Chaz6/update-ssl-certs.bash

## update-ssl-certs.bash
#!/bin/bash

UNIFI_DOMAIN="unifi.example.com"
WEECHAT_DOMAIN="weechat.example.com"
WEECHAT_USER="username"
DOMAIN_LIST="$UNIFI_DOMAIN $WEECHAT_DOMAIN www.example.com"

########################################################################
#
# Program header
#
########################################################################

CAT=/bin/cat
CERTBOT=/usr/bin/certbot
CHMOD=/usr/bin/chmod
CHOWN=/usr/bin/chown
FIND=/usr/bin/find
KEYTOOL=/bin/keytool
OPENSSL=/usr/bin/openssl
RM=/bin/rm
SU=/usr/bin/su
SYSTEMCTL=/bin/systemctl
TEST=/usr/bin/test
TOUCH=/usr/bin/touch
WHOAMI=/usr/bin/whoami

for command in CAT CERTBOT CHMOD CHOWN FIND KEYTOOL OPENSSL RM SU SYSTEMCTL TEST TOUCH WHOAMI
do
        if [ ! -f ${!command} ]
        then
                echo "Please install ${!command}"
                exit 1
        fi
done

if [ "$(${WHOAMI})" != "root" ]; then
        echo "Script must be run as root!"
        exit 1
fi

########################################################################
#
# Renew certificates using certbot
#
########################################################################

${CERTBOT} renew

########################################################################
#
# Update nginx certificates
#
########################################################################

reload_nginx=0

for domain in ${DOMAIN_LIST}
do
        if ${TEST} $(${FIND} /etc/letsencrypt/live/${domain}/cert.pem -mmin -60)
        then
                if [ ! -f /etc/nginx/ssl/${domain}_ssl.pem ]
                then
                        ${TOUCH} /etc/nginx/ssl/${domain}_ssl.pem
                        ${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_ssl.pem
                        ${CHMOD} 0600 /etc/nginx/ssl/${domain}_ssl.pem
                        ${TOUCH} /etc/nginx/ssl/${domain}_fullchain.pem
                        ${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_fullchain.pem
                        ${CHMOD} 0600 /etc/nginx/ssl/${domain}_fullchain.pem
                fi
                ${CAT} /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/nginx/ssl/${domain}_ssl.pem
                ${CAT} /etc/letsencrypt/live/${domain}/fullchain.pem > /etc/nginx/ssl/${domain}_fullchain.pem
                reload_nginx=1
        fi
done

if [ $reload_nginx -ne 0 ]
then
        ${SYSTEMCTL} reload nginx.service
fi

########################################################################
#
# Update weechat certificates
#
########################################################################

if test $(${FIND} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem -mmin -60)
then
        ${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem /etc/letsencrypt/live/${WEECHAT_DOMAIN}/privkey.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_ssl.pem
        ${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/fullchain.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_fullchain.pem
        ${SU} -c 'echo "*/relay sslcertkey" > /home/${WEECHAT_USER}/.weechat/weechat_fifo_*' ${WEECHAT_USER}
fi

########################################################################
#
# Update unifi certificates
#
########################################################################

if test $(${FIND} /etc/letsencrypt/live/${UNIFI_DOMAIN}/cert.pem -mmin -60)
then
        ${SYSTEMCTL} stop unifi.service
        ${OPENSSL} \
          pkcs12 \
          -export \
          -inkey /etc/letsencrypt/live/${UNIFI_DOMAIN}/privkey.pem \
          -in /etc/letsencrypt/live/${UNIFI_DOMAIN}/fullchain.pem \
          -out /tmp/${UNIFI_DOMAIN}.p12 \
          -name ubnt \
          -password pass:temppass
        ${KEYTOOL} \
          -importkeystore \
          -deststorepass aircontrolenterprise \
          -destkeypass aircontrolenterprise \
          -destkeystore /opt/UniFi/data/keystore \
          -srckeystore /tmp/${UNIFI_DOMAIN}.p12 \
          -srcstoretype PKCS12 \
          -srcstorepass temppass \
          -alias ubnt \
          -noprompt
        ${RM} -f /tmp/${UNIFI_DOMAIN}.p12
        ${SYSTEMCTL} start unifi.service
fi
	#!/bin/bash

	UNIFI_DOMAIN="unifi.example.com"
	WEECHAT_DOMAIN="weechat.example.com"
	WEECHAT_USER="username"
	DOMAIN_LIST="$UNIFI_DOMAIN $WEECHAT_DOMAIN www.example.com"

