arti24
/
proxy-nginx
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Sprawdzanie daty wygaśnięcia (daysLeft): 

Jeśli < 30 dni → certyfikat do odnowienia.

Obsługa pustych/uszkodzonych certyfikatów:

    Jeśli openssl zwróci pusty wynik, skrypt uzna, że certyfikat jest
niepełny.

Zmienne środowiskowe dla e-maila:

    Można ustawić LETSENCRYPT_EMAIL w Jenkinsie, w .env lub jako
parametr pipeline.

Czytelne logi:

    W logu widać brakujące domeny i ile dni zostało do wygaśnięcia.
This commit is contained in:
Artur Kuś 2025-08-13 07:58:09 +02:00
parent 40fb1a7cf9
commit 837144a60b
1 changed files with 91 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile
View File

@ -8,7 +8,97 @@ def domainsToCert = [
// [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ] // [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ]
] ]
def createCert(domains, repo) { def createCert(domains, repo) {
echo "Server ENV = ${SERVER_ENV}"
echo "Certbot image = ${CERTBOT_IMAGE}"
def toCreateDomains = []
for (domain in domains) {
def force = domain[0]
def name = domain[1]
def fileName = "/_docker_data_/letsencrypt/live/${name}/cert.pem"
def currentDomains = []
def daysLeft = null
// Pobierz dane z istniejącego certyfikatu, jeśli jest
if (fileExists(fileName)) {
def certInfo = sh(
script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'",
returnStdout: true
).trim()
if (certInfo) {
currentDomains = certInfo.split('\n').collect { it.trim() }
}
// Oblicz ile dni zostało do wygaśnięcia
def expiryUnix = sh(
script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s",
returnStdout: true
).trim()
if (expiryUnix.isNumber()) {
def nowUnix = sh(script: "date +%s", returnStdout: true).trim().toLong()
daysLeft = (expiryUnix.toLong() - nowUnix) / (60 * 60 * 24)
}
}
// Lista oczekiwanych domen
def expectedDomains = [name]
for (int i = 2; i < domain.size(); i++) {
expectedDomains.add("${domain[i]}.${name}")
}
// Czy trzeba odnowić certyfikat?
def needsRenewal = force ||
!fileExists(fileName) ||
currentDomains.size() != expectedDomains.size() ||
!currentDomains.containsAll(expectedDomains) ||
(daysLeft != null && daysLeft < 30)
if (needsRenewal) {
echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains}, expires in: ${daysLeft ?: 'unknown'} days)"
toCreateDomains.add(domain)
} else {
echo "Certificate for '${name}' is OK (expires in ${daysLeft} days)"
}
}
echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}"
if (toCreateDomains.isEmpty()) {
echo "All certificates are up to date. Nothing to create/renew."
return
}
def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env "
dir("/_programs_/${repo}/deploy-this/lets-encrypt") {
for (domain in toCreateDomains) {
def name = domain[1]
def run = " run --rm certbot certonly" +
" --webroot -w /var/www/certbot" +
" --cert-name='${name}'" +
" --non-interactive --agree-tos" +
" --preferred-challenges http" +
" --email ${LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'}" +
" -d ${name}"
for (int i = 2; i < domain.size(); i++) {
run += " -d ${domain[i]}.${name}"
}
sh(lets_encrypt + run)
}
}
}
def createCertOld(domains, repo) {
echo "Server ENV = ${SERVER_ENV}" echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE}" echo "Cerbot image = ${CERTBOT_IMAGE}"
@ -76,7 +166,7 @@ def createCert(domains, repo) {
} }
} }
def createCertOld(domains, repo){ def createCertOlder(domains, repo){
echo "Server ENV = ${SERVER_ENV}" echo "Server ENV = ${SERVER_ENV}"
echo "Cerbot image = ${CERTBOT_IMAGE} " echo "Cerbot image = ${CERTBOT_IMAGE} "