traefik_export_certs.sh
· 1.6 KiB · Bash
Исходник
#!/bin/bash
SAN="${1}"
ACME_FILE="${2}"
TMP_DIR="$(mktemp -d /tmp/XXXXXXX)"
trap 'rm -rf -- "${TMP_DIR}"' EXIT
if [ ! -f "${ACME_FILE}" ] || [ -z "${ACME_FILE}" ] ; then
echo "error: acme file (${ACME_FILE}) missing"
exit
fi
jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .certificate' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.pem"
jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .key' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.key"
# Check if new key and cert files exists
if [ -f "${TMP_DIR}/${SAN}.pem" ] && [ -f "${TMP_DIR}/${SAN}.key" ]; then
# Check if new key and cert files are not empty
if [ -s "${TMP_DIR}/${SAN}.pem" ] && [ -s "${TMP_DIR}/${SAN}.key" ]; then
# Check if old certs/keys exists
if [ -f "/etc/ssl/certs/${SAN}.pem" ] && [ -f "/etc/ssl/private/${SAN}.key" ]; then
# Check if old and new certs/keys are different
if [ "$(md5sum "/etc/ssl/private/${SAN}.key" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.key" | cut -d ' ' -f 1)" ] || [ "$(md5sum "/etc/ssl/certs/${SAN}.pem" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.pem" | cut -d ' ' -f 1)" ]; then
# backup key
if [ -f "/etc/ssl/private/${SAN}.key" ]; then
mv "/etc/ssl/private/${SAN}.key" "/etc/ssl/private/${SAN}.key.old"
fi
# backup cert
if [ -f "/etc/ssl/certs/${SAN}.pem" ]; then
mv "/etc/ssl/certs/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem.old"
fi
else
exit 0
fi
fi
# copy key
cp "${TMP_DIR}/${SAN}.key" "/etc/ssl/private/${SAN}.key"
# copy cert
cp "${TMP_DIR}/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem"
else
exit
fi
else
exit
fi
| 1 | #!/bin/bash |
| 2 | |
| 3 | SAN="${1}" |
| 4 | ACME_FILE="${2}" |
| 5 | TMP_DIR="$(mktemp -d /tmp/XXXXXXX)" |
| 6 | trap 'rm -rf -- "${TMP_DIR}"' EXIT |
| 7 | |
| 8 | if [ ! -f "${ACME_FILE}" ] || [ -z "${ACME_FILE}" ] ; then |
| 9 | echo "error: acme file (${ACME_FILE}) missing" |
| 10 | exit |
| 11 | fi |
| 12 | |
| 13 | jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .certificate' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.pem" |
| 14 | jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .key' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.key" |
| 15 | |
| 16 | # Check if new key and cert files exists |
| 17 | if [ -f "${TMP_DIR}/${SAN}.pem" ] && [ -f "${TMP_DIR}/${SAN}.key" ]; then |
| 18 | # Check if new key and cert files are not empty |
| 19 | if [ -s "${TMP_DIR}/${SAN}.pem" ] && [ -s "${TMP_DIR}/${SAN}.key" ]; then |
| 20 | # Check if old certs/keys exists |
| 21 | if [ -f "/etc/ssl/certs/${SAN}.pem" ] && [ -f "/etc/ssl/private/${SAN}.key" ]; then |
| 22 | # Check if old and new certs/keys are different |
| 23 | if [ "$(md5sum "/etc/ssl/private/${SAN}.key" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.key" | cut -d ' ' -f 1)" ] || [ "$(md5sum "/etc/ssl/certs/${SAN}.pem" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.pem" | cut -d ' ' -f 1)" ]; then |
| 24 | # backup key |
| 25 | if [ -f "/etc/ssl/private/${SAN}.key" ]; then |
| 26 | mv "/etc/ssl/private/${SAN}.key" "/etc/ssl/private/${SAN}.key.old" |
| 27 | fi |
| 28 | # backup cert |
| 29 | if [ -f "/etc/ssl/certs/${SAN}.pem" ]; then |
| 30 | mv "/etc/ssl/certs/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem.old" |
| 31 | fi |
| 32 | else |
| 33 | exit 0 |
| 34 | fi |
| 35 | fi |
| 36 | # copy key |
| 37 | cp "${TMP_DIR}/${SAN}.key" "/etc/ssl/private/${SAN}.key" |
| 38 | # copy cert |
| 39 | cp "${TMP_DIR}/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem" |
| 40 | else |
| 41 | exit |
| 42 | fi |
| 43 | else |
| 44 | exit |
| 45 | fi |
| 46 |