Commit 2e8feb8b authored by JackV's avatar JackV

Move files to root, also import support files from slides.poul.org

parent a63eb441
This diff is collapsed.
rsa-key-size = 4096
email = yourmail@yourprovider.com
domains = example.com, www.example.com, cloud.example.com, secure.example.com
authenticator = standalone
standalone-supported-challenges = http-01
#!/bin/bash
### HOW TO USE THIS SCRIPT ###
# 1) Download and install certbot-auto
# - "https://certbot.eff.org/docs/intro.html#installation"
# 2) Configure all the required fields, in particualer certbot_path and config_file
# 3) Run this script with the domain you want to issue a certificate for as argument
# - "./le-renew.sh example.com"
###
# Define color codes
FRED="\033[31m" # red
FGRN="\033[32m" # green
FYEL="\033[33m" # yellow
FWHT="\033[37m" # white
# Don't run this script as root
checkuser() {
if [ $UID == 0 ]; then
echo -e "$FRED You are running this script as root and this shouldn't be done."
echo -e "$FRED Run this script as a normal user, it will automatically invoke sudo when needed."
echo -e "$FWHT Exiting..."
exit 1
fi
}
# Make sure the user didn't forget to provide the domain name
checkdomain() {
if [ -z $1 ]; then
echo -e "$FRED [ERROR] missing valid domain"
echo -e "$FWHT This script should be run in this way: 'le-renew.sh domain.com'"
exit 1;
fi
}
checkuser
domain="$1"
checkdomain $domain
# Define the web server in use
web_service='nginx'
# Define the directory containing certbot-auto directory and the config file location
# eg. if you want to create a new cert for example.com your config file will be
# $HOME/.config/certbot/example.com.ini
# https://certbot.eff.org/docs/using.html#configuration-file
certbot_path="$HOME/.bin"
config_file="$HOME/.config/certbot/${domain}.ini"
# Certs will be renewed only if they will expire in less then $exp_limit days
exp_limit=30;
if [ ! -f $config_file ]; then
echo -e "$FRED [ERROR] config file does not exist: $config_file"
exit 1;
fi
# Set the certs location (used to check the expiration date)
cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
key_file="/etc/letsencrypt/live/$domain/privkey.pem"
# Check that certs file exists in the specified path
# You should probabily comment this if you run this script for the first time
if sudo [ ! -f $cert_file ]; then
echo -e "$FRED [ERROR] certificate file not found for domain $domain."
exit 1;
fi
# Use openssl and bc to calculate the days left before certificate expiration
exp=$(date -d "`sudo openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
echo "Checking expiration date for $domain..."
# If the cert will expire in more than $exp_limit days, don't do anything.
if [ "$days_exp" -gt "$exp_limit" ] ; then
echo -e "$FGRN The certificate is up to date, no need for renewal ($days_exp days left)."
exit 0;
else
echo -e "$FYEL The certificate for $domain is about to expire soon. Starting Let's Encrypt renewal script..."
echo -e "$FWHT Stopping service $web_service"
# Stop the web server
sudo /usr/sbin/service $web_service stop
# Get/Renew the certs
# Comment out --dry-run and --test-cert for testing purpose
$certbot_path/certbot-auto certonly --agree-tos --renew-by-default --config $config_file # --dry-run --test-cert
# Restart the web server
echo "Restarting $web_service"
sudo /usr/sbin/service $web_service start
# Done
echo -e "$FGRN Renewal process finished for domain $domain"
exit 0;
fi
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment