cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
1d22d789b85ce95260ce0e15f1ce16b3327b30a0
haproxy-manager-base/scripts/host-renew-certificates.sh
Josh Knapp 1d22d789b8
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 59s
Details
Simplify certificate renewal scripts and add certbot cleanup 
Simplified all certificate renewal scripts to be more straightforward and reliable:
- Scripts now just run certbot renew and copy cert+key files to HAProxy format
- Removed overly complex retry logic and error handling
- Both in-container and host-side scripts work with cron scheduling

Added automatic certbot cleanup when domains are removed:
- When a domain is deleted via API, certbot certificate is also removed
- Prevents renewal errors for domains that no longer exist in HAProxy
- Cleans up both HAProxy combined cert and Let's Encrypt certificate

Script changes:
- renew-certificates.sh: Simplified to 87 lines (from 215)
- sync-certificates.sh: Simplified to 79 lines (from 200+)
- host-renew-certificates.sh: Simplified to 36 lines (from 40)
- All scripts use same pattern: query DB, copy certs, reload HAProxy

Python changes:
- remove_domain() now calls 'certbot delete' to remove certificates
- Prevents orphaned certificates from causing renewal failures

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-20 09:56:56 -08:00

37 lines
946 B
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Host-side Certificate Renewal Script
# Run this from the host machine via cron to trigger certificate renewal inside the container
set -e
# Configuration
CONTAINER_NAME="${CONTAINER_NAME:-haproxy-manager}"
LOG_FILE="${LOG_FILE:-/var/log/haproxy-manager-host-renewal.log}"
# Logging
log_info() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [INFO] $*" | tee -a "$LOG_FILE"
}
log_error() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [ERROR] $*" | tee -a "$LOG_FILE"
}
log_info "Starting certificate renewal"
# Check if container is running
if ! docker ps --format '{{.Names}}' | grep -q "^${CONTAINER_NAME}$"; then
log_error "Container '${CONTAINER_NAME}' is not running"
exit 1
fi
# Run renewal script inside container
if docker exec "$CONTAINER_NAME" /haproxy/scripts/renew-certificates.sh; then
log_info "Certificate renewal completed"
exit 0
else
log_error "Certificate renewal failed"
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink