Last active
September 2, 2021 14:49
-
-
Save Rudis1261/f54c99d531b048120292a4f83367d66e to your computer and use it in GitHub Desktop.
A PHP Script to check a host's certificate validity, and automatically renew it. Using https://letsencrypt.org/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env php | |
<?php | |
error_reporting(-1); | |
ini_set('displayErrors', 1); | |
echo PHP_EOL . PHP_EOL ."====================START========================="; | |
echo PHP_EOL . "RUN ON:\t\t\t\t" . date('d M Y G:i', time()) . PHP_EOL; | |
// Check the host | |
if (empty($argv[1]) || filter_var(gethostbyname($argv[1]), FILTER_VALIDATE_IP) === false) { | |
die("No valid hostname provided" . PHP_EOL); | |
} | |
//$cmd = 'echo | openssl s_client -connect ' . trim($argv[1]) . ':443 2>/dev/null | openssl x509 -noout -dates'; | |
$cmd = "curl --insecure -v https://" . trim($argv[1]) . " 2>&1 | awk 'BEGIN { cert=0 } /^\* Server certificate:/ { cert=1 } /^\*/ { if (cert) print }' | grep -i expire"; | |
$check = exec($cmd); | |
if (!$check || !stristr($check, "date:") || !stristr($check, "expire")) { | |
die("Could not determine certificate status" . PHP_EOL); | |
} | |
$expiry = explode("date:", $check); | |
if (empty($expiry[1])) { | |
die("Could not find expiry date!" . PHP_EOL); | |
} | |
$expiry = strtotime($expiry[1]); | |
if (empty($expiry)) { | |
die("Could not extract expiry date" . PHP_EOL); | |
} | |
$renewalTime = strtotime("+2 weeks"); | |
if (empty($renewalTime)) { | |
die("Could not determine, expiration limit" . PHP_EOL); | |
} | |
echo "HOST:\t\t\t\t" . $argv[1] . PHP_EOL; | |
echo "Certificate expiring on:\t" . date('d M Y', $expiry) . PHP_EOL; | |
echo "Should renew by:\t\t" . date('d M Y', $renewalTime) . PHP_EOL; | |
echo "====================RENEW=========================" . PHP_EOL; | |
if ($expiry <= $renewalTime) { | |
echo PHP_EOL . "Renewing!" . PHP_EOL; | |
chdir('/root/letsencrypt'); | |
exec('git pull', $gitPull); | |
echo PHP_EOL . "Git Pull Update:" . PHP_EOL; | |
echo implode(PHP_EOL, $gitPull) . PHP_EOL; | |
$iniName = "hosts/live/".explode('.', $argv[1])[0].".ini"; | |
echo PHP_EOL . "Renewing with ini: ${iniName}" . PHP_EOL. PHP_EOL; | |
exec('./letsencrypt-auto certonly -c ' . $iniName, $renewOutput); | |
echo implode(PHP_EOL, $renewOutput) . PHP_EOL; | |
exec('nginx -t > /tmp/nginx-test 2>&1'); | |
$read = file_get_contents('/tmp/nginx-test'); | |
if (stristr($read, 'syntax is ok') && stristr($read, 'test is successful')) { | |
echo "All good, restarting NGINX" . PHP_EOL; | |
exec('service nginx reload'); | |
} | |
} else { | |
echo "Nothing to do here!" . PHP_EOL; | |
} | |
echo "=====================END==========================" . PHP_EOL; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Super simple script which assumes some things.
/root/letsencrypt
/root/letsencrypt/live/<hostname>.ini
eg/root/letsencrypt/live/thatguy.ini
for thatguy.co.zaIf you don't know what this configuration ini should contain, have a look at the documentation http://letsencrypt.readthedocs.io/en/latest/using.html#configuration-file
Direct Usage:
Crontab Usage: