def domainsToCert = [ [ false, 'kopama.com.pl', 'www'], [ false, 'bodypainter.eu', "www", "mail", "stat"], [ false, 'themself.eu', "www", "mail", "stat", "massage", "driving", "kopama" ], [ false, "artiks.tk", "www", "mail", "api", "angular", "bodypainter", "themself","arti24"], [ false, "arti24.eu", "www", "api", "angular", "ai", "job-finder", "zaklik"] // [ false, 'artikus.dynu.net', "mail", "stat", "www", "nextcloud" ] ] def createCert(domains, repo) { echo "Server ENV = ${SERVER_ENV}" echo "Certbot image = ${CERTBOT_IMAGE}" def toCreateDomains = [] for (domain in domains) { def force = domain[0] def name = domain[1] def fileName = "/_docker_data_/letsencrypt/live/${name}/cert.pem" def currentDomains = [] def daysLeft = null // Pobierz dane z istniejącego certyfikatu, jeśli jest if (fileExists(fileName)) { def certInfo = sh( script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true ).trim() if (certInfo) { currentDomains = certInfo.split('\n').collect { it.trim() } } // Oblicz ile dni zostało do wygaśnięcia def expiryUnix = sh( script: "openssl x509 -enddate -noout -in ${fileName} | cut -d= -f2 | xargs -I{} date -d {} +%s", returnStdout: true ).trim() if (expiryUnix.isNumber()) { def nowUnix = sh(script: "date +%s", returnStdout: true).trim().toLong() daysLeft = (expiryUnix.toLong() - nowUnix) / (60 * 60 * 24) } } // Lista oczekiwanych domen def expectedDomains = [name] for (int i = 2; i < domain.size(); i++) { expectedDomains.add("${domain[i]}.${name}") } // Czy trzeba odnowić certyfikat? def needsRenewal = force || !fileExists(fileName) || currentDomains.size() != expectedDomains.size() || !currentDomains.containsAll(expectedDomains) || (daysLeft != null && daysLeft < 30) if (needsRenewal) { echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains}, expires in: ${daysLeft ?: 'unknown'} days)" toCreateDomains.add(domain) } else { echo "Certificate for '${name}' is OK (expires in ${daysLeft} days)" } } echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}" if (toCreateDomains.isEmpty()) { echo "All certificates are up to date. Nothing to create/renew." return } def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " dir("/_programs_/${repo}/deploy-this/lets-encrypt") { for (domain in toCreateDomains) { def name = domain[1] def run = " run --rm certbot certonly" + " --webroot -w /var/www/certbot" + " --cert-name='${name}'" + " --non-interactive --agree-tos" + " --preferred-challenges http" + " --email ${env.LETSENCRYPT_EMAIL ?: 'kusartur@gmail.com'}" + " -d ${name}" for (int i = 2; i < domain.size(); i++) { run += " -d ${domain[i]}.${name}" } sh(lets_encrypt + run) } } } def createCertOld(domains, repo) { echo "Server ENV = ${SERVER_ENV}" echo "Cerbot image = ${CERTBOT_IMAGE}" def toCreateDomains = [] for (domain in domains) { def force = domain[0] def name = domain[1] def fileName = '/_docker_data_/letsencrypt/live/' + name + '/cert.pem' // Get current domains from certificate if it exists def currentDomains = [] if (fileExists(fileName)) { def certInfo = sh(script: "openssl x509 -in ${fileName} -text -noout | grep -o 'DNS:[^,]*' | sed 's/DNS://g'", returnStdout: true).trim() currentDomains = certInfo.split('\n').collect { it.trim() } } // Prepare expected domains def expectedDomains = [name] for (int i = 2; i < domain.size(); i++) { expectedDomains.add(domain[i] + "." + name) } // Check if we need to create/renew def needsRenewal = force || !fileExists(fileName) || currentDomains.size() != expectedDomains.size() || !currentDomains.containsAll(expectedDomains) if (needsRenewal) { echo "Certificate for '${name}' needs renewal (force: ${force}, missing domains: ${expectedDomains - currentDomains})" toCreateDomains.add(domain) } else { echo "Certificate for '${name}' is up to date with all domains" } } echo "Certificates to create/renew: ${toCreateDomains.collect { it[1] }}" if (toCreateDomains.isEmpty()) { echo "All certificates are up to date. Nothing to create/renew." } else { def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " dir("/_programs_/" + repo + "/deploy-this/lets-encrypt") { for (domain in toCreateDomains) { def name = domain[1] def run = " run --rm certbot certonly" + " --webroot -w /var/www/certbot" + " --cert-name='" + name + "'" + " --non-interactive --agree-tos" + " --preferred-challenges http" + " --email kusartur@gmail.com" + " -d " + name for (int indexSub = 2; indexSub < domain.size(); indexSub++) { def subDomain = domain[indexSub] run = run + " -d " + subDomain + "." + name } sh(lets_encrypt + run) } } } } def createCertOlder(domains, repo){ echo "Server ENV = ${SERVER_ENV}" echo "Cerbot image = ${CERTBOT_IMAGE} " def toCreateDomains =[] for( domain in domains ){ def force = domain[ 0 ] def name = domain[ 1 ] def fileName = '/_docker_data_/letsencrypt/live/'+name if( !force && fileExists( fileName ) ){ echo "The file('${fileName}') certificate for '${domain}(main:${name})' exists! You should renew it" }else{ echo "File '${fileName}' not exists! or ${force} so create certificate for '${name}'" toCreateDomains.add( domain ) } } echo "Certificate to create "+toCreateDomains if( 0 == toCreateDomains.size() ){ echo "All certificate should be refreshed! Nothing to create." }else{ def lets_encrypt = "docker compose --file lets-encrypt.yml --env-file lets.env " dir("/_programs_/"+repo+"/deploy-this/lets-encrypt"){ for( domain in toCreateDomains ){ def name = domain[ 1 ] def run = " run --rm certbot certonly"+ " --webroot -w /var/www/certbot"+ " --cert-name='"+name+"'"+ " --non-interactive --agree-tos"+ " --preferred-challenges http"+ " --email kusartur@gmail.com" + " -d "+name for( int indexSub = 2; indexSub < domain.size(); indexSub ++ ){ def subDomain = domain[ indexSub ] run = run + " -d "+subDomain+ "." + name } sh( lets_encrypt+run ) } } } } pipeline { agent any stages { stage('Make https cert for my domains') { steps { script{ def repo_name ="proxy-nginx" createCert( domainsToCert, repo_name ) } } } } } /* docker top || docker run --name */