|
@@ -14,29 +14,30 @@ if [[ $DISABLE_HTTPS -ne 1 ]]; then
|
|
|
pushd /opt
|
|
pushd /opt
|
|
|
sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
|
|
sh ./acme.sh --install --home /config/acme.sh --accountemail $LETSENCRYPT_EMAIL
|
|
|
popd
|
|
popd
|
|
|
- if [[ ! -f /config/acme-certs/$LETSENCRYPT_DOMAIN/fullchain.pem ]]; then
|
|
|
|
|
- STAGING=""
|
|
|
|
|
- if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
|
|
|
|
|
- STAGING="--staging"
|
|
|
|
|
- fi
|
|
|
|
|
- export LE_WORKING_DIR="/config/acme.sh"
|
|
|
|
|
- # TODO: move away from standalone mode to webroot mode.
|
|
|
|
|
- /config/acme.sh/acme.sh \
|
|
|
|
|
- $STAGING \
|
|
|
|
|
- --issue \
|
|
|
|
|
- --standalone \
|
|
|
|
|
- --pre-hook "if [[ -f /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi" \
|
|
|
|
|
- --post-hook "if [[ -f /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi" \
|
|
|
|
|
- -d $LETSENCRYPT_DOMAIN
|
|
|
|
|
- rc=$?
|
|
|
|
|
- if [[ $rc -eq 1 ]]; then
|
|
|
|
|
- echo "Failed to obtain a certificate from the Let's Encrypt CA."
|
|
|
|
|
- # this tries to get the user's attention and to spare the
|
|
|
|
|
- # authority's rate limit:
|
|
|
|
|
- sleep 15
|
|
|
|
|
- echo "Exiting."
|
|
|
|
|
- exit 1
|
|
|
|
|
- fi
|
|
|
|
|
|
|
+
|
|
|
|
|
+ STAGING=""
|
|
|
|
|
+ if [[ $LETSENCRYPT_USE_STAGING -eq 1 ]]; then
|
|
|
|
|
+ STAGING="--staging"
|
|
|
|
|
+ fi
|
|
|
|
|
+ export LE_WORKING_DIR="/config/acme.sh"
|
|
|
|
|
+ # TODO: move away from standalone mode to webroot mode.
|
|
|
|
|
+ /config/acme.sh/acme.sh \
|
|
|
|
|
+ $STAGING \
|
|
|
|
|
+ --issue \
|
|
|
|
|
+ --standalone \
|
|
|
|
|
+ --pre-hook "if [[ -f /var/run/s6/services/nginx ]]; then s6-svc -d /var/run/s6/services/nginx; fi" \
|
|
|
|
|
+ --post-hook "if [[ -f /var/run/s6/services/nginx ]]; then s6-svc -u /var/run/s6/services/nginx; fi" \
|
|
|
|
|
+ -d $LETSENCRYPT_DOMAIN
|
|
|
|
|
+ rc=$?
|
|
|
|
|
+ if [[ $rc -eq 1 ]]; then
|
|
|
|
|
+ echo "Failed to obtain a certificate from the Let's Encrypt CA."
|
|
|
|
|
+ # this tries to get the user's attention and to spare the
|
|
|
|
|
+ # authority's rate limit:
|
|
|
|
|
+ sleep 15
|
|
|
|
|
+ echo "Exiting."
|
|
|
|
|
+ exit 1
|
|
|
|
|
+ fi
|
|
|
|
|
+ if [[ $rc -eq 0 ]]; then
|
|
|
mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
|
|
mkdir -p /config/acme-certs/$LETSENCRYPT_DOMAIN
|
|
|
if ! /config/acme.sh/acme.sh \
|
|
if ! /config/acme.sh/acme.sh \
|
|
|
--install-cert -d $LETSENCRYPT_DOMAIN \
|
|
--install-cert -d $LETSENCRYPT_DOMAIN \
|
Saúl Ibarra Corretgé