41 lines
1.3 KiB
Bash
41 lines
1.3 KiB
Bash
#!/bin/bash
|
|
set -e
|
|
|
|
echo "### Starting entrypoint script..."
|
|
|
|
# Debug information
|
|
echo "### Current certificate state:"
|
|
find /etc/letsencrypt -type f -name "*.pem" | xargs ls -la
|
|
|
|
# Check for staging certificates - look in all possible locations
|
|
STAGING_FOUND=false
|
|
if find /etc/letsencrypt -type f -name "*.pem" | xargs grep -q "STAGING"; then
|
|
STAGING_FOUND=true
|
|
echo "WARNING: Staging certificate detected. Cleaning up all certificate data..."
|
|
rm -rf /etc/letsencrypt/live
|
|
rm -rf /etc/letsencrypt/archive
|
|
rm -rf /etc/letsencrypt/renewal
|
|
mkdir -p /etc/letsencrypt/live
|
|
mkdir -p /etc/letsencrypt/archive
|
|
fi
|
|
|
|
# Check if we have certificates already or if we cleaned staging certs
|
|
if [ "$STAGING_FOUND" = true ] || [ ! -d /etc/letsencrypt/live/web.sessionzero.app ]; then
|
|
echo "Need to obtain new certificates, running init script..."
|
|
/init-letsencrypt.sh
|
|
|
|
# Double-check after init script
|
|
if grep -q "STAGING" /etc/letsencrypt/live/web.sessionzero.app/cert.pem 2>/dev/null; then
|
|
echo "ERROR: Still using STAGING certificates after cleanup. Please check your configuration manually."
|
|
else
|
|
echo "SUCCESS: Production certificates verified."
|
|
fi
|
|
fi
|
|
|
|
# Set up automatic renewal
|
|
echo "0 0,12 * * * certbot renew --quiet" > /etc/crontabs/root
|
|
crond
|
|
|
|
# Start nginx in foreground
|
|
exec nginx -g 'daemon off;'
|