Created
September 9, 2021 01:13
-
-
Save wheresjames/7236d04969e63ec2744b1e16e0fb082f to your computer and use it in GitHub Desktop.
Renew cert with certbot / nginx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo $DOMAINNAME | |
| # Get cert expire info | |
| EXPDATE=$(echo | openssl s_client -servername $DOMAINNAME -connect $DOMAINNAME:443 2>/dev/null | openssl x509 -noout -enddate) | |
| EXPDATE2=${EXPDATE[@]:9} | |
| FMTDATE=$(date --date="$EXPDATE2" "+%Y-%m-%d %H:%M:%S") | |
| # Cert expire time | |
| EXPTIME=$(date --date="$EXPDATE2" +%s) | |
| EXPDAYS=$(($EXPTIME / 86400)) | |
| # Current time | |
| CURTIME=$(date -u +%s) | |
| CURDAYS=$(($CURTIME / 86400)) | |
| # Remaining days | |
| REMDAYS=$(($EXPDAYS - $CURDAYS)) | |
| echo "$DOMAINNAME Expires $FMTDATE - In $REMDAYS Days" | |
| # Don't renew before 25 days | |
| if [[ 25 -lt $REMDAYS ]]; then | |
| echo 'Not renewing cert at this time' | |
| exit 0 | |
| fi | |
| # Only renew between 4 and 10 GMT | |
| CURHOUR=$(date -u +%-H) | |
| if [[ 4 -gt $CURHOUR ]] || [[ 10 -lt $CURHOUR ]]; then | |
| echo "Only renewing cert between 4h and 10h GMT, Currently ${CURHOUR}h" | |
| exit 0 | |
| fi | |
| echo '!!! Renewing cert !!!' | |
| # Renew certificate | |
| systemctl stop nginx | |
| sleep 3 | |
| /usr/bin/certbot renew | |
| sleep 3 | |
| systemctl start nginx |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment