Move files to root, also import support files from slides.poul.org

example.com.ini

+rsa-key-size = 4096
+
+email = yourmail@yourprovider.com
+
+domains = example.com, www.example.com, cloud.example.com, secure.example.com
+
+authenticator = standalone
+standalone-supported-challenges = http-01

le-renew.sh

+#!/bin/bash
+
+### HOW TO USE THIS SCRIPT ###
+# 1) Download and install certbot-auto
+#        - "https://certbot.eff.org/docs/intro.html#installation"
+# 2) Configure all the required fields, in particualer certbot_path and config_file
+# 3) Run this script with the domain you want to issue a certificate for as argument
+#        -  "./le-renew.sh example.com"
+###
+
+# Define color codes
+FRED="\033[31m" # red
+FGRN="\033[32m" # green
+FYEL="\033[33m" # yellow
+FWHT="\033[37m" # white
+
+# Don't run this script as root
+checkuser() {
+    if [ $UID == 0 ]; then
+        echo -e "$FRED You are running this script as root and this shouldn't be done."
+        echo -e "$FRED Run this script as a normal user, it will automatically invoke sudo when needed."
+        echo -e "$FWHT Exiting..."
+        exit 1
+    fi
+}
+
+# Make sure the user didn't forget to provide the domain name
+checkdomain() {
+    if [ -z $1 ]; then
+        echo -e "$FRED [ERROR] missing valid domain"
+        echo -e "$FWHT This script should be run in this way: 'le-renew.sh domain.com'"
+        exit 1;
+    fi
+}
+
+checkuser
+
+domain="$1"
+checkdomain $domain
+
+# Define the web server in use
+web_service='nginx'
+
+# Define the directory containing certbot-auto directory and the config file location
+# eg. if you want to create a new cert for example.com your config file will be
+# $HOME/.config/certbot/example.com.ini
+# https://certbot.eff.org/docs/using.html#configuration-file
+certbot_path="$HOME/.bin"
+config_file="$HOME/.config/certbot/${domain}.ini"
+
+# Certs will be renewed only if they will expire in less then $exp_limit days
+exp_limit=30;
+
+if [ ! -f $config_file ]; then
+        echo -e "$FRED [ERROR] config file does not exist: $config_file"
+        exit 1;
+fi
+
+# Set the certs location (used to check the expiration date)
+cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
+key_file="/etc/letsencrypt/live/$domain/privkey.pem"
+
+# Check that certs file exists in the specified path
+# You should probabily comment this if you run this script for the first time
+if sudo [ ! -f $cert_file ]; then
+	echo -e "$FRED [ERROR] certificate file not found for domain $domain."
+    exit 1;
+fi
+
+# Use openssl and bc to calculate the days left before certificate expiration
+exp=$(date -d "`sudo openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
+datenow=$(date -d "now" +%s)
+days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
+
+echo "Checking expiration date for $domain..."
+
+# If the cert will expire in more than $exp_limit days, don't do anything.
+if [ "$days_exp" -gt "$exp_limit" ] ; then
+	echo -e "$FGRN The certificate is up to date, no need for renewal ($days_exp days left)."
+	exit 0;
+else
+	echo -e "$FYEL The certificate for $domain is about to expire soon. Starting Let's Encrypt renewal script..."
+    echo -e "$FWHT Stopping service $web_service"
+
+    # Stop the web server
+	sudo /usr/sbin/service $web_service stop
+
+    # Get/Renew the certs
+    # Comment out --dry-run and --test-cert for testing purpose
+	$certbot_path/certbot-auto certonly --agree-tos --renew-by-default --config $config_file # --dry-run --test-cert
+
+    # Restart the web server
+	echo "Restarting $web_service"
+	sudo /usr/sbin/service $web_service start
+
+    # Done
+	echo -e "$FGRN Renewal process finished for domain $domain"
+	exit 0;
+fi