Refactor script with functions

renew_cert.sh

@@ -4,8 +4,8 @@ path="$( cd "$(dirname "$0")" ; pwd -P )"
 
 #############
 # variables
-acme_dir=/srv/certs/acme-challenge/.well-known/acme-challenge
+acme_dir=/docker/certs/acme-challenge/.well-known/acme-challenge
-opt_dir=/srv/certs/.opt
+opt_dir=/docker/certs/.opt
 account_key=$opt_dir/account.key
 acme_tiny=$opt_dir/acme_tiny.py
 openssl_conf=$opt_dir/openssl.conf
@@ -14,134 +14,146 @@ openssl_conf=$opt_dir/openssl.conf
 # script
 
 
-# stop script if receive SIGINT (ctrl-c)
+main() {
-trap "exit" INT
+  # stop script if receive SIGINT (ctrl-c)
+  trap "exit" INT
   
-#print starting date
+  #print starting date
-echo "Cert renew script: $(date)"
+  echo "Cert renew script: $(date)"
   
-# check if needed files are provided
+  # check if needed files are provided
-if [ $# -eq 0 ]; then
+  if [ $# -eq 0 ]; then
-  echo "No arguments provided."
+    echo "No arguments provided."
-  echo "Usage: $0 [folder]"
+    echo "Usage: $0 [folder]"
-  exit 1
-fi
-
-if [ ! -d "$opt_dir" ]; then
-  echo "opt dir doesn't exists!"
-  exit 1
-fi
-
-if [ ! -d "$acme_dir" ]; then
-  echo "acme directory ($acme_dir) doesn't exists!"
-  exit 1
-fi
-
-if [ ! -s "$account_key" ]; then
-  echo "Account Key doesn't exists!"
-  exit 1
-fi
-
-if [ ! -s "$acme_tiny" ]; then
-  echo -n "Python script acme_tiny.py is missing. Downloading... "
-  wget -qO "$acme_tiny" https://raw.githubusercontent.com/diafygi/acme-tiny/4.1.0/acme_tiny.py
-  if [ $? != 0 ]; then
-    echo -ne "\nCould not download acme_tiny.py script.\n"
-    rm -f "$acme_tiny"
     exit 1
   fi
-  echo -ne "Finished\n"
-fi
   
-acme_dir=${acme_dir%/}
+  if [ ! -d "$opt_dir" ]; then
-opt_dir=${opt_dir%/}
+    echo "opt dir doesn't exists!"
-
+    exit 1
-# check if python is installed
-command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed.  Aborting."; exit 1; }
-
-counter=0
-
-for arg in "$@"
-do
-  arg="$path/${arg%/}"
-
-  if [ ! -d "$arg" ]; then
-    echo "Folder $arg doesn't exists!"
-    continue
   fi
   
-  if [ ! -s "$arg/domain.conf" ]; then
+  if [ ! -d "$acme_dir" ]; then
-    echo "Configuration file doen't exists!"
+    echo "acme directory ($acme_dir) doesn't exists!"
-    continue
+    exit 1
   fi
   
-  # load configuration variables
+  if [ ! -s "$account_key" ]; then
-  source "$arg/domain.conf"
+    echo "Account Key doesn't exists!"
-
+    exit 1
-
-  # check domain.conf variables
-  if [ -z "$NAME" ]; then
-    echo "No name given for domain \"$arg\"".
-    continue
   fi
   
-  if [ ${#DOMAINS[@]} -eq 0 ]; then
+  if [ ! -s "$acme_tiny" ]; then
-    echo "No domains given for \"$NAME\"."
+    echo -n "Python script acme_tiny.py is missing. Downloading... "
-    continue
+    wget -qO "$acme_tiny" https://raw.githubusercontent.com/diafygi/acme-tiny/4.1.0/acme_tiny.py
-  fi
+    if [ $? != 0 ]; then
-
+      echo -ne "\nCould not download acme_tiny.py script.\n"
-
+      rm -f "$acme_tiny"
-  # domain key
+      exit 1
-  key="$arg/$NAME.key"
-
-  if [ ! -s "$key" ]; then
-    echo "Domain key doesn't exists. Generating..."
-    openssl genrsa 4096 > "$key"
-    #openssl ecparam -out "$key" -name secp384r1 -genkey
-  fi
-
-  # domain csr
-  csr="$arg/$NAME.csr"
-
-  if [ ! -s "$csr" ]; then
-    echo "Domain csr file doesn't exists. Generating..."
-    if [ ${#DOMAINS[@]} -eq 1 ]; then
-      # single domain
-      openssl req -new -sha256 -key "$key" -subj "/CN=$DOMAINS" > "$csr"
-    else
-      # multi domain
-      # expand domain array with ",DNS:"
-      read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
-      san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
-      openssl req -new -sha256 -key "$key" -subj "/" -reqexts SAN -config <(cat "$openssl_conf" <(printf "$san_string")) > "$csr"
     fi
+    echo -ne "Finished\n"
   fi
   
