diff --git a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile index b856363..ec92510 100755 --- a/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile +++ b/deploy-this/lets-encrypt/lets-encrypt-create-cert.jenkinsfile @@ -14,9 +14,11 @@ def domainsToCert = [ ] def createCert(domains) { - echo "Server ENV = ${SERVER_ENV}" - echo "Certbot image = ${CERTBOT_IMAGE}" - + def baseCertPath = env.CERTS_PATH ?: '/_docker_data_/letsencrypt/live' + def workDir = env.WORK_DIR ?: "/_sd_/_programs_/proxy-nginx/deploy-this/lets-encrypt" + def letsEncryptCommand = "docker compose --file lets-encrypt.yml --env-file lets.env" + def email = env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com' + def toCreateDomains = [] for (domain in domains) { @@ -27,7 +29,6 @@ def createCert(domains) { def currentDomains = [] def daysLeft = null - // Get existing certificate data if exists if (fileExists(fileName)) { def certInfo = sh( script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", @@ -38,22 +39,20 @@ def createCert(domains) { currentDomains = certInfo.split('\n').collect { it.trim() } } - // Calculate days until expiration def expiryUnix = sh( script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s", returnStdout: true ).trim() - if (expiryUnix.isNumber()) { + if (expiryUnix?.isLong()) { def nowUnix = sh(script: "date +%s", returnStdout: true).trim().toLong() daysLeft = (expiryUnix.toLong() - nowUnix) / (60 * 60 * 24) } } - // Build expected domains list - def expectedDomains = [name] + domain[2..-1].collect { "${it}.${name}" } + def subList = (domain.size() > 2) ? domain[2..-1] : [] + def expectedDomains = [name] + subList.collect { "${it}.${name}" } - // Check if certificate needs renewal def needsRenewal = force || !fileExists(fileName) || currentDomains.size() != expectedDomains.size() || @@ -61,7 +60,7 @@ def createCert(domains) { (daysLeft != null && daysLeft < 30) if (needsRenewal) { - echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains}, expires in: ${daysLeft ?: 'unknown'} days)" + echo "Certificate for '${name}' needs renewal (force: ${force}, missing: ${expectedDomains - currentDomains}, expires in: ${daysLeft ?: 'unknown'} days)" toCreateDomains.add(domain) } else { echo "Certificate for '${name}' is OK (expires in ${daysLeft} days)" @@ -70,29 +69,31 @@ def createCert(domains) { echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}" - if (toCreateDomains.isEmpty()) { - echo "All certificates are up to date. Nothing to create/renew." - return - } + if (!toCreateDomains.isEmpty()) { + dir(workDir) { + for (domain in toCreateDomains) { + def name = domain[1] + def subList = (domain.size() > 2) ? domain[2..-1] : [] + def subDomains = subList.collect { "-d ${it}.${name}" }.join(' ') - dir(workDir) { - for (domain in toCreateDomains) { - def name = domain[1] - def subDomains = domain[2..-1].collect { "-d ${it}.${name}" }.join(' ') - - sh """ - ${letsEncryptCommand} run --rm certbot certonly \ - --webroot -w /var/www/certbot \ - --cert-name='${name}' \ - --non-interactive --agree-tos \ - --preferred-challenges http \ - --email ${email} \ - -d ${name} ${subDomains} - """ + def cmd = """ + ${letsEncryptCommand} run --rm certbot certonly \ + --webroot -w /var/www/certbot \ + --cert-name='${name}' \ + --non-interactive --agree-tos \ + --preferred-challenges http \ + --email ${email} \ + -d ${name} ${subDomains} + """.stripIndent() + sh(cmd) + } } + } else { + echo "All certificates are up to date. Nothing to create/renew." } } + pipeline { agent any stages {