Last active
March 13, 2016 06:42
-
-
Save pgporada/a1e3b635cd2d0ae87329 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # AUTHOR: Phil Porada and some of this https://gist.githubusercontent.com/erikaheidi/b217d927ee326075a854/raw/47e09ca519c323ff8705e380202b1269c654000c/le-renew-centos.sh | |
| # phil-listdomains returns lines as follows | |
| ###### | |
| # www.example.com | |
| # dev.whatever.net | |
| # test.fakedomain.org | |
| for i in $(/bin/phil-listdomains); do | |
| SUB=$(echo ${i} | cut -d . -f1) | |
| DOMAIN=$(echo ${i} | cut -d . -f2) | |
| TLD=$(echo ${i} | cut -d . -f3) | |
| if [ $SUB == www ]; then | |
| URL=$DOMAIN.$TLD | |
| else | |
| URL=$SUB.$DOMAIN.$TLD | |
| fi | |
| CERT=/etc/letsencrypt/live/$URL/fullchain.pem | |
| if [ ! -f /etc/letsencrypt/live/$URL/fullchain.pem ]; then | |
| echo "Certificate file not found for $URL" | |
| else | |
| EXP=$(date -d "$(openssl x509 -in $CERT -text -noout | grep "Not After" | cut -c 25-)" +%s) | |
| DATENOW=$(date -d "now" +%s) | |
| DAYS_EXP=$(echo \( $EXP - $DATENOW \) / 86400 | bc) | |
| if [ "$DAYS_EXP" -gt "7" ] ; then | |
| echo "$URL cert is up to date, no need for renewal ($DAYS_EXP days left)." | |
| continue | |
| else | |
| echo "$URL cert is about to expire soon. Starting renewal request..." | |
| fi | |
| fi | |
| if [ $SUB == "www" ]; then | |
| # For apex domain | |
| letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email [email protected] --text --agree-tos -d $DOMAIN.$TLD -d $SUB.$DOMAIN.$TLD | |
| RETVAL=$? | |
| elif [ $SUB != "dev" ]; then | |
| echo "Skipping $SUB.$DOMAIN.$TLD because Let's Encrypt only allows up to 2 certs per domain and I want www and dev to have certs." | |
| else | |
| # For subdomains other than www | |
| letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email [email protected] --text --agree-tos -d $SUB.$DOMAIN.$TLD | |
| RETVAL=$? | |
| fi | |
| if [ ! -z $RETVAL ]; then | |
| if [ $RETVAL -eq 0 ]; then | |
| logger -i -p user.info -t LETSENCRYPT "Cert generation for $SUB.$DOMAIN.$TLD succeeded. Return code was $RETVAL." | |
| else | |
| logger -i -p user.info -t LETSENCRYPT "Attempted SSL cert generation for $SUB.$DOMAIN.$TLD failed. Return code was $RETVAL." | |
| fi | |
| fi | |
| unset RETVAL | |
| done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment