rob
/
lehook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove extraneous deploy causing confusing log messages about not needing cert deployment. 

When using -A, correctly show summary of deployed certs and restarted services
This commit is contained in:
Rob Pearce 2024-09-20 10:43:03 +10:00
parent b7c4fec190
commit fbf4daac7c
1 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lehook.sh
View File

@ -157,7 +157,7 @@ function checkcert() {
else else
rsum=$(echo "$rsum" | awk '{ print $1 }') rsum=$(echo "$rsum" | awk '{ print $1 }')
if [[ $lsum == $rsum ]]; then if [[ $lsum == $rsum ]]; then
[[ $quiet -ne 1 ]] && echo "Ok" [[ $quiet -ne 1 ]] && echo "Ok [$rsum]"
else else
[[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]" [[ $quiet -ne 1 ]] && echo "Needs updating [$lsum vs $rsum]"
rv=1 rv=1
@ -192,7 +192,7 @@ while getopts "$ARGS" i; do
c) c)
cronmode=1 cronmode=1
recurseargs="$recurseargs -c" recurseargs="$recurseargs -$i"
;; ;;
h) h)
usage; usage;
@ -289,6 +289,7 @@ function dodeploy() {
local nok nfail okservs failservs s local nok nfail okservs failservs s
certdirs="" certdirs=""
for d in $domains; do for d in $domains; do
[[ $d == -* ]] && continue; # Just in case we somehow catch arguments
thisone=$certbase/$d thisone=$certbase/$d
if [[ -d $thisone ]]; then if [[ -d $thisone ]]; then
certdirs="$certdirs $thisone" certdirs="$certdirs $thisone"
@ -325,7 +326,7 @@ function dodeploy() {
if [[ $force -eq 1 ]]; then if [[ $force -eq 1 ]]; then
needupdate=1 needupdate=1
else else
out "* Checking existing certs" out "* Checking existing certs for $domain on $r"
needupdate=0 needupdate=0
checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1 checkcert "Certificate" $r $local_cert_sum $dest_cert/fullchain.pem || needupdate=1
if [[ $needupdate -eq 0 ]]; then if [[ $needupdate -eq 0 ]]; then
@ -385,7 +386,7 @@ function dodeploy() {
fi fi
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
if [[ ! -z $newcerts ]]; then if [[ ! -z $newcerts ]]; then
echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted $okservs" echo -n "Refreshed these SSL certs on '$r': $newcerts (restarted${okservs}"
if [[ $nfail -ge 1 ]]; then if [[ $nfail -ge 1 ]]; then
echo ", FAILED to restart $failservs)" echo ", FAILED to restart $failservs)"
else else
@ -487,12 +488,14 @@ if [[ $mode == "generate" ]]; then
elif [[ $mode == "renew" ]]; then elif [[ $mode == "renew" ]]; then
rv=0 rv=0
extraargs="" extraargs=""
deployargs=""
renewed=0 renewed=0
[[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal" [[ $force -eq 1 ]] && extraargs="$extraargs --force-renewal"
[[ $alsodeploy -eq 1 ]] && deployargs="--deploy-hook $DIR/lehook-deploy.sh"
cp -f /dev/null /tmp/lh-renew cp -f /dev/null /tmp/lh-renew
for this in $domains; do for this in $domains; do
[[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew [[ $verbose -eq 1 ]] && echo "Will run: certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1" | tee -a /tmp/lh-renew
res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh --deploy-hook $DIR/lehook-deploy.sh $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew) res=$(certbot renew -n --manual --preferred-challenges=dns --email $email --agree-tos --manual-auth-hook $DIR/lehook-pre.sh --manual-cleanup-hook $DIR/lehook-post.sh $deployargs $extraargs --cert-name ${this} 2>&1 | tee -a /tmp/lh-renew)
rv=$((rv + $?)) rv=$((rv + $?))
[[ $verbose -eq 1 ]] && echo "$res" [[ $verbose -eq 1 ]] && echo "$res"
if [[ "$res" =~ "not due for" ]]; then if [[ "$res" =~ "not due for" ]]; then
@ -505,16 +508,22 @@ elif [[ $mode == "renew" ]]; then
if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then if [[ $quiet -eq 0 || $cronmode -eq 1 ]]; then
exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //') exp=$(certbot certificates --cert-name $this 2>&1 | grep Expiry | sed -e 's/^.*Date: //')
echo "$this has been renewed. New expiry: $exp" echo "$this has been renewed. New expiry: $exp"
if [[ $alsodeploy -eq 1 ]]; then
# Show which certs were deployed
grep "^Refreshed" <<< "$res" | sed 's/^Refreshed/Deployed/'
fi
fi fi
else else
echo "Error renewing $this. Certbot output:" echo "Error renewing $this. Certbot output:"
echo "$res" echo "$res"
fi fi
done done
if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then # Not required - depooy is done via --deploy-hook
dodeploy #if [[ $rv -eq 0 && $alsodeploy -eq 1 && $renewed -gt 0 ]]; then
rv=$? # dodeploy
fi # rv=$?
#fi
elif [[ $mode == "test" ]]; then elif [[ $mode == "test" ]]; then
nowdate="$(date +%s)" nowdate="$(date +%s)"
echo "== Test mode." echo "== Test mode."