-  if [ $? != 0 ]; then
+  acme_dir=${acme_dir%/}
-    echo "Creating csr/key files FAILED for \"$NAME\"!"
+  opt_dir=${opt_dir%/}
-    continue
-  fi
   
-  # get certificate
+  # check if python is installed
-  python "$acme_tiny" --quiet --account-key "$account_key" --csr "$csr" --acme-dir "$acme_dir" > "$arg/tmp.pem"
+  command -v python >/dev/null 2>&1 || { echo >&2 "Python is required but it's not installed.  Aborting."; exit 1; }
   
-  if [ $? != 0 ]; then
+  counter=0
-    rm -rf $arg/tmp.pem
-    echo "Getting certificate for \"$NAME\" FAILED!"
-    continue
-  fi
 
-  if [ -s "$arg/tmp.pem" ]; then
+  for arg in "$@"
-    mv -f "$arg/tmp.pem" "$arg/$NAME.pem"
+  do
-  else
+    process_renewal
-    echo "New certificate for \"$NAME\" doesn't exists or is empty"
-    rm -rf "$arg/tmp.pem"
-    continue
-  fi
   
-  echo "Certificate for \"$NAME\" successfully created!"
+    if [ $? == 0 ]; then
-  counter=$((counter+1))
+      echo "Certificate successfully created!"
+      counter=$((counter+1))
+    fi
+  done
   
-done
+  echo "$counter new certificates created!"
+}
 
-echo "$counter new certificates created!"
+process_renewal() (
+    arg="$path/${arg%/}"
+  
+    if [ ! -d "$arg" ]; then
+      echo "Folder $arg doesn't exists!"
+      return 1
+    fi
+  
+    if [ ! -s "$arg/domain.conf" ]; then
+      echo "Configuration file doen't exists!"
+      return 1
+    fi
+  
+    # load configuration variables
+    source "$arg/domain.conf"
+  
+  
+    # check domain.conf variables
+    if [ -z "$NAME" ]; then
+      echo "No name given for domain \"$arg\"".
+      return 1
+    fi
+    echo "Processing certificate \"$NAME\"..."
+  
+    if [ ${#DOMAINS[@]} -eq 0 ]; then
+      echo "No domains given for \"$NAME\"."
+      return 1
+    fi
+  
+  
+    # domain key
+    key="$arg/$NAME.key"
+  
+    if [ ! -s "$key" ]; then
+      echo "Domain key doesn't exists. Generating..."
+      openssl genrsa 4096 > "$key"
+      #openssl ecparam -out "$key" -name secp384r1 -genkey
+    fi
+  
+    # domain csr
+    csr="$arg/$NAME.csr"
+  
+    if [ ! -s "$csr" ]; then
+      echo "Domain csr file doesn't exists. Generating..."
+      if [ ${#DOMAINS[@]} -eq 1 ]; then
+        # single domain
+        openssl req -new -sha256 -key "$key" -subj "/CN=$DOMAINS" > "$csr"
+      else
+        # multi domain
+        # expand domain array with ",DNS:"
+        read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
+        san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
+        openssl req -new -sha256 -key "$key" -subj "/" -reqexts SAN -config <(cat "$openssl_conf" <(printf "$san_string")) > "$csr"
+      fi
+    fi
+  
+    if [ $? != 0 ]; then
+      echo "Creating csr/key files FAILED for \"$NAME\"!"
+      return 1
+    fi
+  
+    # get certificate
+    python "$acme_tiny" --quiet --account-key "$account_key" --csr "$csr" --acme-dir "$acme_dir" > "$arg/tmp.pem"
+  
+    if [ $? != 0 ]; then
+      rm -rf $arg/tmp.pem
+      echo "Getting certificate for \"$NAME\" FAILED!"
+      return 1
+    fi
+  
+    if [ -s "$arg/tmp.pem" ]; then
+      mv -f "$arg/tmp.pem" "$arg/$NAME.pem"
+    else
+      echo "New certificate for \"$NAME\" doesn't exists or is empty"
+      rm -rf "$arg/tmp.pem"
+      return 1
+    fi
+
+    return 0
+)
+
+main "$@"; exit