#!/usr/bin/env python3 import os import time import subprocess hostnames = ','.join(set(host.strip() for host in os.environ['HOSTNAMES'].split(','))) command = [ "certbot", "-n", "--agree-tos", # non-interactive "-d", hostnames, "--expand", "--allow-subset-of-names", "-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]), "certonly", "--standalone", "--cert-name", "mailu", "--preferred-challenges", "http", "--http-01-port", "8008", "--keep-until-expiring", "--allow-subset-of-names", "--renew-with-new-domains", "--config-dir", "/certs/letsencrypt", "--post-hook", "/config.py" ] command2 = [ "certbot", "-n", "--agree-tos", # non-interactive "-d", hostnames, "--expand", "--allow-subset-of-names", "-m", "{}@{}".format(os.environ["POSTMASTER"], os.environ["DOMAIN"]), "certonly", "--standalone", "--cert-name", "mailu-ecdsa", "--preferred-challenges", "http", "--http-01-port", "8008", "--keep-until-expiring", "--allow-subset-of-names", "--key-type", "ecdsa", "--renew-with-new-domains", "--config-dir", "/certs/letsencrypt", "--post-hook", "/config.py" ] # if dane is used we recommend pinning to the key, so it should not change # ('true','yes') to be consistent with the logic in configuration.py if os.environ.get("TLS_REUSE_KEY", "false").lower() in ('true','yes'): command.append("--reuse-key") command2.append("--reuse-key") # Wait for nginx to start time.sleep(5) # Run certbot every day while True: subprocess.call(command) subprocess.call(command2) time.sleep(86400)