forked from wimdecorte/LE-dns-challenge-fms
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfms-renew-cert-dns-route53-scheduled.sh
executable file
·157 lines (126 loc) · 5.4 KB
/
fms-renew-cert-dns-route53-scheduled.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
#!/bin/bash
# exit when a variable isn't set
set -u
# prevents errors in a pipeline from being masked.
set -o pipefail
# setup
# -----------------------------------------------------
# load the variables from the conf file
# assumes that the conf file is in the same folder as this script
parent_path=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
cd "$parent_path"
filePath="01-fms-certbot.conf"
if [ ! -f "$filePath" ]; then
echo "missing ${filePath}"
exit 1
fi
while read -r LINE; do
# Remove leading and trailing whitespaces, and carriage return
CLEANED_LINE=$(echo "$LINE" | awk '{$1=$1};1' | tr -d '\r')
if [[ $CLEANED_LINE != '#'* ]] && [[ $CLEANED_LINE == *'='* ]]; then
export "$CLEANED_LINE"
fi
done < "$filePath"
# -----------------------------------------------------
# This script runs the certbot renewal and imports the certificate into FileMaker Server.
# Usage:
# ./fms-renew-cert-dns-route53.sh
# the relevant commands that need to run as sudo have the -E flag to preserve the environment variables
# Detects if FileMaker Server is still running
isServerRunning()
{
fmserver=$(ps axc | sed "s/.*:..... /\"/" | sed s/$/\"/ | grep fmserver)
if [[ -z $fmserver ]] ; then
return 0 # fmserver is not running
fi
return 1 # fmserver is running
}
# Used to redirect errors to stderr
err()
{
echo "$*" >&2
}
# Test to see if Certbot is installed
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
# Ubuntu
if [[ ! -e "/snap/bin/certbot" ]] ; then
err "[ERROR] Certbot not installed. Please install Certbot and run fm_request_cert.sh prior to running this script. Exiting..."
exit 1
fi
elif [[ "$OSTYPE" == "darwin"* ]]; then
# MacOS
if [[ ! -e "/opt/homebrew/bin/certbot" ]] ; then
err "[ERROR] Certbot not installed. Please install Certbot and run fm_request_cert.sh prior to running this script. Exiting..."
exit 1
fi
fi
if [ $PROMPT == 0 ] ; then
# FileMaker Admin Console Login Information
if [[ -n "${FAC_USERNAME}" ]]; then
FAC_USER="${FAC_USERNAME}"
else
err "[ERROR]: The FileMaker Server Admin Console Credentials was not set. Set FAC_USERNAME as an environment variable using export FAC_USERNAME="
err " If FAC_USERNAME and FAC_PASSWORD have been set, make sure to run the script using sudo -E ./fm_request_cert.sh"
err " Additionally, make sure that to set FAC_PASSWORD as an environment variable using export FAC_PASSWORD="
exit 1
fi
if [[ -n "${FAC_PASSWORD}" ]]; then
FAC_PASS="${FAC_PASSWORD}"
else
err "[ERROR]: The FileMaker Server Admin Console Credentials was not set. Set FAC_PASSWORD as an environment variable using export FAC_PASSWORD="
exit 1
fi
else
# Prompt user for values
echo " Enter the domain used to generate the certificate. If multiple domains were used, enter the name of the folder that the certificates should be found in."
read -p " > Domain: " DOMAIN
echo " To import the certificates and restart FileMaker Server, enter the FileMaker Admin Console credentials:"
read -s -p " > Username: " FAC_USER
echo ""
read -s -p " > Password: " FAC_PASS
echo ""
echo " Do you want to restart FileMaker Server after the certificate is generated?"
read -p " > Restart (0 for no, 1 for yes): " RESTART_SERVER
echo " Do you want to generate a test certificate?"
read -p " > Test Validation (0 for no, 1 for yes): " TEST_CERTIFICATE
echo " Enter the AWS Access Key for AWS user account."
read -p " > AWS key: " AWS_KEY
echo " Enter the AWS Access Secret for AWS user account."
read -p " > AWS secret: " AWS_SECRET
if [[ $TEST_CERTIFICATE -eq 0 ]] ; then
echo " Do you want to force renew the certificate?"
read -p " > Force Renew (0 for no, 1 for yes): " FORCE_RENEW
fi
fi
# DO NOT EDIT - FileMaker Directories
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
CERTBOTPATH="/opt/FileMaker/FileMaker Server/CStore/Certbot"
elif [[ "$OSTYPE" == "darwin"* ]]; then
CERTBOTPATH="/Library/FileMaker Server/CStore/Certbot"
fi
# Set up paths for necessary directories
if [[ ! -e "$CERTBOTPATH" ]] ; then
err "[WARNING] $CERTBOTPATH not found. Certificate likely does not exist."
exit 1
fi
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
# run the certbot command
if [[ $TEST_CERTIFICATE -eq 1 ]] ; then
echo "Generating test certificate request."
sudo -E certbot renew --dns-route53 --dry-run --cert-name $DOMAIN --config-dir "$CERTBOTPATH" --work-dir "$CERTBOTPATH" --logs-dir "$CERTBOTPATH"
else
echo "Generating certificate request."
if [[ $FORCE_RENEW -eq 1 ]] ; then
sudo -E certbot renew --dns-route53 --cert-name $DOMAIN --force-renew --config-dir "$CERTBOTPATH" --work-dir "$CERTBOTPATH" --logs-dir "$CERTBOTPATH" --deploy-hook "./fms-import-cert.sh"
else
sudo -E certbot renew --dns-route53 --cert-name $DOMAIN --config-dir "$CERTBOTPATH" --work-dir "$CERTBOTPATH" --logs-dir "$CERTBOTPATH" --deploy-hook "./fms-import-cert.sh"
fi
fi
# capture return code for running certbot command
RETVAL=$?
echo "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -"
if [[ $RETVAL != 0 ]] ; then
err "[ERROR]: Certbot returned with a nonzero failure code. Check $CERTBOTPATH/letsencrypt.log for more information."
exit 1
fi
exit 0