67 lines
3.4 KiB
Python
Executable File
67 lines
3.4 KiB
Python
Executable File
#!/usr/bin/python3
|
||
|
||
import sys, os, subprocess, traceback
|
||
|
||
sys.path.append("/opt/bunkerweb/deps/python")
|
||
sys.path.append("/opt/bunkerweb/utils")
|
||
|
||
import logger
|
||
|
||
def certbot_new(first_domain, domains, email) :
|
||
cmd = "/opt/bunkerweb/deps/python/bin/certbot certonly --manual --preferred-challenges=http --manual-auth-hook /opt/bunkerweb/core/letsencrypt/jobs/certbot-auth.py --manual-cleanup-hook /opt/bunkerweb/core/letsencrypt/jobs/certbot-cleanup.py -n -d " + domains + " --email " + email + " --agree-tos"
|
||
if os.getenv("USE_LETS_ENCRYPT_STAGING") == "yes" :
|
||
cmd += " --staging"
|
||
os.environ["PYTHONPATH"] = "/opt/bunkerweb/deps/python"
|
||
proc = subprocess.run(cmd.split(" "), stdin=subprocess.DEVNULL, stderr=subprocess.STDOUT, env=os.environ)
|
||
return proc.returncode
|
||
|
||
status = 0
|
||
|
||
try :
|
||
|
||
# Multisite case
|
||
if os.getenv("MULTISITE") == "yes" :
|
||
for first_server in os.getenv("SERVER_NAME").split(" ") :
|
||
if os.getenv(first_server + "_AUTO_LETS_ENCRYPT", os.getenv("AUTO_LETS_ENCRYPT")) != "yes" :
|
||
continue
|
||
if first_server == "" :
|
||
continue
|
||
real_server_name = os.getenv(first_server + "_SERVER_NAME", first_server)
|
||
domains = real_server_name.replace(" ", ",")
|
||
if os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Certificates already exists for domain(s) " + domains)
|
||
continue
|
||
real_email = os.getenv(first_server + "_EMAIL_LETS_ENCRYPT", os.getenv("EMAIL_LETS_ENCRYPT", "contact@" + first_server))
|
||
if real_email == "" :
|
||
real_email = "contact@" + first_server
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Asking certificates for domains : " + domains + " (email = " + real_email + ") ...")
|
||
if certbot_new(first_server, domains, real_email) != 0 :
|
||
status = 1
|
||
logger.log("LETS-ENCRYPT", "❌", "Certificate generation failed for domain(s) " + domains + " ...")
|
||
else :
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Certificate generation succeeded for domain(s) : " + domains)
|
||
|
||
# Singlesite case
|
||
elif os.getenv("AUTO_LETS_ENCRYPT") == "yes" and os.getenv("SERVER_NAME") != "" :
|
||
first_server = os.getenv("SERVER_NAME").split(" ")[0]
|
||
domains = os.getenv("SERVER_NAME").replace(" ", ",")
|
||
if os.path.exists("/etc/letsencrypt/live/" + first_server + "/cert.pem") :
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Certificates already exists for domain(s) " + domains)
|
||
else :
|
||
real_email = os.getenv("EMAIL_LETS_ENCRYPT", "contact@" + first_server)
|
||
if real_email == "" :
|
||
real_email = "contact@" + first_server
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Asking certificates for domain(s) : " + domains + " (email = " + real_email + ") ...")
|
||
if certbot_new(first_server, domains, real_email) != 0 :
|
||
status = 2
|
||
logger.log("LETS-ENCRYPT", "❌", "Certificate generation failed for domain(s) : " + domains)
|
||
else :
|
||
logger.log("LETS-ENCRYPT", "ℹ️", "Certificate generation succeeded for domain(s) : " + domains)
|
||
|
||
except :
|
||
status = 1
|
||
logger.log("LETS-ENCRYPT", "❌", "Exception while running certbot-new.py :")
|
||
print(traceback.format_exc())
|
||
|
||
sys.exit(status)
|