bug fixing and make the script more stable

renew_cert.sh

@@ -4,7 +4,7 @@ path="$( cd "$(dirname "$0")" ; pwd -P )"
 
 #############
 # variables
-acme_dir=/var/www/.well-known/acme-challenge/
+acme_dir=/srv/certs/acme-challenge/.well-known/acme-challenge
 opt_folder=$path/opt
 le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem
 account_key=$opt_folder/account.key
@@ -15,6 +15,7 @@ openssl_conf=$opt_folder/openssl.conf
 #############
 # script
 
+
 # check if needed files are provided
 if [ $# -eq 0 ]; then
   echo "No arguments provided."
@@ -22,27 +23,30 @@ if [ $# -eq 0 ]; then
   exit 1
 fi
 
-if [ ! -d $acme_dir ]; then
+if [ ! -d "$acme_dir" ]; then
   echo "acme directory ($acme_dir) doesn't exists!"
   exit 1
 fi
 
-if [ ! -f $account_key ]; then
+if [ ! -f "$account_key" ]; then
   echo "Account Key doesn't exists!" 
   exit 1
 fi
 
-if [ ! -f $acme_tiny ]; then
+if [ ! -f "$acme_tiny" ]; then
   echo "Python script acme_tiny.py is missing"
   exit 1
 fi
 
-if [ ! -f $le_cert ]; then
+if [ ! -f "$le_cert" ]; then
   echo "LetsEncrypt cert doesn't exists!" 
   echo "Downloading root cert..."
   wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert
 fi
 
+acme_dir=${acme_dir%/}
+opt_folder=${opt_folder%/}
+
 # check if python is installed
 command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed.  Aborting."; exit 1; }
 
@@ -50,20 +54,20 @@ counter=0
 
 for arg in "$@"
 do
-  arg=$path/$arg
+  arg="$path/${arg%/}"
 
-  if [ ! -d $arg ]; then
+  if [ ! -d "$arg" ]; then
     echo "Folder $arg doesn't exists!"
     continue
   fi
 
-  if [ ! -f $arg/domain.conf ]; then
+  if [ ! -f "$arg/domain.conf" ]; then
     echo "Configuration file doen't exists!"
     continue
   fi
 
   # load configuration variables
-  source $arg/domain.conf
+  source "$arg/domain.conf"
 
 
   # check domain.conf variables
@@ -79,34 +83,27 @@ do
 
 
   # domain key 
-  key=$arg/$NAME.key
+  key="$arg/$NAME.key"
 
-  if [ ! -f $key ]; then
+  if [ ! -f "$key" ]; then
-    echo "Domain key doesn't exists."
+    echo "Domain key doesn't exists. Generating..."
-    echo "Generating..."
+    openssl genrsa 4096 > "$key"
-    openssl genrsa 4096 > $key
   fi 
 
   # domain csr
-  csr=$arg/$NAME.csr
+  csr="$arg/$NAME.csr"
 
-  if [ ! -f $csr ]; then
+  if [ ! -f "$csr" ]; then
-    echo "Domain csr file doesn't exists."
+    echo "Domain csr file doesn't exists. Generating..."
-    echo "Generating..."
     if [ ${#DOMAINS[@]} -eq 1 ]; then
       # single domain
-      openssl req -new -sha256 -key $key -subj "/CN=$DOMAINS" > $csr
+      openssl req -new -sha256 -key "$key" -subj "/CN=$DOMAINS" > "$csr"
     else
       # multi domain
       # expand domain array with ",DNS:"
-      if [ ! -f $opensll_conf ]; then
-        echo "Error: openssl.conf file is missing."
-	exit 1
-      fi
       read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
       san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
-      echo "san_string: $san_string"
+      openssl req -new -sha256 -key "$key" -subj "/" -reqexts SAN -config <(cat "$openssl_conf" <(printf "$san_string")) > "$csr"
-      openssl req -new -sha256 -key $key -subj "/" -reqexts SAN -config <(cat $openssl_conf <(printf "$san_string")) > $csr
     fi
   fi
 
@@ -116,7 +113,7 @@ do
   fi
 
   # get certificate
-  python $path/$acme_tiny --account-key $account_key --csr $csr --acme-dir $acme_dir > $path/$arg/tmp.crt
+  python "$path/$acme_tiny" --account-key "$account_key" --csr "$csr" --acme-dir "$acme_dir" > "$arg/tmp.crt"
 
   if [ $? != 0 ]; then
     rm -rf $arg/tmp.crt
@@ -124,10 +121,10 @@ do
     continue
   fi
 
-  mv -f $arg/tmp.crt $path/$arg/$NAME.crt
+  mv -f "$arg/tmp.crt" "$path/$arg/$NAME.crt"
 
   # append letsencrypt cert
-  cat $arg/$NAME.crt $le_cert > $arg/$NAME.pem
+  cat "$arg/$NAME.crt" "$le_cert" > "$arg/$NAME.pem"
 
   echo "Certificate for \"$name\" successfully created!"
   counter=$((counter+1))