aboutsummaryrefslogtreecommitdiffstats
path: root/matrix-server/certbot
diff options
context:
space:
mode:
Diffstat (limited to 'matrix-server/certbot')
-rw-r--r--matrix-server/certbot/Dockerfile4
-rw-r--r--matrix-server/certbot/scripts/concatenate-certificates.sh5
-rw-r--r--matrix-server/certbot/scripts/create-certificates.sh10
-rw-r--r--matrix-server/certbot/scripts/renew-certificates.sh18
-rw-r--r--matrix-server/certbot/scripts/update-haproxy-certificates.sh10
5 files changed, 47 insertions, 0 deletions
diff --git a/matrix-server/certbot/Dockerfile b/matrix-server/certbot/Dockerfile
new file mode 100644
index 0000000..dc6369b
--- /dev/null
+++ b/matrix-server/certbot/Dockerfile
@@ -0,0 +1,4 @@
+FROM certbot/certbot:v1.11.0
+RUN apk update && apk add socat
+COPY ./scripts/ /etc/scripts/
+EXPOSE 380
diff --git a/matrix-server/certbot/scripts/concatenate-certificates.sh b/matrix-server/certbot/scripts/concatenate-certificates.sh
new file mode 100644
index 0000000..5238a9b
--- /dev/null
+++ b/matrix-server/certbot/scripts/concatenate-certificates.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+if [ -f /etc/letsencrypt/live/davole.com/fullchain.pem -a -f /etc/letsencrypt/live/davole.com/privkey.pem ]; then
+ cat /etc/letsencrypt/live/davole.com/fullchain.pem /etc/letsencrypt/live/davole.com/privkey.pem > /etc/certificates/davole.com.pem
+fi
diff --git a/matrix-server/certbot/scripts/create-certificates.sh b/matrix-server/certbot/scripts/create-certificates.sh
new file mode 100644
index 0000000..5fb6345
--- /dev/null
+++ b/matrix-server/certbot/scripts/create-certificates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+# Request certificates
+certbot certonly --standalone \
+ --non-interactive --agree-tos --email info@davole.com --http-01-port=380 \
+ --cert-name davole.com \
+ -d davole.com
+# Concatenate certificates
+. /etc/scripts/concatenate-certificates.sh
+# Update certificates in HAProxy
+. /etc/scripts/update-haproxy-certificates.sh
diff --git a/matrix-server/certbot/scripts/renew-certificates.sh b/matrix-server/certbot/scripts/renew-certificates.sh
new file mode 100644
index 0000000..e46d412
--- /dev/null
+++ b/matrix-server/certbot/scripts/renew-certificates.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+
+# Certificates exist
+if [ -d /etc/letsencrypt/live/davole.com ]; then
+ # Check certificates and renew them
+ certbot renew --http-01-port=380
+
+ # Concatenate certificates
+ . /etc/scripts/concatenate-certificates.sh
+
+ # Update certificates in HAProxy
+ . /etc/scripts/update-haproxy-certificates.sh
+
+# Certificates don't exist
+else
+ # Execute certificate creation script
+ . /etc/scripts/create-certificates.sh
+fi
diff --git a/matrix-server/certbot/scripts/update-haproxy-certificates.sh b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
new file mode 100644
index 0000000..a1f9fc6
--- /dev/null
+++ b/matrix-server/certbot/scripts/update-haproxy-certificates.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# Start transaction
+echo -e "set ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem <<\n$(cat /etc/certificates/davole.com.pem)\n" | socat tcp-connect:haproxy:9999 -
+
+# Commit transaction
+echo "commit ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
+
+# Show certification info (not essential)
+echo "show ssl cert /usr/local/etc/haproxy/certificates/davole.com.pem" | socat tcp-connect:haproxy:9999 -
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 13:39:46 +0000