From 0a07215d422f8f606a41d822436e6c6dd93d001f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Tue, 10 Jan 2023 12:56:33 +0100
Subject: Working product.

---
 files/letsencrypt-renew.service |  3 +--
 files/run_certbot.py            | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 files/run_certbot.py

(limited to 'files')

diff --git a/files/letsencrypt-renew.service b/files/letsencrypt-renew.service
index 253f260..f8f2c18 100644
--- a/files/letsencrypt-renew.service
+++ b/files/letsencrypt-renew.service
@@ -4,5 +4,4 @@ Documentation=man:certbot(1)
 
 [Service]
 Type=oneshot
-EnvironmentFile=/etc/letsencrypt/env/%i
-ExecStart=certbot --text --agree-tos --non-interactive certonly --rsa-key-size 4086 --cert-name '%i' -a $AUTHENTICATOR $DOMAINS --post-hook $POST_HOOK --quiet --keep-until-expiring
+ExecStart=/etc/letsencrypt/renew_cert %i
diff --git a/files/run_certbot.py b/files/run_certbot.py
new file mode 100644
index 0000000..f81f707
--- /dev/null
+++ b/files/run_certbot.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+
+"""
+Gathers domain names to give to certbot, and then execs
+certbot. "Required" to send multiple domain names
+
+File managed by Puppet
+"""
+
+# Script should be compatible with both Python2 and Python3
+
+from __future__ import print_function
+import sys
+import os
+
+if len(sys.argv) != 2:
+    print('Takes exactly one argument: the certificates name',
+          file=sys.stderr)
+    os.exit(1)
+
+
+cert_name = sys.argv[1]
+here = os.path.dirname(sys.argv[0])
+
+cmdline = ['certbot', '--config', os.path.join(here, cert_name + ".ini")]
+with open(os.path.join(here, cert_name + '.domains')) as f:
+    for line in f:
+        if not line:
+            continue
+        if line[0] == '#':
+            continue
+        cmdline += ['-d', line.strip()]
+cmdline += ['certonly']
+
+os.execvp('certbot', cmdline)
-- 
cgit v1.2.3