-
Notifications
You must be signed in to change notification settings - Fork 5
/
renew-certificates.sh
executable file
·56 lines (43 loc) · 2.26 KB
/
renew-certificates.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/bin/bash
set -eo pipefail
echo "Setup letsencrypt context..."
gsutil -m rsync -r "${LETSENCRYPT_BUCKET}" /etc/letsencrypt
echo "Renewing certificate..."
dns_provider_options="--dns-${DNS_PROVIDER}"
if [ "${DNS_PROVIDER}" != "route53" ] && [ "${DNS_PROVIDER}" != "google" ]; then
echo -e "${DNS_PROVIDER_CREDENTIALS}" > /dns_api_key.ini
dns_provider_options="${dns_provider_options} --dns-${DNS_PROVIDER}-credentials /dns_api_key.ini"
fi
service_domain_names=$(gcloud app services list --format "get(id)" | sed "s/\(.*\)/-d *.\1.${CUSTOM_DOMAIN}/" | paste -d " " -s)
echo certbot command: certbot certonly -n \
-m "${LETSENCRYPT_CONTACT_EMAL}" --agree-tos \
--preferred-challenges dns ${dns_provider_options} \
-d "*.${CUSTOM_DOMAIN}" -d "${CUSTOM_DOMAIN}" ${service_domain_names}
certbot certonly -n \
-m "${LETSENCRYPT_CONTACT_EMAL}" --agree-tos \
--preferred-challenges dns ${dns_provider_options} \
-d "*.${CUSTOM_DOMAIN}" -d "${CUSTOM_DOMAIN}" ${service_domain_names}
echo "Convert private key into RSA format"
openssl rsa \
-in "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/privkey.pem" \
-out "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/privkey-rsa.pem" \
echo "Backup of letsencrypt context"
gsutil -m rsync -r /etc/letsencrypt "${LETSENCRYPT_BUCKET}"
echo "Install certificate on App Engine"
certificate_id=$(gcloud app ssl-certificates list --format "get(id,display_name)" | grep -F "${CUSTOM_DOMAIN}" | head -n 1 | cut -f 1 || true)
echo "Found existing certificate : ${certificate_id}"
if [ "${certificate_id}" = "" ]; then
echo "Creating new certificate"
certificate_id=$(gcloud app ssl-certificates create \
--display-name "${CERTIFICATE_NAME}" \
--certificate "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/fullchain.pem" \
--private-key "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/privkey-rsa.pem" \
--format "get(id)")
else
echo "Updating existing certificate"
gcloud app ssl-certificates update "${certificate_id}" \
--certificate "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/fullchain.pem" \
--private-key "/etc/letsencrypt/live/${CUSTOM_DOMAIN}/privkey-rsa.pem"
fi
echo "Enable certificate on *.${CUSTOM_DOMAIN} domain mapping"
gcloud app domain-mappings update "*.${CUSTOM_DOMAIN}" --certificate-management manual --certificate-id "${certificate_id}"