renew_cert/renew_cert.sh

37 lines
812 B
Bash
Raw Normal View History

2018-04-09 14:21:01 +02:00
#!/bin/sh
2023-10-29 12:07:49 +01:00
PATH="$PATH:/sbin"
service=$1
fqdn=$2
2018-04-09 14:21:01 +02:00
die() {
echo "$@" >&2
exit 1
}
2023-10-29 12:07:49 +01:00
if [ -z "${service}" ] || [ -z ${fqdn} ]; then
die "service and fqdn have to be set"
fi
base_dir="/etc/ssl/${service}"
2018-04-09 14:21:01 +02:00
2023-10-29 12:07:49 +01:00
openssl x509 -checkend 2678400 -noout -in $base_dir/${fqdn}.crt
2018-04-09 14:21:01 +02:00
if [ $? = 0 ]; then
2023-10-29 12:07:49 +01:00
exit 0
2018-04-09 14:21:01 +02:00
else
2023-10-29 12:07:49 +01:00
mv $base_dir/${fqdn}.crt $base_dir/${fqdn}.crt.bak-$(date +%F)
mv $base_dir/${fqdn}-chained.crt \
$base_dir/${fqdn}-chained.crt-$(date +%F)
2018-04-09 14:21:01 +02:00
certbot certonly \
2023-10-29 12:07:49 +01:00
--csr $base_dir/${fqdn}.csr \
--cert-path $base_dir/${fqdn}.crt \
2024-11-09 18:18:26 +01:00
--chain-path $base_dir/${fqdn}-chain.crt \
--fullchain-path $base_dir/${fqdn}-chained.crt \
2018-04-09 14:21:01 +02:00
--webroot \
2023-10-29 12:07:49 +01:00
-w /var/www/le-challenges/ \
2018-04-09 14:21:01 +02:00
--agree-tos \
--register-unsafely-without-email || die "Error while signing certificate"
2023-10-29 12:07:49 +01:00
rc-service ${service} reload
2018-04-09 14:21:01 +02:00
fi