gru/skrypty_narzedzia
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
skrypty_narzedzia/getcert.py
gru c88b417eb0 Add getcert.py 
pojedynczy cert (via rfc2136)
2025-05-24 11:51:31 +02:00

105 lines
2.9 KiB
Python
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

import subprocess
import os
import sys
# Konfiguracja
DOMAIN = "ldns1.linuxiarz.pl"
WILDCARD_DOMAIN = f"*.{DOMAIN}"
INSTALL_DIR = "/root/.acme.sh/"
DNS_SERVER = "linuxiarz.pl"
KEY_FILE = "/root/tsig.key"
KEY_NAME = "certbot-key"
KEY_ALGO = "hmac-sha512"
SYSTEMD_SERVICE = "AdGuardHome.service"
CERT_DIR = "/etc/ssl/wildcard-linuxiarz.pl"
CERT_KEY_PATH = f"{CERT_DIR}/key.key"
CERT_FULLCHAIN_PATH = f"{CERT_DIR}/cert.crt"
def set_env():
os.environ["NSUPDATE_SERVER"] = DNS_SERVER
os.environ["NSUPDATE_KEY"] = KEY_FILE
os.environ["NSUPDATE_KEY_NAME"] = KEY_NAME
os.environ["NSUPDATE_KEY_ALGO"] = KEY_ALGO
os.environ["NSUPDATE_TIMEOUT"] = "120"
os.environ["RFC2136_SERVER"] = DNS_SERVER
os.environ["RFC2136_KEY"] = KEY_FILE
os.environ["RFC2136_KEY_NAME"] = KEY_NAME
os.environ["RFC2136_KEY_ALGO"] = KEY_ALGO
os.environ["RFC2136_TIMEOUT"] = "120"
def run_command(cmd):
result = subprocess.run(cmd, shell=True, text=True, capture_output=True)
output = result.stdout + result.stderr
# Rozpoznaj "Skipping" jako nie-błąd
if result.returncode != 0:
if "Skipping. Next renewal time is" in output:
print(output)
print(" Certyfikat jeszcze nie wymaga odnowienia. Pominięto.")
return False # ← cert nieodnowiony
else:
print(f"❌ Błąd wykonania komendy [{cmd}]:\n{output}")
sys.exit(1)
print(output)
return True
def issue_cert():
print(f"Generowanie certyfikatu {DOMAIN}")
cmd = (
f"{INSTALL_DIR}/acme.sh --log --set-default-ca --server letsencrypt "
f"--issue --dns dns_nsupdate "
f"-d {DOMAIN} "
f"--yes-I-know-dns-manual-mode-enough-go-ahead-please"
)
run_command(cmd)
install_cert()
def renew_cert(force=False):
print(f"Odnawianie certyfikatu {DOMAIN}")
cmd = (
f"{INSTALL_DIR}/acme.sh --renew "
f"-d {DOMAIN} "
f"--dns dns_nsupdate"
)
if force:
cmd += " --force"
updated = run_command(cmd)
if updated or force:
install_cert()
else:
print("⏭️ Pominięto instalację, certyfikat nie został zmieniony.")
def install_cert():
print("Instalacja certyfikatu...")
os.makedirs(CERT_DIR, exist_ok=True)
cmd = (
f"{INSTALL_DIR}/acme.sh --install-cert "
f"-d {DOMAIN} "
f"--key-file {CERT_KEY_PATH} "
f"--fullchain-file {CERT_FULLCHAIN_PATH} "
f"--reloadcmd \"systemctl restart {SYSTEMD_SERVICE}\""
)
run_command(cmd)
def main():
if len(sys.argv) < 2:
print("Użycie: python getcert.py [issue|renew] [force]")
sys.exit(1)
set_env()
action = sys.argv[1]
force = len(sys.argv) > 2 and sys.argv[2] == "force"
if action == "issue":
issue_cert()
elif action == "renew":
renew_cert(force)
else:
print("Nieznane polecenie. Użyj: issue lub renew")
sys.exit(1)
if __name__ == "__main__":
main()
Reference in New Issue View Git Blame Copy Permalink