letsencrypt-renew for multiple letsencrypt certificates within one uberspace

letsencrypt-renew.sh 2.9KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. #!/bin/bash
  2. #
  3. # letsencrypt-renew.sh
  4. #
  5. # Copyright 2017 Jonathan Golder <jonathan@golderweb.de>
  6. #
  7. # Derived from:
  8. # https://wiki.uberspace.de/webserver:https#automatisieren_von_let_s_encrypt
  9. # Which is itself originaly based on:
  10. # https://github.com/nerdoc/uberspace-tools/blob/master/letsencrypt-renew
  11. #
  12. # This program is free software; you can redistribute it and/or modify
  13. # it under the terms of the GNU General Public License as published by
  14. # the Free Software Foundation; either version 2 of the License, or
  15. # (at your option) any later version.
  16. #
  17. # This program is distributed in the hope that it will be useful,
  18. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. # GNU General Public License for more details.
  21. #
  22. # You should have received a copy of the GNU General Public License
  23. # along with this program; if not, write to the Free Software
  24. # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
  25. # MA 02110-1301, USA.
  26. #
  27. #
  28. PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
  29. # Detect first iteration to prevent useless sleep
  30. FIRSTITER=1
  31. # PATH to inifiles / letsencrypt dir
  32. if [ -z "${LECONFIGDIR}" ]; then
  33. LECONFIGDIR=~/.config/letsencrypt
  34. fi
  35. # Catch missing LECONFIGDIR
  36. if [ ! -d "${LECONFIGDIR}" ]; then
  37. echo "$0: ${LECONFIGDIR} does not exists! Maybe letsencrypt is not yet initialised!" >&2
  38. exit 1
  39. fi
  40. # import_certificate
  41. #
  42. # Try to import certificate in webserver config using uberspace-add-certificate
  43. #
  44. # If something fails, leave a file as marker so we can try it again with next
  45. # script run. Failures occur occasionally due to problems with connection to
  46. # letsencrypt while import.
  47. import_certificate() {
  48. # import certificate
  49. uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
  50. # Not successfull?
  51. if [ $? -ne 0 ]; then
  52. # Set error marker
  53. touch "${LECONFIGDIR}/live/${domain}/importerror"
  54. elif [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
  55. # Remove error marker
  56. rm "${LECONFIGDIR}/live/${domain}/importerror"
  57. fi
  58. }
  59. # Get all existing inifiles matching namescheme cli-${domain}.ini
  60. for inifile in "${LECONFIGDIR}"/cli-*.ini; do
  61. # Get domain out of file (first value in property "domains")
  62. domain=$(grep -e "[ \t]*domains.*" "${inifile}" | sed "s/ //g" |cut -d "=" -f2 | cut -d "," -f1)
  63. # If there was an import error before, try again to import certificate
  64. if [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
  65. import_certificate
  66. fi
  67. # sleep for a random time so not all certificates get renewed at the same time
  68. if [ $FIRSTITER -ne 1 ]; then
  69. sleep $(expr $RANDOM % 600)
  70. fi
  71. # Check validity of cert for domain
  72. openssl x509 -checkend $(( 21 * 86400 )) -in "${LECONFIGDIR}/live/${domain}/cert.pem" > /dev/null && continue
  73. # run let's encrypt
  74. FIRSTITER=0
  75. letsencrypt certonly -c "${inifile}" || continue
  76. import_certificate
  77. done