-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathcerts-extraction.sh
118 lines (98 loc) · 4.13 KB
/
certs-extraction.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
#!/bin/bash
#
# export DOMAINS=sub.domain.com
# ./certs-extraction.sh > /var/log/certs-extraction.log 2>&1 &
#
###############################################################################
### Environment Variables
START_LOG=1
START_INIT=1
CERTS_PATH=${CERTS_PATH:-/mnt/data}
ACME_JSON=$CERTS_PATH/acme.json
CERTS=$CERTS_PATH/certs
ACME=$CERTS_PATH/acme
ACME_JSON_MD5=$(md5sum $ACME_JSON | awk '{print $1}')
CERTS_HOME=$CERTS
ACME_HOME=$ACME
# Run jq command via docker
jq="docker run -i local/jq"
jq="jq"
###############################################################################
### Pre-Script
# List of DOMAIN based on space delimiter
DOMAINS=${DOMAINS:-sub.domain.com}
if [ -n "$(echo $1 | grep '\-d=')" ] || [ -n "$(echo $1 | grep '\--domains=')" ]; then
# $1 = "--domains=sub.domain.com"
# Get the value after =
DOMAINS=${1#*=}
fi
###############################################################################
### Script
echo ""
echo "[ CERTS ] Command: $0 $@"
echo "[ CERTS ] DOMAINS to listen: $DOMAINS"
while true; do
sleep 3
if [ -f $ACME_JSON ]; then
MD5=$(md5sum $ACME_JSON | awk '{print $1}')
if [ $START_INIT -eq 1 ] || [ $ACME_JSON_MD5 != $MD5 ]; then
# Set pipe as the delimiter
IFS='|'
#Read the split words into an array based on space delimiter
read -a DOMAIN_ARR <<< "$DOMAINS"
# Print each value of the array by using the loop
for DOMAIN in "${DOMAIN_ARR[@]}"; do
if [ ${#DOMAIN_ARR[@]} -gt 1 ]; then
CERTS=$CERTS_HOME/$DOMAIN
ACME=$ACME_HOME/$DOMAIN
fi
mkdir -p $CERTS
mkdir -p $ACME
echo "[ CERTS ] Configuration file changed. Generate certificates for $DOMAIN..."
echo "[ CERTS ] Start time: $(date)"
runstart=$(date +%s)
START_LOG=1
START_INIT=0
ACME_JSON_MD5=$MD5
echo "[ CERTS ] Extracting and saving Key"
cat $ACME_JSON | $jq -r ".[].Certificates[] | select(.domain.main==\"$DOMAIN\") | .key" | base64 -d > $CERTS/ssl-cert.key
echo "[ CERTS ] Extracting and saving Certificate"
cat $ACME_JSON | $jq -r ".[].Certificates[] | select(.domain.main==\"$DOMAIN\") | .certificate" | base64 -d > $CERTS/ssl-cert.crt
echo "[ CERTS ] Convert a DER file (.crt .cer .der) to PEM"
openssl x509 -in $CERTS/ssl-cert.crt -outform pem -out $CERTS/ssl-cert.pem
echo "[ CERTS ] Exporting Key and Certificate into PFX"
openssl pkcs12 -inkey $CERTS/ssl-cert.key -in $CERTS/ssl-cert.crt -password pass: -export -out $CERTS/ssl-cert.pfx
echo "[ CERTS ] Exporting Key and Certificate like neilpang/acme.sh"
mkdir -p $ACME
openssl pkcs12 -in $CERTS/ssl-cert.pfx -nocerts -nodes -password pass: | sed -ne '/-BEGIN PRIVATE KEY-/,/-END PRIVATE KEY-/p' > $ACME/$DOMAIN.key
openssl pkcs12 -in $CERTS/ssl-cert.pfx -clcerts -nokeys -password pass: | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $ACME/$DOMAIN.cer
openssl pkcs12 -in $CERTS/ssl-cert.pfx -cacerts -nokeys -chain -password pass: | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > $ACME/ca.cer
cat $ACME/$DOMAIN.cer > $ACME/fullchain.cer && echo "" >> $ACME/fullchain.cer && cat $ACME/ca.cer >> $ACME/fullchain.cer
if [ -n "$ACME_COPY" ]; then
# Set pipe as the delimiter
IFS='|'
#Read the split words into an array based on space delimiter
read -a COPY_ARR <<< "$ACME_COPY"
# Print each value of the array by using the loop
for P in "${COPY_ARR[@]}"; do
echo "[ CERTS ] Copy Key and Certificate to $P"
mkdir -p $P
cp -rf $ACME/* $P
done
fi
#echo "[ CERTS ] Restart services using new certificates"
#docker restart onlyoffice owncloud emby
echo "[ CERTS ] End time: $(date)"
runend=$(date +%s)
runtime=$((runend-runstart))
echo "[ CERTS ] Elapsed time: $(($runtime / 3600))hrs $((($runtime / 60) % 60))min $(($runtime % 60))sec"
done
fi
else
if [ $START_LOG -eq 1 ]; then
START_LOG=0
echo "[ CERTS ] File not found $ACME_JSON"
fi
fi
done
exit 0