From 40fb1a7cf92eba610037294a1d1a4cc7ea82f964 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Artur=20Ku=C5=9B?= Date: Wed, 13 Aug 2025 07:43:09 +0200 Subject: [PATCH] New version of create certificates --- .../lets-encrypt-create-cert.jenkinsfile | 72 ++++++++++++++++++- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile index 233d954..f0fedab 100755 --- a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile +++ b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile @@ -1,14 +1,82 @@ def domainsToCert = [ [ false, 'bodypainter.eu', "www", "mail", "stat"], - [ false, 'themself.eu', "www", "mail", "stat", "massage", "driving" ], + [ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ], [ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"], [ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"] // [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ] ] -def createCert(domains, repo){ +def createCert(domains, repo) { + echo "Server ENV = ${SERVER_ENV}" + echo "Cerbot image = ${CERTBOT_IMAGE}" + + def toCreateDomains = [] + + for (domain in domains) { + def force = domain[0] + def name = domain[1] + def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem' + + // Get current domains from certificate if it exists + def currentDomains = [] + if (fileExists(fileName)) { + def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim() + currentDomains = certInfo.split('\n').collect { it.trim() } + } + + // Prepare expected domains + def expectedDomains = [name] + for (int i = 2; i < domain.size(); i++) { + expectedDomains.add(domain[i] + "." + name) + } + + // Check if we need to create/renew + def needsRenewal = force || + !fileExists(fileName) || + currentDomains.size() != expectedDomains.size() || + !currentDomains.containsAll(expectedDomains) + + if (needsRenewal) { + echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})" + toCreateDomains.add(domain) + } else { + echo "Certificate for '${name}' is up to date with all domains" + } + } + + echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}" + + if (toCreateDomains.isEmpty()) { + echo "All certificates are up to date. Nothing to create/renew." + } else { + def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " + + dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") { + for (domain in toCreateDomains) { + def name = domain[1] + + def run = " run --rm certbot certonly" + + " --webroot -w /var/www/certbot" + + " --cert-name='" + name + "'" + + " --non-interactive --agree-tos" + + " --preferred-challenges http" + + " --email kusartur@gmail.com" + + " -d " + name + + for (int indexSub = 2; indexSub < domain.size(); indexSub++) { + def subDomain = domain[indexSub] + run = run + " -d " + subDomain + "." + name + } + + sh(lets_encrypt + run) + } + } + } +} + +def createCertOld(domains, repo){ echo "Server ENV = ${SERVER_ENV}" echo "Cerbot image = ${CERTBOT_IMAGE} "