diff --git a/files/sbin/certbot_renew b/files/sbin/certbot_renew index 8040385..d903d06 100644 --- a/files/sbin/certbot_renew +++ b/files/sbin/certbot_renew @@ -2,4 +2,4 @@ /usr/bin/env sleep $(($RANDOM % 3600)); /opt/certbot/bin/pip install --upgrade certbot certbot-nginx certbot-dns-ovh -/usr/bin/env certbot renew +/usr/bin/env certbot renew --cert-name netoik.io diff --git a/netoik-rp.spec b/netoik-rp.spec index 4ac52fa..64483f8 100644 --- a/netoik-rp.spec +++ b/netoik-rp.spec @@ -23,41 +23,41 @@ Install the reverse proxy called nginx with a predefined configuration and with %post # Replace secrets in ovh.ini -%{_bindir}/env envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new -if %{_bindir}/env cmp --silent %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini; then - %{_bindir}/env rm %{_sysconfdir}/certbot/.ovh.ini.new +envsubst < %{_sysconfdir}/certbot/ovh.ini > %{_sysconfdir}/certbot/.ovh.ini.new +if cmp --silent %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini; then + rm %{_sysconfdir}/certbot/.ovh.ini.new else - %{_bindir}/env mv %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini - %{_bindir}/env chmod 600 %{_sysconfdir}/certbot/ovh.ini + mv %{_sysconfdir}/certbot/.ovh.ini.new %{_sysconfdir}/certbot/ovh.ini + chmod 600 %{_sysconfdir}/certbot/ovh.ini fi # Create virtualenv with certot if [ ! -d "/opt/certbot" ]; then - %{_bindir}/env python3 -m venv /opt/certbot + python3 -m venv /opt/certbot /opt/certbot/bin/pip install --upgrade pip certbot certbot-nginx certbot-dns-ovh - %{_bindir}/env ln --symbolic --force --target-directory %{_sbindir} /opt/certbot/bin/certbot + ln --symbolic --force --target-directory %{_sbindir} /opt/certbot/bin/certbot fi # Create certbot certificates -if [ ! -d "%{_sysconfdir}/letsencrypt/live/netoik.io" ] || [ ! -d "%{_sysconfdir}/letsencrypt/live/samuel-campos.fr" ]; then - %{_bindir}/env certbot certonly --non-interactive --agree-tos --email "samuel.campos@netoik.io" --dns-ovh --dns-ovh-credentials "%{_sysconfdir}/certbot/ovh.ini" -d "*.netoik.io" -d "*.samuel-campos.fr" +if ! certbot certificates --cert-name netoik.io | grep --quiet netoik.io; then + certbot certonly --cert-name netoik.io --non-interactive --agree-tos --email samuel.campos@netoik.io --dns-ovh --dns-ovh-credentials %{_sysconfdir}/certbot/ovh.ini -d *.netoik.io -d *.samuel-campos.fr fi # Create ssl dh params if not already exists if [ ! -f "%{_sysconfdir}/letsencrypt/ssl-dhparams.pem" ]; then - %{_bindir}/env openssl dhparam -out %{_sysconfdir}/letsencrypt/ssl-dhparams.pem 2048 + openssl dhparam -out %{_sysconfdir}/letsencrypt/ssl-dhparams.pem 2048 fi # Restart services -%{_bindir}/env systemctl daemon-reload -%{_bindir}/env systemctl reenable --now nginx.service certbot-renew.timer +systemctl daemon-reload +systemctl reenable --now nginx.service certbot-renew.timer %postun # Remove folders after uninstall if [ $1 == 0 ]; then - %{_bindir}/env rm --recursive --force /opt/certbot - %{_bindir}/env rm --recursive --force %{_sysconfdir}/certbot - %{_bindir}/env rm --recursive --force %{_sysconfdir}/letsencrypt + certbot delete --cert-name netoik.io + rm --recursive --force /opt/certbot + rm --recursive --force %{_sysconfdir}/certbot fi %files @@ -74,7 +74,6 @@ fi %ghost %attr(755, root, root) %dir /opt/certbot %ghost %attr(755, root, root) %{_sbindir}/certbot -%ghost %attr(755, root, root) %dir %{_sysconfdir}/letsencrypt %ghost %attr(644, root, root) %{_sysconfdir}/letsencrypt/ssl-dhparams.pem %changelog