#!/bin/sh PATH="$PATH:/sbin" service=$1 fqdn=$2 die() { echo "$@" >&2 exit 1 } if [ -z "${service}" ] || [ -z ${fqdn} ]; then die "service and fqdn have to be set" fi base_dir="/etc/ssl/${service}" openssl x509 -checkend 2678400 -noout -in $base_dir/${fqdn}.crt if [ $? = 0 ]; then exit 0 else mv $base_dir/${fqdn}.crt $base_dir/${fqdn}.crt.bak-$(date +%F) mv $base_dir/${fqdn}-chained.crt \ $base_dir/${fqdn}-chained.crt-$(date +%F) certbot certonly \ --csr $base_dir/${fqdn}.csr \ --cert-path $base_dir/${fqdn}.crt \ --chain-path $base_dir/${fqdn}-chain.crt \ --fullchain-path $base_dir/${fqdn}-chained.crt \ --webroot \ -w /var/www/le-challenges/ \ --agree-tos \ --register-unsafely-without-email || die "Error while signing certificate" rc-service ${service} reload fi