load domain.conf only when renewal.

2025-10-31 02:17:18 +00:00 · 2016-01-14 22:46:50 +08:00 · 2016-01-14 22:46:50 +08:00 · 5f68af17d2
commit 5f68af17d2
parent a178095f8f
1 changed files with 37 additions and 17 deletions
--- a/le.sh
+++ b/le.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-VER=1.0.4
+VER=1.0.5
 PROJECT="https://github.com/Neilpang/le"

 DEFAULT_CA="https://acme-v01.api.letsencrypt.org"
@ -83,8 +83,15 @@ createDomainKey() {
  fi
  _initpath $domain
  
-  if [ -f "$CERT_KEY_PATH" ] ; then 
-    _info "Domain key exists, skip"
+  if [ -f "$CERT_KEY_PATH" ] && ! [ "$FORCE" ] ; then 
+    if [ "$IS_RENEW" ] ; then
+      _info "Domain key exists, skip"
+      return 0
+    else
+      _err "Domain key exists, do you want to overwrite the key?"
+      _err "Set FORCE=1, and try again."
+      return 1
+    fi
  else
    #generate account key
    openssl genrsa $length > "$CERT_KEY_PATH"
@ -103,7 +110,7 @@ createCSR() {
  
  domainlist=$2
  
-  if [ -f "$CSR_PATH" ] ; then
+  if [ -f "$CSR_PATH" ]  && [ "$IS_RENEW" ]; then
    _info "CSR exists, skip"
    return
  fi
@ -367,8 +374,8 @@ _clearup () {
 }

 issue() {
-  if [ -z "$1" ] ; then
-    echo "Usage: le  issue  webroot|no|apache   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no"
+  if [ -z "$2" ] ; then
+    _err "Usage: le  issue  webroot|no|apache   a.com  [www.a.com,b.com,c.com]|no   [key-length]|no  [cert-file-path]|no  [key-file-path]|no  [ca-cert-file-path]|no   [reloadCmd]|no"
    return 1
  fi
  Le_Webroot="$1"
@ -380,16 +387,13 @@ issue() {
  Le_RealCACertPath="$7"
  Le_ReloadCmd="$8"

-  if [ -z "$Le_Domain" ] ; then 
-    Le_Domain="$1"
-  fi
  
  _initpath $Le_Domain
  
  if [ -f "$DOMAIN_CONF" ] ; then
-    source "$DOMAIN_CONF"
+    Le_NextRenewTime=$(grep "^Le_NextRenewTime=" "$DOMAIN_CONF" | cut -d '=' -f 2)
    if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then 
-      _info "Skip, Next renewal time is: $Le_NextRenewTimeStr"
+      _info "Skip, Next renewal time is: $(grep "^Le_NextRenewTimeStr" "$DOMAIN_CONF" | cut -d '=' -f 2)"
      return 2
    fi
  fi
@ -450,9 +454,15 @@ issue() {

  createAccountKey $Le_Domain $Le_Keylength
  
-  createDomainKey $Le_Domain $Le_Keylength
+  if ! createDomainKey $Le_Domain $Le_Keylength ; then 
+    _err "Create domain key error."
+    return 1
+  fi
  
-  createCSR  $Le_Domain  $Le_Alt
+  if ! createCSR  $Le_Domain  $Le_Alt ; then
+    _err "Create CSR error."
+    return 1
+  fi

  pub_exp=$(openssl rsa -in $ACCOUNT_KEY_PATH  -noout -text | grep "^publicExponent:"| cut -d '(' -f 2 | cut -d 'x' -f 2 | cut -d ')' -f 1)
  if [ "${#pub_exp}" == "5" ] ; then
@ -674,12 +684,22 @@ issue() {
 renew() {
  Le_Domain="$1"
  if [ -z "$Le_Domain" ] ; then
-    echo Usage: $0  domain.com
+    _err "Usage: $0  domain.com"
    return 1
  fi

-  issue $Le_Domain
+  _initpath $Le_Domain

+  if [ -f "$DOMAIN_CONF" ] ; then
+    source "$DOMAIN_CONF"
+    if [ -z "$FORCE" ] && [ "$Le_NextRenewTime" ] && [ "$(date -u "+%s" )" -lt "$Le_NextRenewTime" ] ; then 
+      _info "Skip, Next renewal time is: $Le_NextRenewTimeStr"
+      return 2
+    fi
+  fi
+  IS_RENEW="1"
+  issue "$Le_Webroot" "$Le_Domain" "$Le_Alt" "$Le_Keylength" "$Le_RealCertPath" "$Le_RealKeyPath" "$Le_RealCACertPath" "$Le_ReloadCmd"
+  IS_RENEW=""
 }

 renewAll() {