blob: 768d23f2c5fad4df862845692b7406b7d91a60de (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
#!/bin/sh
# renew all certs in ~/certs that match *-letsencrypt.pem
# probably want to run this under chronic.
set -e
set -u
cd ~/certs
expire_time=$(( 3600 * 24 * 7 * 3 ))
err=0
for i in *-letsencrypt.pem; do
echo "=== $i ==="
if openssl x509 -checkend "$expire_time" -noout < "$i"; then
echo "$i is current."
else
cn="${i%-letsencrypt.pem}"
if [ "$cn" = "$i" ]; then
echo >&2 "Cannot figure out hostname for $i."
err=1
continue
fi
echo "Need to renew $cn"
if ! request-letsencrypt "$cn"; then
echo >&2 "Letsencrypt request for $cn failed."
err=1
continue
fi
if ! make-combined-crt "$cn"; then
echo >&2 "make-combined-crt for $cn failed."
err=1
continue
fi
fi
echo
done
# cron daily will run logrotate which will reload apache anyway
exit $err
|