Jan Wagner revised this gist 2 years ago. Go to revision
1 file changed, 2 insertions, 2 deletions
traefik_export_certs.sh
| @@ -30,7 +30,7 @@ if [ -f "${TMP_DIR}/${SAN}.pem" ] && [ -f "${TMP_DIR}/${SAN}.key" ]; then | |||
| 30 | 30 | mv "/etc/ssl/certs/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem.old" | |
| 31 | 31 | fi | |
| 32 | 32 | else | |
| 33 | - | exit | |
| 33 | + | exit 0 | |
| 34 | 34 | fi | |
| 35 | 35 | fi | |
| 36 | 36 | # copy key | |
| @@ -42,4 +42,4 @@ if [ -f "${TMP_DIR}/${SAN}.pem" ] && [ -f "${TMP_DIR}/${SAN}.key" ]; then | |||
| 42 | 42 | fi | |
| 43 | 43 | else | |
| 44 | 44 | exit | |
| 45 | - | fi | |
| 45 | + | fi | |
waja revised this gist 2 years ago. Go to revision
1 file changed, 45 insertions
traefik_export_certs.sh(file created)
| @@ -0,0 +1,45 @@ | |||
| 1 | + | #!/bin/bash | |
| 2 | + | ||
| 3 | + | SAN="${1}" | |
| 4 | + | ACME_FILE="${2}" | |
| 5 | + | TMP_DIR="$(mktemp -d /tmp/XXXXXXX)" | |
| 6 | + | trap 'rm -rf -- "${TMP_DIR}"' EXIT | |
| 7 | + | ||
| 8 | + | if [ ! -f "${ACME_FILE}" ] || [ -z "${ACME_FILE}" ] ; then | |
| 9 | + | echo "error: acme file (${ACME_FILE}) missing" | |
| 10 | + | exit | |
| 11 | + | fi | |
| 12 | + | ||
| 13 | + | jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .certificate' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.pem" | |
| 14 | + | jq -r '.[].Certificates[] | select(.domain.main == "'"${SAN}"'") | .key' "${ACME_FILE}" | base64 -d > "${TMP_DIR}/${SAN}.key" | |
| 15 | + | ||
| 16 | + | # Check if new key and cert files exists | |
| 17 | + | if [ -f "${TMP_DIR}/${SAN}.pem" ] && [ -f "${TMP_DIR}/${SAN}.key" ]; then | |
| 18 | + | # Check if new key and cert files are not empty | |
| 19 | + | if [ -s "${TMP_DIR}/${SAN}.pem" ] && [ -s "${TMP_DIR}/${SAN}.key" ]; then | |
| 20 | + | # Check if old certs/keys exists | |
| 21 | + | if [ -f "/etc/ssl/certs/${SAN}.pem" ] && [ -f "/etc/ssl/private/${SAN}.key" ]; then | |
| 22 | + | # Check if old and new certs/keys are different | |
| 23 | + | if [ "$(md5sum "/etc/ssl/private/${SAN}.key" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.key" | cut -d ' ' -f 1)" ] || [ "$(md5sum "/etc/ssl/certs/${SAN}.pem" | cut -d ' ' -f 1)" != "$(md5sum "${TMP_DIR}/${SAN}.pem" | cut -d ' ' -f 1)" ]; then | |
| 24 | + | # backup key | |
| 25 | + | if [ -f "/etc/ssl/private/${SAN}.key" ]; then | |
| 26 | + | mv "/etc/ssl/private/${SAN}.key" "/etc/ssl/private/${SAN}.key.old" | |
| 27 | + | fi | |
| 28 | + | # backup cert | |
| 29 | + | if [ -f "/etc/ssl/certs/${SAN}.pem" ]; then | |
| 30 | + | mv "/etc/ssl/certs/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem.old" | |
| 31 | + | fi | |
| 32 | + | else | |
| 33 | + | exit | |
| 34 | + | fi | |
| 35 | + | fi | |
| 36 | + | # copy key | |
| 37 | + | cp "${TMP_DIR}/${SAN}.key" "/etc/ssl/private/${SAN}.key" | |
| 38 | + | # copy cert | |
| 39 | + | cp "${TMP_DIR}/${SAN}.pem" "/etc/ssl/certs/${SAN}.pem" | |
| 40 | + | else | |
| 41 | + | exit | |
| 42 | + | fi | |
| 43 | + | else | |
| 44 | + | exit | |
| 45 | + | fi | |
Newer
Older