	########################################################################
	#
	# Program header
	#
	########################################################################

	CAT=/bin/cat
	CERTBOT=/usr/bin/certbot
	CHMOD=/usr/bin/chmod
	CHOWN=/usr/bin/chown
	FIND=/usr/bin/find
	KEYTOOL=/bin/keytool
	OPENSSL=/usr/bin/openssl
	RM=/bin/rm
	SU=/usr/bin/su
	SYSTEMCTL=/bin/systemctl
	TEST=/usr/bin/test
	TOUCH=/usr/bin/touch
	WHOAMI=/usr/bin/whoami

	for command in CAT CERTBOT CHMOD CHOWN FIND KEYTOOL OPENSSL RM SU SYSTEMCTL TEST TOUCH WHOAMI
	do
	if [ ! -f ${!command} ]
	then
	echo "Please install ${!command}"
	exit 1
	fi
	done

	if [ "$(${WHOAMI})" != "root" ]; then
	echo "Script must be run as root!"
	exit 1
	fi

	########################################################################
	#
	# Renew certificates using certbot
	#
	########################################################################

	${CERTBOT} renew

	########################################################################
	#
	# Update nginx certificates
	#
	########################################################################

	reload_nginx=0

	for domain in ${DOMAIN_LIST}
	do
	if ${TEST} $(${FIND} /etc/letsencrypt/live/${domain}/cert.pem -mmin -60)
	then
	if [ ! -f /etc/nginx/ssl/${domain}_ssl.pem ]
	then
	${TOUCH} /etc/nginx/ssl/${domain}_ssl.pem
	${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_ssl.pem
	${CHMOD} 0600 /etc/nginx/ssl/${domain}_ssl.pem
	${TOUCH} /etc/nginx/ssl/${domain}_fullchain.pem
	${CHOWN} nginx:nginx /etc/nginx/ssl/${domain}_fullchain.pem
	${CHMOD} 0600 /etc/nginx/ssl/${domain}_fullchain.pem
	fi
	${CAT} /etc/letsencrypt/live/${domain}/cert.pem /etc/letsencrypt/live/${domain}/privkey.pem > /etc/nginx/ssl/${domain}_ssl.pem
	${CAT} /etc/letsencrypt/live/${domain}/fullchain.pem > /etc/nginx/ssl/${domain}_fullchain.pem
	reload_nginx=1
	fi
	done

	if [ $reload_nginx -ne 0 ]
	then
	${SYSTEMCTL} reload nginx.service
	fi

	########################################################################
	#
	# Update weechat certificates
	#
	########################################################################

	if test $(${FIND} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem -mmin -60)
	then
	${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/cert.pem /etc/letsencrypt/live/${WEECHAT_DOMAIN}/privkey.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_ssl.pem
	${CAT} /etc/letsencrypt/live/${WEECHAT_DOMAIN}/fullchain.pem > /home/${WEECHAT_USER}/.weechat/ssl/${WEECHAT_DOMAIN}_fullchain.pem
	${SU} -c 'echo "/relay sslcertkey" > /home/${WEECHAT_USER}/.weechat/weechat_fifo_' ${WEECHAT_USER}
	fi

	########################################################################
	#
	# Update unifi certificates
	#
	########################################################################

	if test $(${FIND} /etc/letsencrypt/live/${UNIFI_DOMAIN}/cert.pem -mmin -60)
	then
	${SYSTEMCTL} stop unifi.service
	${OPENSSL} \
	pkcs12 \
	-export \
	-inkey /etc/letsencrypt/live/${UNIFI_DOMAIN}/privkey.pem \
	-in /etc/letsencrypt/live/${UNIFI_DOMAIN}/fullchain.pem \
	-out /tmp/${UNIFI_DOMAIN}.p12 \
	-name ubnt \
	-password pass:temppass
	${KEYTOOL} \
	-importkeystore \
	-deststorepass aircontrolenterprise \
	-destkeypass aircontrolenterprise \
	-destkeystore /opt/UniFi/data/keystore \
	-srckeystore /tmp/${UNIFI_DOMAIN}.p12 \
	-srcstoretype PKCS12 \
	-srcstorepass temppass \
	-alias ubnt \
	-noprompt
	${RM} -f /tmp/${UNIFI_DOMAIN}.p12
	${SYSTEMCTL} start unifi.service
	fi