Add scheduled Gitlab CI job which uses acme.sh and DNS challenge

parent 06bb0465
......@@ -17,3 +17,18 @@ pages:
- public
only:
- master
letsencrypt-renewal:
image: neilpang/acme.sh
only:
- schedules
variables:
GITLAB_TOKEN: $GITLAB_TOKEN
GITLAB_PROJECT_ID: "1926532"
GITLAB_DOMAIN: librehealth.io
GANDI_LIVEDNS_KEY: $GANDI_LIVEDNS_KEY
before_script:
- apk add --update bash
- export PATH=$PATH:$CI_PROJECT_DIR/scripts
script:
- letsencrypt_generate.sh
#!/bin/bash
end_epoch=$(date -d "$(echo | openssl s_client -connect librehealth.io:443 -servername librehealth.io 2>/dev/null | openssl x509 -enddate -noout | cut -d'=' -f2)" "+%s")
current_epoch=$(date "+%s")
renew_days_threshold=30
days_diff=$((($end_epoch - $current_epoch) / 60 / 60 / 24))
if [ $days_diff -lt $renew_days_threshold ]; then
echo "Certificate is $days_diff days old, renewing now."
acme.sh --issue -d librehealth.io --dns dns_gandi_livedns --accountemail infrastructure@librehealth.io --always-force-new-domain-key --days 30
echo "acme.sh finished. Updating GitLab Pages domains."
acme.sh --deploy --deploy-hook gitlab -d librehealth.io
else
echo "Certificate still valid for $days_diff days, no renewal required."
fi
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment