alpine-overlay/kubezero/zdt-base/aws-certbot.sh

51 lines
1.2 KiB
Bash
Executable File

#!/bin/bash
set -x
# Certbot wrapper with S3 persistence support
CERTBOT_CERTNAME=$1
CERTBOT_EMAIL=$2
CERTBOT_DOMAIN=$3
CERTBOT_BACKEND=$4
LETSENCRYPT_PATH=/etc/letsencrypt
if [ -z "$CERTBOT_BACKEND" -o -z "$CERTBOT_EMAIL" -o -z "$CERTBOT_DOMAIN" -o -z "$CERTBOT_CERTNAME" ]; then
echo "CertbotBackend, CertbotEmail,Certbot_CertName or CertbotDomain are missing!"
exit 1
fi
function sync_to_s3 {
local links="$LETSENCRYPT_PATH/links.txt"
local expr=$(sed 's@\/@\\\/@g' <<< "'$LETSENCRYPT_PATH/")
find /etc/letsencrypt/ -type l | xargs -I% sh -c "echo -n \'; readlink -fn %; echo \"' '%'\"" | sed -e "s/$expr/'/g" > "$links"
aws s3 --no-follow-symlinks sync "$LETSENCRYPT_PATH" "$CERTBOT_BACKEND"
}
function sync_from_s3 {
local s3location=$CERTBOT_BACKEND
local links="$LETSENCRYPT_PATH/links.txt"
local currDir=$(pwd)
aws s3 sync "$s3location" "$LETSENCRYPT_PATH"
if [ -f $links ]; then
cd "$LETSENCRYPT_PATH"
xargs -I% sh -c "ln -f -s $LETSENCRYPT_PATH/%" < "$links"
cd "$currDir"
fi
}
sync_from_s3
certbot certonly \
--non-interactive \
--dns-route53 \
--agree-tos \
--email $CERTBOT_EMAIL \
--domain $CERTBOT_DOMAIN \
--cert-name $CERTBOT_CERTNAME && \
sync_to_s3