2022-10-08 15:55:40 +02:00
|
|
|
#!/usr/bin/env python3
|
2017-09-24 17:50:10 +02:00
|
|
|
|
2023-08-09 15:28:07 +02:00
|
|
|
import logging as log
|
2017-09-24 17:50:10 +02:00
|
|
|
import os
|
2023-08-09 15:28:07 +02:00
|
|
|
import requests
|
|
|
|
|
import sys
|
2017-09-24 17:50:10 +02:00
|
|
|
import subprocess
|
2023-08-09 15:28:07 +02:00
|
|
|
import time
|
2017-09-24 17:50:10 +02:00
|
|
|
|
2023-08-09 15:28:07 +02:00
|
|
|
log.basicConfig(stream=sys.stderr, level="WARNING")
|
2022-03-17 11:35:31 +01:00
|
|
|
hostnames = ','.join(set(host.strip() for host in os.environ['HOSTNAMES'].split(',')))
|
2022-03-10 12:31:01 +01:00
|
|
|
|
2017-09-24 17:50:10 +02:00
|
|
|
command = [
|
|
|
|
|
"certbot",
|
|
|
|
|
"-n", "--agree-tos", # non-interactive
|
2022-03-10 12:31:01 +01:00
|
|
|
"-d", hostnames, "--expand", "--allow-subset-of-names",
|
2017-09-24 17:50:10 +02:00
|
|
|
"-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
|
|
|
|
|
"certonly", "--standalone",
|
|
|
|
|
"--cert-name", "mailu",
|
2017-11-01 15:24:22 +01:00
|
|
|
"--preferred-challenges", "http", "--http-01-port", "8008",
|
2017-09-24 17:50:10 +02:00
|
|
|
"--keep-until-expiring",
|
2022-10-08 15:32:08 +02:00
|
|
|
"--allow-subset-of-names",
|
2021-08-23 19:41:44 +02:00
|
|
|
"--renew-with-new-domains",
|
2021-08-09 21:06:15 +02:00
|
|
|
"--config-dir", "/certs/letsencrypt",
|
|
|
|
|
"--post-hook", "/config.py"
|
|
|
|
|
]
|
|
|
|
|
command2 = [
|
|
|
|
|
"certbot",
|
|
|
|
|
"-n", "--agree-tos", # non-interactive
|
2022-03-10 12:31:01 +01:00
|
|
|
"-d", hostnames, "--expand", "--allow-subset-of-names",
|
2021-08-09 21:06:15 +02:00
|
|
|
"-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]),
|
|
|
|
|
"certonly", "--standalone",
|
|
|
|
|
"--cert-name", "mailu-ecdsa",
|
|
|
|
|
"--preferred-challenges", "http", "--http-01-port", "8008",
|
|
|
|
|
"--keep-until-expiring",
|
2022-10-08 15:32:08 +02:00
|
|
|
"--allow-subset-of-names",
|
2021-08-09 21:06:15 +02:00
|
|
|
"--key-type", "ecdsa",
|
2021-08-23 19:41:44 +02:00
|
|
|
"--renew-with-new-domains",
|
2017-09-24 17:50:10 +02:00
|
|
|
"--config-dir", "/certs/letsencrypt",
|
|
|
|
|
"--post-hook", "/config.py"
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
# Wait for nginx to start
|
|
|
|
|
time.sleep(5)
|
|
|
|
|
|
2021-08-14 14:04:02 +01:00
|
|
|
# Run certbot every day
|
2017-09-24 17:50:10 +02:00
|
|
|
while True:
|
2023-08-09 15:28:07 +02:00
|
|
|
while True:
|
2023-10-17 13:58:38 +02:00
|
|
|
hostname = os.environ['HOSTNAMES'].split(',')[0]
|
2023-08-09 15:28:07 +02:00
|
|
|
target = f'http://{hostname}/.well-known/acme-challenge/testing'
|
2024-09-12 19:21:18 +02:00
|
|
|
try:
|
|
|
|
|
r = requests.get(target)
|
|
|
|
|
if r.status_code != 204:
|
|
|
|
|
log.critical(f"Can't reach {target}!, please ensure it's fixed or change the TLS_FLAVOR.")
|
|
|
|
|
time.sleep(5)
|
|
|
|
|
else:
|
|
|
|
|
break
|
|
|
|
|
except Exception as e:
|
|
|
|
|
log.error(f"Exception while fetching {target}!", exc_info = e)
|
2024-09-12 22:48:20 +02:00
|
|
|
time.sleep(15)
|
2023-08-09 15:28:07 +02:00
|
|
|
|
2017-09-24 17:50:10 +02:00
|
|
|
subprocess.call(command)
|
2021-08-09 21:06:15 +02:00
|
|
|
subprocess.call(command2)
|
2021-08-14 14:04:02 +01:00
|
|
|
time.sleep(86400)
|
