() {
|
||||||
if [[ $force -eq 1 ]]; then
|
if [[ $force -eq 1 ]]; then
|
||||||
needupdate=1
|
needupdate=1
|
||||||
else
|
else
|
||||||
out "* Checking existing certs"
|
out "* Checking existing certs for $domain on $r"
|
||||||
needupdate=0
|
needupdate=0
|
||||||
checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1
|
checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1
|
||||||
if [[ $needupdate -eq 0 ]]; then
|
if [[ $needupdate -eq 0 ]]; then
|
||||||
|
|
@ -385,7 +386,7 @@ function dodeploy() {
|
||||||
fi
|
fi
|
||||||
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
|
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
|
||||||
if [[ ! -z $newcerts ]]; then
|
if [[ ! -z $newcerts ]]; then
|
||||||
echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted $okservs"
|
echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted${okservs}"
|
||||||
if [[ $nfail -ge 1 ]]; then
|
if [[ $nfail -ge 1 ]]; then
|
||||||
echo ", FAILED to restart $failservs)"
|
echo ", FAILED to restart $failservs)"
|
||||||
else
|
else
|
||||||
|
|
@ -487,12 +488,14 @@ if [[ $mode == "generate" ]]; then
|
||||||
elif [[ $mode == "renew" ]]; then
|
elif [[ $mode == "renew" ]]; then
|
||||||
rv=0
|
rv=0
|
||||||
extraargs=""
|
extraargs=""
|
||||||
|
deployargs=""
|
||||||
renewed=0
|
renewed=0
|
||||||
[[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal"
|
[[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal"
|
||||||
|
[[ $alsodeploy -eq 1 ]] && deployargs="--deploy-hook $DIR/lehook-deploy.sh"
|
||||||
cp -f /dev/null /tmp/lh-renew
|
cp -f /dev/null /tmp/lh-renew
|
||||||
for this in $domains; do
|
for this in $domains; do
|
||||||
[[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew
|
[[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew
|
||||||
res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew)
|
res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh $deployargs $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew)
|
||||||
rv=$((rv + $?))
|
rv=$((rv + $?))
|
||||||
[[ $verbose -eq 1 ]] && echo "$res"
|
[[ $verbose -eq 1 ]] && echo "$res"
|
||||||
if [[ "$res" =~ "not due for" ]]; then
|
if [[ "$res" =~ "not due for" ]]; then
|
||||||
|
|
@ -505,16 +508,22 @@ elif [[ $mode == "renew" ]]; then
|
||||||
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
|
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
|
||||||
exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //')
|
exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //')
|
||||||
echo "$this has been renewed. New expiry: $exp"
|
echo "$this has been renewed. New expiry: $exp"
|
||||||
|
|
||||||
|
if [[ $alsodeploy -eq 1 ]]; then
|
||||||
|
# Show which certs were deployed
|
||||||
|
grep "^Refreshed" <<< "$res" | sed 's/^Refreshed/Deployed/'
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
echo "Error renewing $this. Certbot output:"
|
echo "Error renewing $this. Certbot output:"
|
||||||
echo "$res"
|
echo "$res"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then
|
# Not required - depooy is done via --deploy-hook
|
||||||
dodeploy
|
#if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then
|
||||||
rv=$?
|
# dodeploy
|
||||||
fi
|
# rv=$?
|
||||||
|
#fi
|
||||||
elif [[ $mode == "test" ]]; then
|
elif [[ $mode == "test" ]]; then
|
||||||
nowdate="$(date +%s)"
|
nowdate="$(date +%s)"
|
||||||
echo "== Test mode."
|
echo "== Test mode."
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue