2018-04-09 14:21:01 +02:00
|
|
|
#!/bin/sh
|
|
|
|
|
2023-10-29 12:07:49 +01:00
|
|
|
PATH="$PATH:/sbin"
|
|
|
|
|
|
|
|
service=$1
|
|
|
|
fqdn=$2
|
2018-04-09 14:21:01 +02:00
|
|
|
|
|
|
|
die() {
|
|
|
|
echo "$@" >&2
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
|
2023-10-29 12:07:49 +01:00
|
|
|
if [ -z "${service}" ] || [ -z ${fqdn} ]; then
|
|
|
|
die "service and fqdn have to be set"
|
|
|
|
fi
|
|
|
|
|
|
|
|
base_dir="/etc/ssl/${service}"
|
2018-04-09 14:21:01 +02:00
|
|
|
|
2023-10-29 12:07:49 +01:00
|
|
|
openssl x509 -checkend 2678400 -noout -in $base_dir/${fqdn}.crt
|
2018-04-09 14:21:01 +02:00
|
|
|
if [ $? = 0 ]; then
|
2023-10-29 12:07:49 +01:00
|
|
|
exit 0
|
2018-04-09 14:21:01 +02:00
|
|
|
else
|
2023-10-29 12:07:49 +01:00
|
|
|
mv $base_dir/${fqdn}.crt $base_dir/${fqdn}.crt.bak-$(date +%F)
|
|
|
|
mv $base_dir/${fqdn}-chained.crt \
|
|
|
|
$base_dir/${fqdn}-chained.crt-$(date +%F)
|
2018-04-09 14:21:01 +02:00
|
|
|
certbot certonly \
|
2023-10-29 12:07:49 +01:00
|
|
|
--csr $base_dir/${fqdn}.csr \
|
|
|
|
--cert-path $base_dir/${fqdn}.crt \
|
2024-11-09 18:18:26 +01:00
|
|
|
--chain-path $base_dir/${fqdn}-chain.crt \
|
|
|
|
--fullchain-path $base_dir/${fqdn}-chained.crt \
|
2018-04-09 14:21:01 +02:00
|
|
|
--webroot \
|
2023-10-29 12:07:49 +01:00
|
|
|
-w /var/www/le-challenges/ \
|
2018-04-09 14:21:01 +02:00
|
|
|
--agree-tos \
|
|
|
|
--register-unsafely-without-email || die "Error while signing certificate"
|
2023-10-29 12:07:49 +01:00
|
|
|
rc-service ${service} reload
|
2018-04-09 14:21:01 +02:00
|
|
|
fi
|