Compare commits
No commits in common. "main" and "dev" have entirely different histories.
2 changed files with 14 additions and 35 deletions
|
|
@ -87,12 +87,6 @@ Use the `--disable-pem` to only fetch the .key and .crt:
|
||||||
./certman.sh --disable-pem
|
./certman.sh --disable-pem
|
||||||
```
|
```
|
||||||
|
|
||||||
### Restart service instead of Reload
|
|
||||||
Some services do not support at soft restart (reload). use `--restart` to force this option insted of the default reload.
|
|
||||||
```bash
|
|
||||||
./certman.sh --restart
|
|
||||||
```
|
|
||||||
|
|
||||||
## Environment Variables
|
## Environment Variables
|
||||||
|
|
||||||
| Variable | Description | Required |
|
| Variable | Description | Required |
|
||||||
|
|
@ -103,7 +97,6 @@ Some services do not support at soft restart (reload). use `--restart` to force
|
||||||
| TEMP_PATH | Temporary directory for downloads | Yes |
|
| TEMP_PATH | Temporary directory for downloads | Yes |
|
||||||
| FULLCHAIN_PEM | Enabled by default | No |
|
| FULLCHAIN_PEM | Enabled by default | No |
|
||||||
| SERVICE_NAME | Service to reload after certificate updates | Yes |
|
| SERVICE_NAME | Service to reload after certificate updates | Yes |
|
||||||
| SERIVCE_SUPPORTS | Reload or restart? Reload is the default | No |
|
|
||||||
| CERT_OWNER | User owner for certificate files | Yes |
|
| CERT_OWNER | User owner for certificate files | Yes |
|
||||||
| CERT_GROUP | Group owner for certificate files | Yes |
|
| CERT_GROUP | Group owner for certificate files | Yes |
|
||||||
| CERT_PERMISSIONS | Certificate file permissions | Yes |
|
| CERT_PERMISSIONS | Certificate file permissions | Yes |
|
||||||
|
|
|
||||||
22
certman.sh
22
certman.sh
|
|
@ -26,7 +26,6 @@ load_env || exit 1
|
||||||
|
|
||||||
AUTO_MODE="false"
|
AUTO_MODE="false"
|
||||||
FORCE_UPDATE="false"
|
FORCE_UPDATE="false"
|
||||||
SERVICE_SUPPORTS="${SERVICE_SUPPORTS:-reload}"
|
|
||||||
FULLCHAIN_PEM="${FULLCHAIN_PEM:-true}"
|
FULLCHAIN_PEM="${FULLCHAIN_PEM:-true}"
|
||||||
|
|
||||||
while [[ $# -gt 0 ]]; do
|
while [[ $# -gt 0 ]]; do
|
||||||
|
|
@ -43,10 +42,6 @@ while [[ $# -gt 0 ]]; do
|
||||||
FULLCHAIN_PEM="false"
|
FULLCHAIN_PEM="false"
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
--restart)
|
|
||||||
SERVICE_SUPPORTS="restart"
|
|
||||||
shift
|
|
||||||
;;
|
|
||||||
*)
|
*)
|
||||||
shift
|
shift
|
||||||
;;
|
;;
|
||||||
|
|
@ -94,6 +89,7 @@ download_and_verify_cert() {
|
||||||
local temp_key="$TEMP_DIR/$domain.key"
|
local temp_key="$TEMP_DIR/$domain.key"
|
||||||
local temp_pem="$TEMP_DIR/$domain.pem"
|
local temp_pem="$TEMP_DIR/$domain.pem"
|
||||||
|
|
||||||
|
|
||||||
echo -e "${BLUE}Processing certificate for $domain${NC}"
|
echo -e "${BLUE}Processing certificate for $domain${NC}"
|
||||||
|
|
||||||
# Download certificate
|
# Download certificate
|
||||||
|
|
@ -163,7 +159,7 @@ install_certificate() {
|
||||||
if [ "$FORCE_UPDATE" = "true" ]; then
|
if [ "$FORCE_UPDATE" = "true" ]; then
|
||||||
needs_reload=1
|
needs_reload=1
|
||||||
elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_pem" ]; then
|
elif [ "$FULLCHAIN_PEM" = "true" ] && [ -f "$final_pem" ]; then
|
||||||
if ! cmp -s "$final_pem" "$temp_pem"; then
|
if ! cmp -s "$final_pem" "$temp_cert_pem"; then
|
||||||
needs_reload=1
|
needs_reload=1
|
||||||
fi
|
fi
|
||||||
elif [ -f "$final_cert" ]; then
|
elif [ -f "$final_cert" ]; then
|
||||||
|
|
@ -182,13 +178,13 @@ install_certificate() {
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
local files=("$final_pem")
|
local files=("$final_pem")
|
||||||
fi
|
else
|
||||||
|
|
||||||
if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
|
if ! cp -f "$temp_cert" "$final_cert" || ! cp -f "$temp_key" "$final_key"; then
|
||||||
echo -e "${RED}Failed to install certificate files for $domain${NC}"
|
echo -e "${RED}Failed to install certificate files for $domain${NC}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
local files=("$final_cert" "$final_key")
|
local files=("$final_cert" "$final_key")
|
||||||
|
fi
|
||||||
|
|
||||||
# Set permissions and ownership
|
# Set permissions and ownership
|
||||||
for file in "${files[@]}"; do
|
for file in "${files[@]}"; do
|
||||||
|
|
@ -227,7 +223,6 @@ process_certificates() {
|
||||||
|
|
||||||
# Reload service if needed
|
# Reload service if needed
|
||||||
if [ $service_reloaded -eq 1 ]; then
|
if [ $service_reloaded -eq 1 ]; then
|
||||||
if [[ $SERVICE_SUPPORTS = reload ]]; then
|
|
||||||
echo -e "${BLUE}Reloading $SERVICE_NAME service...${NC}"
|
echo -e "${BLUE}Reloading $SERVICE_NAME service...${NC}"
|
||||||
if systemctl reload "$SERVICE_NAME"; then
|
if systemctl reload "$SERVICE_NAME"; then
|
||||||
echo -e "${GREEN}Service reloaded successfully${NC}"
|
echo -e "${GREEN}Service reloaded successfully${NC}"
|
||||||
|
|
@ -235,15 +230,6 @@ process_certificates() {
|
||||||
echo -e "${RED}Failed to reload service${NC}"
|
echo -e "${RED}Failed to reload service${NC}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
elif [[ $SERVICE_SUPPORTS = restart ]]; then
|
|
||||||
echo -e "${BLUE}Restarting $SERVICE_NAME service...${NC}"
|
|
||||||
if systemctl restart "$SERVICE_NAME"; then
|
|
||||||
echo -e "${GREEN}Service restarted successfully${NC}"
|
|
||||||
else
|
|
||||||
echo -e "${RED}Failed to restart service${NC}"
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue