36 lines
1.1 KiB
Bash
Executable file
36 lines
1.1 KiB
Bash
Executable file
#!/bin/bash
|
|
set -euo pipefail
|
|
|
|
source $1
|
|
|
|
logger -t letsencrypt "Checking certificate ${LETSENCRYPT_CRT}"
|
|
daysleft=$(/usr/local/bin/acme-primitives.py remaining_days "${LETSENCRYPT_CRT}" || echo "0") 2>/dev/null
|
|
[ "$daysleft" -lt "$LETSENCRYPT_REMAININGDAYS" ] || { logger -t letsencrypt "Cert has ${LETSENCRYPT_REMAININGDAYS} days remaining, not renewing"; exit 0; }
|
|
|
|
folder="$(mktemp -d)"
|
|
cd "${folder}"
|
|
logger -t letsencrypt "Renewing certificate"
|
|
/usr/local/bin/acme-primitives.py get_cert --directory 'https://acme-v02.api.letsencrypt.org/directory' --acc /etc/ssl/letsencrypt_account.key --csr "${LETSENCRYPT_CSR}" /usr/local/bin/letsencrypt_deploy_challenge.sh > chained.pem
|
|
|
|
cat chained.pem "$LETSENCRYPT_KEY" > full.pem
|
|
openssl x509 -in chained.pem > cert.pem
|
|
|
|
chown -R root:ssl-cert .
|
|
chmod 0644 chained.pem
|
|
chmod 0644 cert.pem
|
|
chmod 0640 full.pem
|
|
|
|
mv chained.pem "$LETSENCRYPT_CHAIN"
|
|
mv cert.pem "$LETSENCRYPT_CRT"
|
|
mv full.pem "$LETSENCRYPT_FULL"
|
|
|
|
cd
|
|
rm -r "$folder"
|
|
|
|
logger -t letsencrypt "Success, restarting services ( ${LETSENCRYPT_SERVICES} )..."
|
|
|
|
for i in ${LETSENCRYPT_SERVICES}; do
|
|
/bin/systemctl restart "${i}"
|
|
done
|
|
|
|
logger -t letsencrypt "done"
|