50 lines
1.7 KiB
Bash
50 lines
1.7 KiB
Bash
#!/bin/bash
|
|
|
|
# Run this script with a cron job every month on the 1st day at 2:00 AM
|
|
# crontab -e
|
|
# 0 2 1 * * /home/moeny/AppFlowy-Cloud/check-and-renew-certs.sh >> /var/log/cert-renewal.log 2>&1
|
|
|
|
set -e
|
|
|
|
# Configuration
|
|
COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.yml"
|
|
CERTBOT_COMPOSE_FILE="/home/moeny/AppFlowy-Cloud/docker-compose.certbot.yml"
|
|
DEPLOY_TRIGGER="/etc/letsencrypt/deploy-hook-triggered"
|
|
|
|
# Ensure we're in the right directory
|
|
cd "$(dirname "$COMPOSE_FILE")"
|
|
|
|
# Set environment variables to ensure non-interactive operation
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
export PYTHONUNBUFFERED=1
|
|
|
|
# Run certbot container with explicit non-interactive settings and timeout
|
|
echo "[$(date)] Starting certificate renewal check..."
|
|
if timeout --signal=KILL 5m docker compose -f "$CERTBOT_COMPOSE_FILE" run --rm --no-deps \
|
|
-e TERM=dumb \
|
|
-e PYTHONUNBUFFERED=1 \
|
|
--no-TTY \
|
|
< /dev/null \
|
|
certbot; then
|
|
echo "[$(date)] Certbot completed successfully"
|
|
else
|
|
exit_code=$?
|
|
if [ $exit_code -eq 137 ]; then # SIGKILL exit code
|
|
echo "[$(date)] ERROR: Certbot timed out after 5 minutes, killing container..."
|
|
# Find and kill any hanging certbot containers
|
|
docker ps --filter "name=certbot" -q | xargs -r docker kill
|
|
else
|
|
echo "[$(date)] ERROR: Certbot failed with exit code $exit_code"
|
|
fi
|
|
exit 1
|
|
fi
|
|
|
|
# Check if certificates were renewed
|
|
if [ -f "$DEPLOY_TRIGGER" ]; then
|
|
echo "[$(date)] Certificates were renewed, restarting nginx..."
|
|
docker compose -f "$COMPOSE_FILE" restart nginx
|
|
sudo rm "$DEPLOY_TRIGGER"
|
|
echo "[$(date)] Nginx restarted successfully"
|
|
else
|
|
echo "[$(date)] No certificate renewal needed"
|
|
fi |