diff options
| author | Jakob Odersky <jakob@odersky.com> | 2017-12-28 16:30:09 +0100 |
|---|---|---|
| committer | Jakob Odersky <jakob@odersky.com> | 2017-12-28 16:30:09 +0100 |
| commit | 45d552628be6a061257a7b3d39d3a34bb7d55190 (patch) | |
| tree | 6256993da7ce1ec129045c72e26224eb46a4ed78 | |
| parent | 8ccd06c71824d64c659170029b9c35cfed427223 (diff) | |
| download | nginx-letsencrypt-45d552628be6a061257a7b3d39d3a34bb7d55190.tar.gz nginx-letsencrypt-45d552628be6a061257a7b3d39d3a34bb7d55190.tar.bz2 nginx-letsencrypt-45d552628be6a061257a7b3d39d3a34bb7d55190.zip | |
Remove letsencryptdomains file: get domains from config
| -rw-r--r-- | letsencryptdomains | 8 | ||||
| -rwxr-xr-x | nginx-letsencrypt | 25 |
2 files changed, 18 insertions, 15 deletions
diff --git a/letsencryptdomains b/letsencryptdomains deleted file mode 100644 index 71a63ba..0000000 --- a/letsencryptdomains +++ /dev/null @@ -1,8 +0,0 @@ -# Virtual hosts for which SSL certificates will be issued. One fully -# qualified host name per line. Lines starting with # are ignored. -# -# Be sure to 'include letsencrypt' in any server blocks that enable -# https. -# -# Example line: -#www.example.org diff --git a/nginx-letsencrypt b/nginx-letsencrypt index 5db460a..9c598ff 100755 --- a/nginx-letsencrypt +++ b/nginx-letsencrypt @@ -1,8 +1,9 @@ -#!/bin/sh +#!/bin/bash # Obtain or renew certificates from letsencrypt, to be used with nginx # webroot verification. # -# Domains to be certified are defined in /etc/nginx/domains. +# A certificate will be issued for all server names defined in server +# blocks that contain 'include letsencrypt'. # # The pre-hook is used to remove snakeoil certificates that are # required to bootstrap nginx configurations (nginx fails to start @@ -10,16 +11,26 @@ # not overwrite foreign certificates, as described in this issue # https://github.com/certbot/certbot/issues/3396 set -o exiterr -set -o unset +# TODO: make email configurable email="jakob@odersky.com" -extra_flags="" +extra_flags=() if [ "$1" = --test ]; then - extra_flags="--test-cert" + extra_flags+=("--test-cert") fi -certbot certonly $extra_flags \ +sites_enabled=($( + find /etc/nginx/sites-enabled/ \ + -not -type d -exec \ + grep -q -e '^[[:space:]]*[^#][[:space:]]*include letsencrypt' {} \; \ + -print)) +host_lines=$(sed -n \ + 's/^[[:space:]]*[^#][[:space:]]*server_name \([^_].*\);/\1/p' \ + "${sites_enabled[@]}") +hosts=$(echo "${host_lines[@]}" | tr "[:space:]" ",") + +certbot certonly "${extra_flags[@]}" \ --noninteractive \ --agree-tos \ --email "$email" \ @@ -27,4 +38,4 @@ certbot certonly $extra_flags \ --webroot --webroot-path /var/www/letsencrypt \ --pre-hook "sh -c '(openssl x509 -in /etc/letsencrypt/live/nginx/fullchain.pem -noout -text) | grep --quiet letsencrypt || rm -r /etc/letsencrypt/live/nginx'" \ --post-hook "systemctl reload nginx" \ - -d "$(grep "^[^#;]" /etc/nginx/letsencryptdomains | paste --delimiter=, --serial)" + -d "$hosts" |