[Script] Tomcat certificado Lets Encrypt automatizado

Scripts para automa
Avatar do usuário
marceloleaes
Administrator
Administrator
Mensagens: 1516
Registrado em: 10 Jun 2013 12:45
Localização: Novo Hamburgo
Idade: 41
Contato:
Status: Offline

[Script] Tomcat certificado Lets Encrypt automatizado

Mensagem por marceloleaes »

Segue script para automatizar a geração e manutenção de um certificado Lets Encrypt no Tomcat

Código: Selecionar todos

#!/bin/bash
set -ex
DOMAIN=""
TOMCAT_KEY_PASS=""
CERTBBOT_BIN="/usr/local/bin/certbot-auto"
EMAIL_NOTIFICATION="email_address"

# Install certbot

install_certbot () {
    if [[ ! -f /usr/local/bin/certbot-auto ]]; then
        wget https://dl.eff.org/certbot-auto -P /usr/local/bin
        chmod a+x $CERTBOT_BIN
    fi
}

# Attempt cert renewal:
renew_ssl () {
    ${CERTBOT_BIN} renew  > /tmp/crt.txt
    cat /tmp/crt.txt | grep "No renewals were attempted"
    if [[ $? -eq "0" ]]; then
        echo "Cert not yet due for renewal"
        exit 0
    else

    # Create Letsencypt ssl dir if doesn't exist
    echo "Renewing ssl certificate..."

    # create a PKCS12 that contains both your full chain and the private key
     rm -f /tmp/${DOMAIN}_fullchain_and_key.p12 2>/dev/null
     openssl pkcs12 -export -out /tmp/${DOMAIN}_fullchain_and_key.p12 \
       -passin pass:$TOMCAT_KEY_PASS \
       -passout pass:$TOMCAT_KEY_PASS \
       -in /etc/letsencrypt/live/$DOMAIN/fullchain.pem \
       -inkey /etc/letsencrypt/live/$DOMAIN/privkey.pem \
       -name tomcat
 fi
 }

      # Convert that PKCS12 to a JKS
    rm -f /etc/ssl/${DOMAIN}.jks 2>/dev/null
    keytool -importkeystore -deststorepass $TOMCAT_KEY_PASS -destkeypass $TOMCAT_KEY_PASS \
      -destkeystore /etc/ssl/${DOMAIN}.jks -srckeystore /tmp/${DOMAIN}_fullchain_and_key.p12  \
      -srcstoretype PKCS12 -srcstorepass $TOMCAT_KEY_PASS \
      -alias tomcat

# Send email notification on completion
send_email_notification () {
    if [[ $? -eq "0" ]]; then
        echo " Retarting tomcat server"
        systemctl restart tomcat
        if [[ $? -eq "0" ]]; then
            echo "" > /tmp/success
            echo "Letsencrypt ssl certificate for $DOMAIN successfully renewed by cron job." >> /tmp/success
            echo "" >> /tmp/success
            echo "Tomcat successfully restarted after renewal" >> /tmp/success
            mail -s "$DOMAIN Letsencrypt renewal" [email protected] < /tmp/success
        else
            echo "" > /tmp/failure
            echo "Letsencrypt ssl certificate for $DOMAIN renewal by cron job failed." >> /tmp/failure
            echo "" >> /tmp/failure
            echo "Try again manually.." >> /tmp/failure
            mail -s "$DOMAIN Letsencrypt renewal" $EMAIL_NOTIFICATION < /tmp/failure
        fi
    fi
}

# Main

install_certbot
renew_ssl
send_email_notification
Autor: Josphat Mutai



Voltar para “Scripts”