letsencrypt-helpers

1 files changed, 40 insertions, 0 deletions

diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required
new file mode 100755
index 0000000..0b404e4
--- /dev/null
+++ b/letsencrypt-helpers/renew-as-required
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# renew all certs in ~/certs that match *-letsencrypt.pem
+# probably want to run this under chronic.
+
+set -e
+set -u
+
+cd ~/certs
+expire_time=$(( 3600 * 24 * 7 * 3 ))
+err=0
+
+for i in *-letsencrypt.pem; do
+  echo "=== $i ==="
+  if openssl x509 -checkend "$expire_time" -noout < "$i"; then
+    echo "$i is current."
+  else
+    cn="${i%-letsencrypt.pem}"
+    if [ "$cn" = "$i" ]; then
+      echo >&2 "Cannot figure out hostname for $i."
+      err=1
+      continue
+    fi
+    echo "Need to renew $cn"
+    if ! request-letsencrypt "$cn"; then
+      echo >&2 "Letsencrypt request for $cn failed."
+      err=1
+      continue
+    fi
+    if ! make-apache-crt "$cn"; then
+      echo >&2 "make-apache-crt for $cn failed."
+      err=1
+      continue
+    fi
+  fi
+  echo
+done
+
+# cron daily will run logrotate which will reload apache anyway
+exit $err