symbiosis-ssl 2.85 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#!/usr/bin/ruby
# 
# NAME
#
#   symbiosis-ssl - Manage and generate SSL certificates 
#
# SYNOPSIS
#
#   symbiosis-ssl [ --no-generate ] [ --no-rollover ] [ --verbose ] [ --manual ]
#     [ --help ] [ DOMAIN DOMAIN ...]
#
# OPTIONS
#
#  --no-generate    Do not try and generate keys or certificates.
#
#  --no-rollover    Do not try and generate keys or certificates.
#
#  --prefix PREFIX  Set the directory prefix for Symbiosis.  Defaults to /srv.
#
#   --help        Show the help information for this script.
#
#   --manual      Show the manual for this script
#
#   --verbose     Show debugging information.
#
# AUTHOR
#
#   Patrick J. Cherry <patrick@bytemark.co.uk>
#

#
#  Modules we require
#

require 'getoptlong'

opts = GetoptLong.new(
    [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
    [ '--manual', '-m', GetoptLong::NO_ARGUMENT ],
    [ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
    [ '--no-generate', '-G', GetoptLong::NO_ARGUMENT ],
    [ '--no-rollover', '-R', GetoptLong::NO_ARGUMENT ],
    [ '--prefix', '-p', GetoptLong::REQUIRED_ARGUMENT ]
)

manual = help = false
$VERBOSE = false
prefix = nil
provider = "letsencrypt"

opts.each do |opt,arg|
  case opt
    when '--help'
      help = true
    when '--manual'
      manual = true
    when '--verbose'
      $VERBOSE = true
  end
end

#
# Output help as required.
#
if help or manual
  require 'symbiosis/utils'
  Symbiosis::Utils.show_help(__FILE__) if help
  Symbiosis::Utils.show_manual(__FILE__) if manual
  exit 0
end

require 'symbiosis/domain/ssl'
require 'symbiosis/ssl'

domains = []

ARGV.each do |arg|
  domain = Symbiosis::Domains.find(arg.to_s, prefix)

  if domain.nil?
    warn "** Unable to find/parse domain #{arg.inspect}" 
    next
  end

  domains << domain
end

if ARGV.empty?
  domains = Symbiosis::Domains.all(prefix)
end

now = Time.now
threshold = 14

domains.each do |domain|
  puts "* Examining certificates for #{domain.name}" if $VERBOSE


  #
  # Stage 0: verify and check expiriy
  #
  cert_fn, key_fn = domain.ssl_find_matching_certificate_and_key
  expires_in = nil

  if cert_fn and key_fn
    domain.ssl_verify(cert_fn, key_fn)

    expires_in = ((domain.ssl_certificate.not_after - now)/86400.0).round
    if expires_in < 14
      puts "\t* The certificate is due to expire in #{expires_in} days"
    end

  else
    puts "\t* No valid certificates found."
  end

  #
  # Stage 1: Generate
  #
  if false == domain.ssl_provider
    puts "\t * Skipping because the ssl-provider has been set to false."
  elsif (expires_in.is_a?(Integer) and expires_in < threshold) or cert_fn.nil?
    #
    # Default to letsencrypt
    #
    domain.ssl_provider = "letsencrypt" if domain.ssl_provider.nil?

    puts "\t * Fetching a new certificate from #{domain.ssl_provider}."

    set = domain.ssl_fetch_certificate
    domain.ssl_write_set(set)

  end


  #
  # Stage 2: Roll over
  #
  domain.ssl_rollover

  
end