letsencrypt-renew for multiple letsencrypt certificates within one uberspace
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 

101 lines
3.0 KiB

#!/bin/bash
#
# letsencrypt-renew.sh
#
# Copyright 2019 Jonathan Golder <jonathan@golderweb.de>
#
# Derived from:
# https://wiki.uberspace.de/webserver:https#automatisieren_von_let_s_encrypt
# Which is itself originaly based on:
# https://github.com/nerdoc/uberspace-tools/blob/master/letsencrypt-renew
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301, USA.
#
#
PATH=/usr/local/bin:/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/sbin
# Detect first iteration to prevent useless sleep
FIRSTITER=1
# PATH to inifiles / letsencrypt dir
if [ -z "${LECONFIGDIR}" ]; then
LECONFIGDIR=~/.config/letsencrypt
fi
# Catch missing LECONFIGDIR
if [ ! -d "${LECONFIGDIR}" ]; then
echo "$0: ${LECONFIGDIR} does not exists! Maybe letsencrypt is not yet initialised!" >&2
exit 1
fi
# import_certificate
#
# Try to import certificate in webserver config using uberspace-add-certificate
#
# If something fails, leave a file as marker so we can try it again with next
# script run. Failures occur occasionally due to problems with connection to
# letsencrypt while import.
import_certificate() {
# import certificate
uberspace-add-certificate -k "${LECONFIGDIR}/live/${domain}/privkey.pem" -c "${LECONFIGDIR}/live/${domain}/cert.pem"
# Not successfull?
if [ $? -ne 0 ]; then
# Set error marker
touch "${LECONFIGDIR}/live/${domain}/importerror"
elif [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
# Remove error marker
rm "${LECONFIGDIR}/live/${domain}/importerror"
fi
}
while getopts f opt
do
case $opt in
f): force=1;;
esac
done
# Get all existing inifiles matching namescheme cli-${domain}.ini
for inifile in "${LECONFIGDIR}"/cli-*.ini; do
# Get domain out of file (first value in property "domains")
domain=$(grep -e "[ \t]*domains.*" "${inifile}" | sed "s/ //g" |cut -d "=" -f2 | cut -d "," -f1)
# If there was an import error before, try again to import certificate
if [ -f "${LECONFIGDIR}/live/${domain}/importerror" ]; then
import_certificate
fi
# sleep for a random time so not all certificates get renewed at the same time
if [ $FIRSTITER -ne 1 ]; then
sleep $(expr $RANDOM % 600)
fi
if [[ -z $force ]]; then
# Check validity of cert for domain
openssl x509 -checkend $(( 21 * 86400 )) -in "${LECONFIGDIR}/live/${domain}/cert.pem" > /dev/null && continue
fi
# run let's encrypt
FIRSTITER=0
letsencrypt certonly -c "${inifile}" || continue
import_certificate
done