Created
August 19, 2016 22:33
-
-
Save HeroCC/17e6613be5cc8f3b680bc24706fa929a to your computer and use it in GitHub Desktop.
Check for LetsEncrypt Certs that are expiring soon
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Check for LE Cert Updates | |
# Adapted from https://raw.githubusercontent.com/myprs/lenc-update/master/lenc-update.sh | |
LENC_CONFDIR="/etc/letsencrypt" | |
LENC_LIVEDIRNAME="$LENC_CONFDIR/live" | |
LENC_DEFAULT_CERTFILENAME="cert.pem" | |
LENC_AUTOBINARY="/opt/letsencrypt/letsencrypt-auto" | |
# Minimum days of cert validity that must be left before trying to renew cert | |
MIN_VALDAYS=14 | |
NUM_RENEWALS_NEEDED="0" | |
RENEWALS_NEEDED="no" | |
PWD=`pwd` | |
function checkenv () { | |
# check if LENC_AUTOBINARY is set to a reasonable value | |
[ ! -x `which "$LENC_AUTOBINARY"` ] && { echo "ERROR: Variable LENC_AUTOBINARY has no reasonable value, >$LENC_AUTOBINARY< not found or not executable."; exit 1; } | |
# check if WEBSRV_SERVICENAME is set to a reasonable value | |
[ ! -x `which "$WEBSRV_SERVICENAME"` ] && { echo "ERROR: Variable WEBSRV_SERVICENAME has no reasonable value, >$WEBSRV_SERVICENAME< not found or not executable."; exit 2; } | |
# check existance of LENC_CONFDIR directory | |
[ ! -d "$LENC_CONFDIR" ] && { echo "ERROR: Variable LENC_CONFDIR has no reasonable value, >$LENC_CONFDIR< not found or not an directory."; exit 3; } | |
# check existence of LENC_LIVEDIRNAME directory | |
[ ! -d "$LENC_LIVEDIRNAME" ] && { echo "ERROR: Variable LENC_LIVEDIRNAME has no reasonable value, >$LENC_LIVEDIRNAME< not found or not an directory."; exit 3; } | |
} | |
function getcertdaystoexpiry () { | |
# get the days to expiry of the cert | |
local CERTFILE="$1" | |
local CERT_XPRY_STRING=`openssl x509 -in "$CERTFILE" -noout -enddate | mawk -F "=" '{print $2}'` | |
local CERT_XPRY_NUM=`date -d "$CERT_XPRY_STRING" +%s` | |
local DATE_NOW_NUM=`date +%s` | |
local CERT_XPRY_INSECONDS=$(($CERT_XPRY_NUM - $DATE_NOW_NUM)) | |
# set variable to a decent default | |
DAYSLEFT=-9999999 | |
cd "$LENC_LIVEDIRNAME/$DOMAINNAME" | |
getcertdaystoexpiry $LENC_DEFAULT_CERTFILENAME | |
if [ $DAYSLEFT -lt $MIN_VALDAYS ]; then | |
## go for the update | |
echo "$DOMAINNAME needs renewal, $DAYSLEFT days left" | |
((NUM_RENEWALS_NEEDED++)) | |
RENEWALS_NEEDED="yes" | |
else | |
## not updating cert | |
echo "$DAYSLEFT days left to exiry of certificate for domain $DOMAINNAME. Not exceeding the minimum validity of $MIN_VALDAYS. Not updating certificate." | |
fi | |
} | |
function runallconfigs () { | |
# enumerate | |
cd $LENC_LIVEDIRNAME | |
for CERTDIR in `find . -name '*cert*' -printf '%h\n'| sort -u | cut -c3- ` ; | |
do | |
checkcertneedsrenewal "$CERTDIR" | |
echo Running $CERTDIR | |
done | |
} | |
function exitRoutines () { | |
cd "$PWD" | |
if [[ "$RENEWALS_NEEDED" != "no" ]]; then | |
echo "Please renew your certs, they are about to expire:" | |
echo "$NUM_RENEWALS_NEEDED" | |
exit "$NUM_RENEWALS_NEEDED" | |
else | |
echo "No Renewals Needed" | |
fi | |
} | |
checkenv | |
runallconfigs | |
exitRoutines |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please note, this script does not renew LetsEncrypt certs, only check them.