hello-dd-code
36 lines
976 B
Bash
Executable File
36 lines
976 B
Bash
Executable File
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# 用法:
|
|
# CERTBOT_CMD=/usr/bin/certbot NGINX_RELOAD_CMD="systemctl reload nginx" ./scripts/ops/renew_cert.sh
|
|
|
|
CERTBOT_CMD="${CERTBOT_CMD:-certbot}"
|
|
NGINX_RELOAD_CMD="${NGINX_RELOAD_CMD:-systemctl reload nginx}"
|
|
OPS_ALERT_WEBHOOK="${OPS_ALERT_WEBHOOK:-}"
|
|
ALERT_TITLE="${ALERT_TITLE:-[wx_service] HTTPS 证书续期失败}"
|
|
|
|
send_alert() {
|
|
local message="$1"
|
|
if [[ -z "${OPS_ALERT_WEBHOOK}" ]]; then
|
|
echo "ALERT: ${message}" >&2
|
|
return
|
|
fi
|
|
|
|
curl -fsS -X POST "${OPS_ALERT_WEBHOOK}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"title\":\"${ALERT_TITLE}\",\"message\":\"${message}\"}" >/dev/null || true
|
|
}
|
|
|
|
if ! "${CERTBOT_CMD}" renew --quiet; then
|
|
send_alert "certbot renew 执行失败,请立即检查生产证书状态。"
|
|
exit 1
|
|
fi
|
|
|
|
if ! bash -lc "${NGINX_RELOAD_CMD}"; then
|
|
send_alert "证书续期后 Nginx reload 失败,请检查服务状态。"
|
|
exit 1
|
|
fi
|
|
|
|
echo "certificate renew completed"
|
|
|