DasAoD/acme-deploy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Modular acme.sh certificate deploy scripts for Nginx, Unraid, Webmin, Technitium, CUPS, WGDashboard — with HTML status report via email.
8 commits 1 branch 0 tags 47 KiB
  • Shell 100%
Find a file
Exact
DanieleU c17b4bb73a README.md: Mitwirkenden-Block hinzugefügt 
- Abschnitt 'Mitwirkende' vor Lizenz eingefügt
- Verlinkung auf DasAoD und Claude (Forgejo)

Co-authored-by: Claude <claude@anthropic.com>
2026-06-14 14:12:47 +02:00
.gitignore feat: initial commit 2026-03-17 02:57:11 +01:00
01-nginx.sh.example feat: initial commit 2026-03-17 02:57:11 +01:00
02-unraid.sh.example feat: add missing deploy script examples and update README 2026-03-17 03:03:14 +01:00
03-webmin.sh.example feat: add missing deploy script examples and update README 2026-03-17 03:03:14 +01:00
04-wgdashboard.sh.example feat: add missing deploy script examples and update README 2026-03-17 03:03:14 +01:00
05-cups.sh.example feat: add missing deploy script examples and update README 2026-03-17 03:03:14 +01:00
06-npm.sh.example Add NPM deploy script for custom certificate upload 2026-04-14 22:02:50 +02:00
98-technitium.sh.example feat: add missing deploy script examples and update README 2026-03-17 03:03:14 +01:00
99-mail.sh.example Fix host column line wrapping in HTML email report 2026-04-14 22:18:02 +02:00
all.sh.example feat: initial commit 2026-03-17 02:57:11 +01:00
common.sh.example feat: initial commit 2026-03-17 02:57:11 +01:00
LICENSE chore: add MIT license 2026-03-17 03:09:44 +01:00
README.md README.md: Mitwirkenden-Block hinzugefügt 2026-06-14 14:12:47 +02:00

README.md

acme-deploy

A modular shell script framework for automatically deploying acme.sh certificates to multiple services and hosts after renewal.

After each successful certificate renewal, acme.sh triggers all.sh, which runs all deploy scripts in order and sends an HTML status report by email.

Features

  • Modular deploy scripts — one per service (Nginx, Technitium, Unraid, Webmin, CUPS, WGDashboard, …)
  • Shared common.sh with a reusable log_status helper
  • Automatic status logging per component and host
  • HTML email report with component/host/status table and summary
  • Certificate expiry date shown in the report
  • Easy to extend with new services

Structure

local-deploy/
├── common.sh.example          # Shared helper: log_status()
├── all.sh.example             # Orchestrator — runs all scripts in order
├── 01-nginx.sh.example        # Deploy to local Nginx
├── 02-unraid.sh.example       # Deploy to Unraid NAS servers (rsync/SSH)
├── 03-webmin.sh.example       # Deploy to local and remote Webmin
├── 04-wgdashboard.sh.example  # Deploy to remote WGDashboard (Nginx)
├── 05-cups.sh.example         # Deploy to local CUPS print server
├── 06-npm.sh.example          # Deploy custom cert to Nginx Proxy Manager via API
├── 98-technitium.sh.example   # Deploy to Technitium DNS (PFX via SSH)
└── 99-mail.sh.example         # Send HTML deployment report by email

The actual .sh files (containing your personal paths, hostnames and credentials) are excluded via .gitignore. Copy each .sh.example to .sh and adjust the placeholders.

Add your own scripts following the naming convention XX-service.sh. They are picked up automatically by all.sh.

Setup

1. Clone the repository and copy the example scripts

git clone https://github.com/DasAoD/acme-deploy /path/to/acme.sh/local-deploy
cd /path/to/acme.sh/local-deploy

# Copy examples to actual scripts
for f in *.sh.example; do cp "$f" "${f%.example}"; done
chmod +x *.sh

2. Adjust placeholders

Each script contains clearly marked placeholders:

DOMAIN_DIR="/path/to/acme/domain"  # <-- adjust
HOST="server1.example.com"          # <-- adjust

Replace them with your actual paths and hostnames.

3. Create the log directory

mkdir -p /log/certuser

4. Register all.sh as acme.sh reload hook

Add to your domain config (~/.acme.sh/your.domain/your.domain.conf):

Le_ReloadCmd='/path/to/acme.sh/local-deploy/all.sh'

Or set it via acme.sh:

acme.sh --install-cert -d your.domain \
  --reloadcmd '/path/to/acme.sh/local-deploy/all.sh'

5. Configure email (99-mail.sh)

Make sure a working mail transport is available (msmtp, ssmtp, postfix, etc.). Adjust MAILTO, FROM and CERTFILE in 99-mail.sh.

Log Format

Each deploy script writes one line per host to the status log:

component hostname<TAB>✅ Erfolgreich
component hostname<TAB>❌ Fehler

Example:

nginx   server1.example.com     ✅ Erfolgreich
unraid  nas1.example.com        ✅ Erfolgreich
unraid  nas2.example.com        ❌ Fehler
webmin  server1.example.com     ✅ Erfolgreich

99-mail.sh reads this file and generates the HTML report.

Manual Run

/path/to/acme.sh/local-deploy/all.sh

With debug output:

bash -x /path/to/acme.sh/local-deploy/all.sh 2>&1 | tee /tmp/deploy-debug.log

Supported Services

Script Service Method
01-nginx.sh Nginx (local) File copy + reload
02-unraid.sh Unraid NAS Bundle PEM + rsync/SSH
03-webmin.sh Webmin (local + remote) Bundle PEM + rsync/SSH
04-wgdashboard.sh WGDashboard (remote Nginx) rsync/SSH
05-cups.sh CUPS (local) File copy + restart
06-npm.sh Nginx Proxy Manager REST API upload
98-technitium.sh Technitium DNS PFX via SSH + openssl

Notes

Scripts with separate Le_ReloadCmd

Some scripts (e.g. 06-npm.sh) deploy a different certificate than the one managed by all.sh. These require their own Le_ReloadCmd instead of being called by all.sh. See the header comment in the respective script for the exact command.

Mitwirkende

Dieses Projekt wurde in Zusammenarbeit mit Claude (Sonnet 4.6) von Anthropic entwickelt und iterativ ausgebaut.
Der überwiegende Teil des Codes, der Architektur und der Dokumentation wurde durch KI generiert und gemeinsam verfeinert.

Rolle Person / Tool
Projektidee, Anforderungen & Tests DasAoD
Code, Architektur, Dokumentation Claude (Anthropic)

License

MIT