symbiosis-ssl 3.38 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/ruby
# 
# NAME
#
#   symbiosis-ssl - Manage and generate SSL certificates 
#
# SYNOPSIS
#
#   symbiosis-ssl [ --no-generate ] [ --no-rollover ] [ --verbose ] [ --manual ]
#     [ --help ] [ DOMAIN DOMAIN ...]
#
# OPTIONS
#
#  --no-generate    Do not try and generate keys or certificates.
#
#  --no-rollover    Do not try and generate keys or certificates.
#
#  --prefix PREFIX  Set the directory prefix for Symbiosis.  Defaults to /srv.
#
#   --help        Show the help information for this script.
#
#   --manual      Show the manual for this script
#
#   --verbose     Show debugging information.
#
# AUTHOR
#
#   Patrick J. Cherry <patrick@bytemark.co.uk>
#

#
#  Modules we require
#

require 'getoptlong'

opts = GetoptLong.new(
    [ '--help', '-h', GetoptLong::NO_ARGUMENT ],
    [ '--manual', '-m', GetoptLong::NO_ARGUMENT ],
    [ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
    [ '--no-generate', '-G', GetoptLong::NO_ARGUMENT ],
    [ '--no-rollover', '-R', GetoptLong::NO_ARGUMENT ],
    [ '--prefix', '-p', GetoptLong::REQUIRED_ARGUMENT ]
)

manual = help = false
$VERBOSE = false
48
prefix = "/srv"
49
50
51
52
53
54
55

opts.each do |opt,arg|
  case opt
    when '--help'
      help = true
    when '--manual'
      manual = true
56
57
    when '--prefix'
      prefix = arg
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
    when '--verbose'
      $VERBOSE = true
  end
end

#
# Output help as required.
#
if help or manual
  require 'symbiosis/utils'
  Symbiosis::Utils.show_help(__FILE__) if help
  Symbiosis::Utils.show_manual(__FILE__) if manual
  exit 0
end

73
74
75
76
77
78
79
80
#
# The required spawn a massive stack of warnings in verbose mode.  So let's
# hide them.
#
v = $VERBOSE
$VERBOSE = false

require 'symbiosis/domains'
81
82
require 'symbiosis/domain/ssl'
require 'symbiosis/ssl'
83
84
85
86
87
88
89
90
require 'symbiosis/ssl/letsencrypt'
require 'symbiosis/ssl/selfsigned'

#
# And unhide.  Ugh.
#
$VERBOSE = v

91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117

domains = []

ARGV.each do |arg|
  domain = Symbiosis::Domains.find(arg.to_s, prefix)

  if domain.nil?
    warn "** Unable to find/parse domain #{arg.inspect}" 
    next
  end

  domains << domain
end

if ARGV.empty?
  domains = Symbiosis::Domains.all(prefix)
end

now = Time.now
threshold = 14

domains.each do |domain|
  puts "* Examining certificates for #{domain.name}" if $VERBOSE

  #
  # Stage 0: verify and check expiriy
  #
118
  set = domain.ssl_current_set
119
  set = domain.ssl_available_sets.last unless set.is_a?(Symbiosis::SSL::CertificateSet)
120

121
  expires_in = nil
122

123
  if set.is_a?(Symbiosis::SSL::CertificateSet)
124
    expires_in = ((set.certificate.not_after - now)/86400.0).round
125
    if expires_in < 14
126
      puts "\tThe certificate is due to expire in #{expires_in} days" if $VERBOSE
127
128
129
    end

  else
130
    puts "\tNo valid certificates found." if $VERBOSE
131
132
133
134
135
136
  end

  #
  # Stage 1: Generate
  #
  if false == domain.ssl_provider
137
138
139
    puts "\tSkipping because the ssl-provider has been set to false." if $VERBOSE

  elsif (expires_in.is_a?(Integer) and expires_in < threshold) or set.nil?
140
141
142
143
144
    #
    # Default to letsencrypt
    #
    domain.ssl_provider = "letsencrypt" if domain.ssl_provider.nil?

145
    puts "\tFetching a new certificate from #{domain.ssl_provider}." if $VERBOSE
146

147
148
149
150
151
152
153
154
155
    begin
      cert_set = domain.ssl_fetch_new_certificate
      cert_set.name = domain.ssl_next_set
      cert_set.write
    rescue StandardError => err
      puts "\t!! Failed: #{err.to_s.gsub($/,'')}" if $VERBOSE
      puts err.backtrace.join("\n") if $DEBUG
    end

156
157
158
159
160
161
162
163
164
165
166
  end


  #
  # Stage 2: Roll over
  #
  domain.ssl_rollover
end