renew_certificates.sh

#!/bin/bash

LOG_FILE="/root/logfile.txt"
echo "" > ${LOG_FILE}
exec 3>&1 1>>${LOG_FILE} 2>&1

# refresh let's encrypt certificates with godaddy dns challenge

a=$(/root/.acme.sh/acme.sh --issue --dns dns_gd -d subdomain.xxx.yyy --reloadcmd "/root/deploy-freenas/deploy_freenas.py")
echo -e "\nRenewal command finished:" | tee /dev/fd/3
echo $a | tee /dev/fd/3
if [[ $a = *not* ]]; then
	echo "Was not renewed" | tee /dev/fd/3
else
	unset -v latest_key
	unset -v latest_crt

	for file in /etc/certificates/letsencrypt-*.crt; do
	  [[ $file -nt $latest_crt ]] && latest_crt=$file
	done
	echo -e "\nLatest crt file:" | tee /dev/fd/3
	echo $latest_crt | tee /dev/fd/3
	for file in /etc/certificates/letsencrypt-*.key; do
	  [[ $file -nt $latest_key ]] && latest_key=$file
	done
	echo -e "\nLatest key file:" | tee /dev/fd/3
	echo $latest_key | tee /dev/fd/3


	echo -e "\nCertificate files renewed recently" | tee /dev/fd/3
	mkdir /etc/certificates/new
	cp $latest_crt /etc/certificates/new/letsencrypt.crt
	cp $latest_key /etc/certificates/new/letsencrypt.key

	echo -e "\nCopy certificates to plex-plexpass" | tee /dev/fd/3

    # generate pkcs12 file from the certificate files
    openssl pkcs12 -export -in /etc/certificates/new/letsencrypt.crt \
      -inkey /etc/certificates/new/letsencrypt.key \
      -out /mnt/Dane/iocage/jails/plex-plexpass/root/tmp/certificate.pfx -passout 'pass:' | tee /dev/fd/3
	
    # copy certificates to plexwebtools
    cp /etc/certificates/new/letsencrypt.key \
     /mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.key

    cp /etc/certificates/new/letsencrypt.crt \
     /mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.crt

    # restart plex service
    iocage exec plex-plexpass service plexmediaserver_plexpass restart | tee /dev/fd/3

	echo -e "\nCopy certificates to nc jail" | tee /dev/fd/3
    # copy certificates to nextcloud jail
    cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.key | tee /dev/fd/3
    cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.crt | tee /dev/fd/3
	
    # restart nextcloud web server
    iocage exec nc service nginx restart | tee /dev/fd/3

    echo -e "\nCopy certificates to router" | tee /dev/fd/3
    #update router certificate
    /root/makerouter.sh | tee /dev/fd/3

	echo -e "\nCopy certificates to NGINX jail" | tee /dev/fd/3
    #copy to NGINX and restart
    cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
    cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
    iocage exec nginx service nginx restart | tee /dev/fd/3


	echo -e "\nCopy certificates to portainer" | tee /dev/fd/3	
	#copy to portainer & restart container
    scp /etc/certificates/new/letsencrypt.key [email protected]:/home/docker-data/portainer/certs/key.pem
    scp /etc/certificates/new/letsencrypt.crt [email protected]:/home/docker-data/portainer/certs/cert.pem
	ssh -o StrictHostKeyChecking=no -i sshkey.txt [email protected] "cd /home/docker-data && docker-compose restart portainer" | tee /dev/fd/3
	

	echo -e "\nCopy certificates to Debian Webmin and Cockpit services" | tee /dev/fd/3
	scp /etc/certificates/new/letsencrypt.key [email protected]:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.crt [email protected]:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.key [email protected]:/etc/cockpit/ws-certs.d/
	scp /etc/certificates/new/letsencrypt.crt [email protected]:/etc/cockpit/ws-certs.d/
	ssh -o StrictHostKeyChecking=no -i sshkey.txt [email protected] "systemctl restart cockpit.service && systemctl restart webmin.service" | tee /dev/fd/3

    mail -s "Certificate renewal" [email protected]  < ${LOG_FILE}
fi