From 0da8acf8974c5d51fd84291091d1f7a1fd8c1176 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 31 Dec 2015 10:22:24 +0100
Subject: letsencrypt-helpers

---
 letsencrypt-helpers/renew-as-required | 40 +++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100755 letsencrypt-helpers/renew-as-required

(limited to 'letsencrypt-helpers/renew-as-required')

diff --git a/letsencrypt-helpers/renew-as-required b/letsencrypt-helpers/renew-as-required
new file mode 100755
index 0000000..0b404e4
--- /dev/null
+++ b/letsencrypt-helpers/renew-as-required
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+# renew all certs in ~/certs that match *-letsencrypt.pem
+# probably want to run this under chronic.
+
+set -e
+set -u
+
+cd ~/certs
+expire_time=$(( 3600 * 24 * 7 * 3 ))
+err=0
+
+for i in *-letsencrypt.pem; do
+  echo "=== $i ==="
+  if openssl x509 -checkend "$expire_time" -noout < "$i"; then
+    echo "$i is current."
+  else
+    cn="${i%-letsencrypt.pem}"
+    if [ "$cn" = "$i" ]; then
+      echo >&2 "Cannot figure out hostname for $i."
+      err=1
+      continue
+    fi
+    echo "Need to renew $cn"
+    if ! request-letsencrypt "$cn"; then
+      echo >&2 "Letsencrypt request for $cn failed."
+      err=1
+      continue
+    fi
+    if ! make-apache-crt "$cn"; then
+      echo >&2 "make-apache-crt for $cn failed."
+      err=1
+      continue
+    fi
+  fi
+  echo
+done
+
+# cron daily will run logrotate which will reload apache anyway
+exit $err
-- 
cgit v1.2.3