Telling/le-renew-webroot

## le-renew-webroot
#!/usr/bin/env bash

# exit on error
set -e

# unset vars
unset configs
unset letsencrypt_path

# Arguments parsing
while getopts ":h c: l: s:" opt; do
    case $opt in
        c)
            configs+=("$OPTARG")
            ;;
        l)
            letsencrypt_path="$OPTARG"
            ;;
        s)
            service="$OPTARG"
            ;;
        h)
            echo "Usage: cmd -l <path to letsencrypt> -s <service> -c <config file> [-c <config file> ...]"
            exit 1
            ;;
        \?)
            echo "Invalid option: -$OPTARG" >&2
            exit 1
            ;;
        :)
            echo "Option -$OPTARG requires an argument." >&2
            exit 1
            ;;
    esac
done

# If no options are passed, we exit.
if [ $OPTIND -eq 1 ]; then
    echo "No arguments, exiting."
    echo "Use -h to see usage information."
    exit 1
fi

# check if letsencrypt_path is set
if [ "$letsencrypt_path" == "" ]; then
    echo "(-l): Lets Encrypt path is a required option."
    exit 1
fi

# check if no configs given
if [ ${#configs[@]} -eq 0 ]; then
    echo "(-c): Config is required at least once."
    exit 1
fi

# check if no service (to reload) given
if [ "$service" == "" ]; then
    echo "(-s): Service (nginx, apache etc.) is a required option."
    exit 1
fi

# check if letsencrypt_path exists
if [ ! -d "$letsencrypt_path" ]; then
    echo "Lets Encrypt path doesn't exists."
    exit 1
fi

for config in "${configs[@]}"; do

    exp_limit=30;

    if [ ! -f "$config" ]; then
            echo "[ERROR] config file does not exist: $config"
            exit 1;
    fi

    domain=$(grep "^\s*domains" "$config" | sed "s/^\s*domains\s*=\s*//" | sed 's/(\s*)\|,.*$//')
    cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"

    if [ ! -f "$cert_file" ]; then
        echo "[ERROR] certificate file not found for domain $domain."
    fi

    exp=$(date -d "$(openssl x509 -in "$cert_file" -text -noout|grep "Not After"|cut -c 25-)" +%s)
    datenow=$(date -d "now" +%s)
    days_exp=$(echo \( "$exp" - "$datenow" \) / 86400 |bc)

    echo "Checking expiration date for $domain..."

    if [ "$days_exp" -gt "$exp_limit" ] ; then
        echo "The certificate is up to date, no need for renewal ($days_exp days left)."
    else
        echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
        "$letsencrypt_path"/letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --config "$config"
        echo "Reloading $service"
        /usr/sbin/service "$service" reload
        echo "Renewal process finished for domain $domain"
    fi

done

## le-renew-webroot.ini
# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Always use the staging/testing server
# server = https://acme-staging.api.letsencrypt.org/directory

# Uncomment and update to register with the specified e-mail address
email = you@example.com

# Uncomment and update to generate certificates for the specified
# domains.
domains = example.com, www.example.com

# Uncomment to use a text interface instead of ncurses
# text = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
webroot-path = /usr/share/nginx/html
	#!/usr/bin/env bash

	# exit on error
	set -e

	# unset vars
	unset configs
	unset letsencrypt_path

	# Arguments parsing
	while getopts ":h c: l: s:" opt; do
	case $opt in
	c)
	configs+=("$OPTARG")
	;;
	l)
	letsencrypt_path="$OPTARG"
	;;
	s)
	service="$OPTARG"
	;;
	h)
	echo "Usage: cmd -l <path to letsencrypt> -s <service> -c <config file> [-c <config file> ...]"
	exit 1
	;;
	\?)
	echo "Invalid option: -$OPTARG" >&2
	exit 1
	;;
	:)
	echo "Option -$OPTARG requires an argument." >&2
	exit 1
	;;
	esac
	done

	# If no options are passed, we exit.
	if [ $OPTIND -eq 1 ]; then
	echo "No arguments, exiting."
	echo "Use -h to see usage information."
	exit 1
	fi

	# check if letsencrypt_path is set
	if [ "$letsencrypt_path" == "" ]; then
	echo "(-l): Lets Encrypt path is a required option."
	exit 1
	fi

	# check if no configs given
	if [ ${#configs[@]} -eq 0 ]; then
	echo "(-c): Config is required at least once."
	exit 1
	fi

	# check if no service (to reload) given
	if [ "$service" == "" ]; then
	echo "(-s): Service (nginx, apache etc.) is a required option."
	exit 1
	fi

	# check if letsencrypt_path exists
	if [ ! -d "$letsencrypt_path" ]; then
	echo "Lets Encrypt path doesn't exists."
	exit 1
	fi

	for config in "${configs[@]}"; do

	exp_limit=30;

	if [ ! -f "$config" ]; then
	echo "[ERROR] config file does not exist: $config"
	exit 1;
	fi

	domain=$(grep "^\sdomains" "$config" \| sed "s/^\sdomains\s=\s//" \| sed 's/(\s)\\|,.$//')
	cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"

	if [ ! -f "$cert_file" ]; then
	echo "[ERROR] certificate file not found for domain $domain."
	fi

	exp=$(date -d "$(openssl x509 -in "$cert_file" -text -noout\|grep "Not After"\|cut -c 25-)" +%s)
	datenow=$(date -d "now" +%s)
	days_exp=$(echo \( "$exp" - "$datenow" \) / 86400 \|bc)

	echo "Checking expiration date for $domain..."

	if [ "$days_exp" -gt "$exp_limit" ] ; then
	echo "The certificate is up to date, no need for renewal ($days_exp days left)."
	else
	echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
	"$letsencrypt_path"/letsencrypt-auto certonly -a webroot --agree-tos --renew-by-default --config "$config"
	echo "Reloading $service"
	/usr/sbin/service "$service" reload
	echo "Renewal process finished for domain $domain"
	fi

	done
	# This is an example of the kind of things you can do in a configuration file.
	# All flags used by the client can be configured here. Run Let's Encrypt with
	# "--help" to learn more about the available options.

	# Use a 4096 bit RSA key instead of 2048
	rsa-key-size = 4096

	# Always use the staging/testing server
	# server = https://acme-staging.api.letsencrypt.org/directory

	# Uncomment and update to register with the specified e-mail address
	email = you@example.com

	# Uncomment and update to generate certificates for the specified
	# domains.
	domains = example.com, www.example.com

	# Uncomment to use a text interface instead of ncurses
	# text = True

	# Uncomment to use the standalone authenticator on port 443
	# authenticator = standalone
	# standalone-supported-challenges = tls-sni-01

	# Uncomment to use the webroot authenticator. Replace webroot-path with the
	# path to the public_html / webroot folder being served by your web server.
	# authenticator = webroot
	webroot-path = /usr/share/nginx/html