ESXI Update certificate from URL

update_cert.sh

#!/usr/bin/env sh
# ESXI Update certificate from url
#
# 1. Save this script in /opt/update_cert.sh (and chmod +x it)
#
# 2. Add one of these to /var/spool/cron/crontabs/root:
# Debug logging:
# 00   1    *   *   *   sh -x /opt/update_cert.sh https://pem.jsteelkw.dev/$(hostname -f).cer 2>&1 | tee -a /opt/certs.log
# Normal:
# 00   1    *   *   *   /opt/update_cert.sh https://pem.jsteelkw.dev/$(hostname -f).cer
#
# 3. Restart busybox's crond
# kill $(cat /var/run/crond.pid)
# /usr/lib/vmware/busybox/bin/busybox crond
set -e

OLD_CERT=/etc/vmware/ssl/rui.crt
TMP_CERT=$(mktemp)

wget -O "$TMP_CERT" "$1"

if diff $OLD_CERT "$TMP_CERT" > /dev/null ; then
  echo "Certificate has not changed"
else
  echo "New certificate found. Updating configuration."
  AFTER=$(openssl x509 -noout -enddate -in "$TMP_CERT")
  cp "$TMP_CERT" "$OLD_CERT"
  esxcli system syslog mark --message="Certificate updated. New certificate will expire on ${AFTER##notAfter=}."
  /etc/init.d/hostd restart
  /etc/init.d/vpxa restart
fi

rm "$TMP_CERT"