plantroon/acme.sh
1
0
Fork 0
mirror of https://github.com/plantroon/acme.sh.git synced 2024-12-22 13:11:41 +00:00
Code Issues Projects Releases Wiki Activity

Make backup of certs on remote server optional. Defaults to yes.

Browse Source
This commit is contained in:
David Kerr 2017-02-11 16:42:44 -05:00
parent 68d708e56d
commit a4b2cebef6
2 changed files with 33 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
deploy/README.md
View File

@ -49,6 +49,7 @@ export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem" export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
export ACME_DEPLOY_SSH_FULLCHAIN="" export ACME_DEPLOY_SSH_FULLCHAIN=""
export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart" export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
export ACME_DEPLOY_SSH_BACKUP=""
``` ```
The values used above are illustrative only and represent those that could The values used above are illustrative only and represent those that could
be used to deploy certificates to a QNAP NAS device running QTS 4.2 be used to deploy certificates to a QNAP NAS device running QTS 4.2
@ -87,8 +88,7 @@ file
Command to execute on the remote server after copying any certificates. This Command to execute on the remote server after copying any certificates. This
could be any additional command required for example to stop and restart could be any additional command required for example to stop and restart
the service. the service.
###ACME_DEPLOY_SSH_BACKUP
###Backups
Before writing a certificate file to the remote server the existing Before writing a certificate file to the remote server the existing
certificate will be copied to a backup directory on the remote server. certificate will be copied to a backup directory on the remote server.
These are placed in a hidden directory in the home directory of the SSH These are placed in a hidden directory in the home directory of the SSH
@ -97,4 +97,4 @@ user
~/.acme_ssh_deploy/[domain name]-backup-[timestamp] ~/.acme_ssh_deploy/[domain name]-backup-[timestamp]
``` ```
Any backups older than 180 days will be deleted when new certificates Any backups older than 180 days will be deleted when new certificates
are deployed. are deployed. This defaults to "yes" set to "no" to disable backup.

