summaryrefslogtreecommitdiff
path: root/letsencrypt-helpers/renew-as-required
diff options
context:
space:
mode:
authorPeter Palfrader <peter@palfrader.org>2015-12-31 10:22:24 +0100
committerPeter Palfrader <peter@palfrader.org>2015-12-31 10:22:29 +0100
commit0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch)
treecc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/renew-as-required
parent1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff)
letsencrypt-helpers
Diffstat (limited to 'letsencrypt-helpers/renew-as-required')
-rwxr-xr-xletsencrypt-helpers/renew-as-required40
1 files changed, 40 insertions, 0 deletions
diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required
new file mode 100755
index 0000000..0b404e4
--- /dev/null
+++ b/letsencrypt-helpers/renew-as-required
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# renew all certs in ~/certs that match *-letsencrypt.pem
+# probably want to run this under chronic.
+
+set -e
+set -u
+
+cd ~/certs
+expire_time=$(( 3600 * 24 * 7 * 3 ))
+err=0
+
+for i in *-letsencrypt.pem; do
+ echo "=== $i ==="
+ if openssl x509 -checkend "$expire_time" -noout < "$i"; then
+ echo "$i is current."
+ else
+ cn="${i%-letsencrypt.pem}"
+ if [ "$cn" = "$i" ]; then
+ echo >&2 "Cannot figure out hostname for $i."
+ err=1
+ continue
+ fi
+ echo "Need to renew $cn"
+ if ! request-letsencrypt "$cn"; then
+ echo >&2 "Letsencrypt request for $cn failed."
+ err=1
+ continue
+ fi
+ if ! make-apache-crt "$cn"; then
+ echo >&2 "make-apache-crt for $cn failed."
+ err=1
+ continue
+ fi
+ fi
+ echo
+done
+
+# cron daily will run logrotate which will reload apache anyway
+exit $err