4nk/4NK_node
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
4NK_node/scripts/renew_certs.sh
Debian 3488b497de release: 1.1.2 (latest) 
- HSTS activé sur Nginx
- Scripts de déploiement initial (avec/sans certificats)
- Docs installation/configuration enrichies (webroot, renouvellement, déploiement)
2025-08-27 23:38:14 +00:00

33 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
DOMAIN="dev4.4nkweb.com"
EMAIL="admin@4nkweb.com"
ROOT_DIR="$(cd "$(dirname "$0")/.." && pwd)"
mkdir -p "$ROOT_DIR/acme/.well-known/acme-challenge" "$ROOT_DIR/letsencrypt" "$ROOT_DIR/letsencrypt_lib" "$ROOT_DIR/certs"
# Renew certificates using the same webroot method (volumes must be consistent)
docker run --rm \
-v "$ROOT_DIR/acme:/var/www/certbot" \
-v "$ROOT_DIR/letsencrypt:/etc/letsencrypt" \
-v "$ROOT_DIR/letsencrypt_lib:/var/lib/letsencrypt" \
certbot/certbot renew --non-interactive || true
# Fallback: issue if missing (first time)
if [ ! -f "$ROOT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem" ]; then
docker run --rm \
-v "$ROOT_DIR/acme:/var/www/certbot" \
-v "$ROOT_DIR/letsencrypt:/etc/letsencrypt" \
-v "$ROOT_DIR/letsencrypt_lib:/var/lib/letsencrypt" \
certbot/certbot certonly --webroot -w /var/www/certbot -d "$DOMAIN" --email "$EMAIL" --agree-tos --non-interactive
fi
install -m 0644 "$ROOT_DIR/letsencrypt/live/$DOMAIN/fullchain.pem" "$ROOT_DIR/certs/server.crt"
install -m 0600 "$ROOT_DIR/letsencrypt/live/$DOMAIN/privkey.pem" "$ROOT_DIR/certs/server.key"
# Reload reverse proxy with updated files
docker compose -f "$ROOT_DIR/docker-compose.yml" up -d --no-deps --force-recreate reverse_proxy
echo "Certificates installed for $DOMAIN and reverse proxy reloaded."
Reference in New Issue View Git Blame Copy Permalink