diff options
author | Peter Palfrader <peter@palfrader.org> | 2015-12-31 10:22:24 +0100 |
---|---|---|
committer | Peter Palfrader <peter@palfrader.org> | 2015-12-31 10:22:29 +0100 |
commit | 0da8acf8974c5d51fd84291091d1f7a1fd8c1176 (patch) | |
tree | cc77283ef62eb3709e3d86b2648dce98216f6ddc /letsencrypt-helpers/renew-as-required | |
parent | 1a05913e3896133c7654b6a9d0dc4ae077ce4df5 (diff) |
letsencrypt-helpers
Diffstat (limited to 'letsencrypt-helpers/renew-as-required')
-rwxr-xr-x | letsencrypt-helpers/renew-as-required | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required new file mode 100755 index 0000000..0b404e4 --- /dev/null +++ b/letsencrypt-helpers/renew-as-required @@ -0,0 +1,40 @@ +#!/bin/sh + +# renew all certs in ~/certs that match *-letsencrypt.pem +# probably want to run this under chronic. + +set -e +set -u + +cd ~/certs +expire_time=$(( 3600 * 24 * 7 * 3 )) +err=0 + +for i in *-letsencrypt.pem; do + echo "=== $i ===" + if openssl x509 -checkend "$expire_time" -noout < "$i"; then + echo "$i is current." + else + cn="${i%-letsencrypt.pem}" + if [ "$cn" = "$i" ]; then + echo >&2 "Cannot figure out hostname for $i." + err=1 + continue + fi + echo "Need to renew $cn" + if ! request-letsencrypt "$cn"; then + echo >&2 "Letsencrypt request for $cn failed." + err=1 + continue + fi + if ! make-apache-crt "$cn"; then + echo >&2 "make-apache-crt for $cn failed." + err=1 + continue + fi + fi + echo +done + +# cron daily will run logrotate which will reload apache anyway +exit $err |