crontab

# m h  dom mon dow   command
55 23 28-31 * * [ "$(date --date=tomorrow +\%d)" == "01" ] && /root/bin/generate_dkim

generate_dkim

#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

GENDATE=$(date -d tomorrow +%Y-%m)
REVDATE=$(date -d "1 month ago 3 day ago" +%Y-%m)
GENKEY=/etc/exim4/dkim/${GENDATE}.key
GENPUB=/etc/exim4/dkim/${GENDATE}.pem
REVKEY=/etc/exim4/dkim/${REVDATE}.key
REVPUB=/etc/exim4/dkim/${REVDATE}.pem
if [ ! -f ${GENKEY} ];then
  openssl genrsa -out ${GENKEY} 2048 -outform PEM
  openssl rsa -in ${GENKEY} -out ${GENPUB} -pubout -outform PEM
  chown :Debian-exim ${GENKEY}
  chmod g+r ${GENKEY}
fi
if [ -f ${REVKEY} ];then
  rm ${REVKEY}
fi
if [ -f ${REVPUB} ];then
  rm ${REVPUB}
fi
DOMAINS=$(exim -n -bP +local_domains | sed -e 's/:/\t/g')
for domain in ${DOMAINS};do
  if [ ${domain} == "@" ]; then domain=$(exim -n -bP primary_hostname);fi
  label=${domain}
  public=1
  until grep -q ^${label}$ /root/public_suffix_list.dat;do
    if [ ${label} == ${label#*.} ]; then public=0;break; fi
    label=${label#*.}
  done
  if [ ${public} -eq 1 ];then
    echo -e "update add ${GENDATE}._domainkey.${domain} 86400 IN TXT \"k=rsa; p=$(tail -n +2 ${GENPUB} | head -n -1 | sed -e :a -e '$!N; s/\n/""/; ta')\"\nsend"| nsupdate -k ~/ddns
    echo -e "update del ${REVDATE}._domainkey.${domain} IN TXT\nsend" | nsupdate -k ~/ddns
  fi
done