38 lines
1 KiB
Text
38 lines
1 KiB
Text
|
#!/bin/bash
|
||
|
|
# Certbot renewal script for Forgejo SSL certificates
|
||
|
|
# Automatically created by Ansible
|
||
|
|
|
||
|
|
# Set up logging
|
||
|
|
LOG_FILE="/var/log/certbot-renewal.log"
|
||
|
|
echo "$(date): Starting certificate renewal" >> $LOG_FILE
|
||
|
|
|
||
|
|
# Stop Nginx to free up port 80
|
||
|
|
echo "$(date): Stopping Nginx" >> $LOG_FILE
|
||
|
|
systemctl stop nginx
|
||
|
|
if [ $? -ne 0 ]; then
|
||
|
|
echo "$(date): Failed to stop Nginx" >> $LOG_FILE
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Run Certbot renewal
|
||
|
|
echo "$(date): Running Certbot renewal" >> $LOG_FILE
|
||
|
|
docker run --rm -p 80:80 -p 443:443 \
|
||
|
|
-v /etc/letsencrypt:/etc/letsencrypt \
|
||
|
|
-v /var/lib/letsencrypt:/var/lib/letsencrypt \
|
||
|
|
certbot/certbot renew --standalone --non-interactive
|
||
|
|
|
||
|
|
if [ $? -ne 0 ]; then
|
||
|
|
echo "$(date): Certbot renewal failed" >> $LOG_FILE
|
||
|
|
# Even if renewal fails, we should restart Nginx
|
||
|
|
fi
|
||
|
|
|
||
|
|
# Start Nginx again
|
||
|
|
echo "$(date): Starting Nginx" >> $LOG_FILE
|
||
|
|
systemctl start nginx
|
||
|
|
if [ $? -ne 0 ]; then
|
||
|
|
echo "$(date): Failed to start Nginx" >> $LOG_FILE
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
|
||
|
|
echo "$(date): Certificate renewal completed successfully" >> $LOG_FILE
|