summaryrefslogtreecommitdiff
path: root/letsencrypt-helpers/renew-as-required
diff options
context:
space:
mode:
Diffstat (limited to 'letsencrypt-helpers/renew-as-required')
-rwxr-xr-xletsencrypt-helpers/renew-as-required40
1 files changed, 40 insertions, 0 deletions
diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required
new file mode 100755
index 0000000..0b404e4
--- /dev/null
+++ b/letsencrypt-helpers/renew-as-required
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# renew all certs in ~/certs that match *-letsencrypt.pem
+# probably want to run this under chronic.
+
+set -e
+set -u
+
+cd ~/certs
+expire_time=$(( 3600 * 24 * 7 * 3 ))
+err=0
+
+for i in *-letsencrypt.pem; do
+ echo "=== $i ==="
+ if openssl x509 -checkend "$expire_time" -noout < "$i"; then
+ echo "$i is current."
+ else
+ cn="${i%-letsencrypt.pem}"
+ if [ "$cn" = "$i" ]; then
+ echo >&2 "Cannot figure out hostname for $i."
+ err=1
+ continue
+ fi
+ echo "Need to renew $cn"
+ if ! request-letsencrypt "$cn"; then
+ echo >&2 "Letsencrypt request for $cn failed."
+ err=1
+ continue
+ fi
+ if ! make-apache-crt "$cn"; then
+ echo >&2 "make-apache-crt for $cn failed."
+ err=1
+ continue
+ fi
+ fi
+ echo
+done
+
+# cron daily will run logrotate which will reload apache anyway
+exit $err