44
deploy/ssh.sh
View File

@ -12,15 +12,16 @@
# Only a username is required. All others are optional. # Only a username is required. All others are optional.
# #
# The following examples are for QNAP NAS running QTS 4.2 # The following examples are for QNAP NAS running QTS 4.2
# export ACME_DEPLOY_SSH_CMD="" # export ACME_DEPLOY_SSH_CMD="" # defaults to ssh
# export ACME_DEPLOY_SSH_USER="admin" # export ACME_DEPLOY_SSH_USER="admin" # required
# export ACME_DEPLOY_SSH_SERVER="qnap" # export ACME_DEPLOY_SSH_SERVER="qnap" # defaults to domain name
# export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem" # export ACME_DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
# export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem" # export ACME_DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
# export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem" # export ACME_DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
# export ACME_DEPLOY_SSH_FULLCHAIN="" # export ACME_DEPLOY_SSH_FULLCHAIN=""
# export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart" # export ACME_DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
# export ACME_DEPLOY_SSH_BACKUP="" # yes or no, default to yes
#
######## Public functions ##################### ######## Public functions #####################
#domain keyfile certfile cafile fullchain #domain keyfile certfile cafile fullchain
@ -73,6 +74,14 @@ ssh_deploy() {
Le_Deploy_ssh_cmd="ssh" Le_Deploy_ssh_cmd="ssh"
fi fi
# BACKUP is optional. If not provided then default to yes
if [ "$ACME_DEPLOY_SSH_BACKUP" = "no"]; then
Le_Deploy_ssh_backup="no"
elif [ -z "$Le_Deploy_ssh_backup" ]; then
Le_Deploy_ssh_backup="yes"
fi
_savedomainconf Le_Deploy_ssh_backup "$Le_Deploy_ssh_backup"
_info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server" _info "Deploy certificates to remote server $Le_Deploy_ssh_user@$Le_Deploy_ssh_server"
# KEYFILE is optional. # KEYFILE is optional.
@ -82,8 +91,10 @@ ssh_deploy() {
_savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile" _savedomainconf Le_Deploy_ssh_keyfile "$Le_Deploy_ssh_keyfile"
fi fi
if [ -n "$Le_Deploy_ssh_keyfile" ]; then if [ -n "$Le_Deploy_ssh_keyfile" ]; then
if [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite. # backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir ;" _cmdstr="$_cmdstr cp $Le_Deploy_ssh_keyfile $_backupdir ;"
fi
# copy new certificate into file. # copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile ;" _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $Le_Deploy_ssh_keyfile ;"
_info "will copy private key to remote file $Le_Deploy_ssh_keyfile" _info "will copy private key to remote file $Le_Deploy_ssh_keyfile"
@ -96,13 +107,13 @@ ssh_deploy() {
_savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile" _savedomainconf Le_Deploy_ssh_certfile "$Le_Deploy_ssh_certfile"
fi fi
if [ -n "$Le_Deploy_ssh_certfile" ]; then if [ -n "$Le_Deploy_ssh_certfile" ]; then
_pipe=">"
if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then if [ "$Le_Deploy_ssh_certfile" = "$Le_Deploy_ssh_keyfile" ]; then
# if filename is same as previous file then append. # if filename is same as previous file then append.
_pipe=">>" _pipe=">>"
else elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite. # backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir ;" _cmdstr="$_cmdstr cp $Le_Deploy_ssh_certfile $_backupdir ;"
_pipe=">"
fi fi
# copy new certificate into file. # copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile ;" _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $Le_Deploy_ssh_certfile ;"
@ -116,14 +127,14 @@ ssh_deploy() {
_savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile" _savedomainconf Le_Deploy_ssh_cafile "$Le_Deploy_ssh_cafile"
fi fi
if [ -n "$Le_Deploy_ssh_cafile" ]; then if [ -n "$Le_Deploy_ssh_cafile" ]; then
if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] || _pipe=">"
[ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then if [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_keyfile" ] \
|| [ "$Le_Deploy_ssh_cafile" = "$Le_Deploy_ssh_certfile" ]; then
# if filename is same as previous file then append. # if filename is same as previous file then append.
_pipe=">>" _pipe=">>"
else elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite. # backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir ;" _cmdstr="$_cmdstr cp $Le_Deploy_ssh_cafile $_backupdir ;"
_pipe=">"
fi fi
# copy new certificate into file. # copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile ;" _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $Le_Deploy_ssh_cafile ;"
@ -137,15 +148,15 @@ ssh_deploy() {
_savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain" _savedomainconf Le_Deploy_ssh_fullchain "$Le_Deploy_ssh_fullchain"
fi fi
if [ -n "$Le_Deploy_ssh_fullchain" ]; then if [ -n "$Le_Deploy_ssh_fullchain" ]; then
if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] || _pipe=">"
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] || if [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_keyfile" ] \
[ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then || [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_certfile" ] \
|| [ "$Le_Deploy_ssh_fullchain" = "$Le_Deploy_ssh_cafile" ]; then
# if filename is same as previous file then append. # if filename is same as previous file then append.
_pipe=">>" _pipe=">>"
else elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# backup file we are about to overwrite. # backup file we are about to overwrite.
_cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir ;" _cmdstr="$_cmdstr cp $Le_Deploy_ssh_fullchain $_backupdir ;"
_pipe=">"
fi fi
# copy new certificate into file. # copy new certificate into file.
_cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain ;" _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $Le_Deploy_ssh_fullchain ;"
@ -166,8 +177,7 @@ ssh_deploy() {
if [ -z "$_cmdstr" ]; then if [ -z "$_cmdstr" ]; then
_err "No remote commands to excute. Failed to deploy certificates to remote server" _err "No remote commands to excute. Failed to deploy certificates to remote server"
return 1 return 1
else elif [ "$Le_Deploy_ssh_backup" = "yes" ]; then
# something to execute.
# run cleanup on the backup directory, erase all older than 180 days. # run cleanup on the backup directory, erase all older than 180 days.
_cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf ; $_cmdstr" _cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf ; $_cmdstr"
# Create our backup directory for overwritten cert files. # Create our backup directory for overwritten cert files.