TimKraemer/le-renew-webroot

## le-renew-webroot
#!/bin/bash

web_service='nginx'
config_files=( "/home/tim/le-renew-webroot.ini" "/home/tim/le-renew-webroot-mk.ini" "/home/tim/le-renew-webroot-hackman.ini" "/root/le-renew-webroot.ini" )

le_path='/opt/letsencrypt'
exp_limit=30;

for config_file in "${config_files[@]}"
do

        if [ ! -f $config_file ]; then
                echo "[ERROR] config file does not exist: $config_file"
                continue
        fi

        domain=`grep "^\s*domains" $config_file | sed "s/^\s*domains\s*=\s*//" | sed 's/(\s*)\|,.*$//'`
        certPath=/etc/letsencrypt/live/$(ls -1 /etc/letsencrypt/live | grep $domain | sort -r | head -n 1)
        cert_file=$certPath/fullchain.pem

        if [ ! -f $cert_file ]; then
                echo "[ERROR] certificate file not found for domain $domain."
                continue
        fi

        exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
        datenow=$(date -d "now" +%s)
        days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)

        echo "Checking expiration date for $domain..."

        if [ "$days_exp" -gt "$exp_limit" ] ; then
                echo "The certificate is up to date, no need for renewal ($days_exp days left)."
        else
                echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
                $le_path/letsencrypt-auto certonly -a webroot --text --non-interactive --agree-tos --renew-by-default --config $config_file
                echo "Reloading $web_service"
                /usr/sbin/service $web_service reload

                if [ $config_file == "/root/le-renew-webroot.ini" ]; then
                        echo "Zimbra SSL Import"
                        cd /root/
                        cp -L $certPath/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
                        cat le-zimbra-hack >> $(realpath $certPath/chain.pem)
                        /opt/zimbra/bin/zmcertmgr deploycrt comm $certPath/cert.pem $certPath/chain.pem
                        su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
                fi

                echo "Renewal process finished for domain $domain"
        fi

done
exit 0
	#!/bin/bash

	web_service='nginx'
	config_files=( "/home/tim/le-renew-webroot.ini" "/home/tim/le-renew-webroot-mk.ini" "/home/tim/le-renew-webroot-hackman.ini" "/root/le-renew-webroot.ini" )

	le_path='/opt/letsencrypt'
	exp_limit=30;

	for config_file in "${config_files[@]}"
	do

	if [ ! -f $config_file ]; then
	echo "[ERROR] config file does not exist: $config_file"
	continue
	fi

	domain=`grep "^\sdomains" $config_file \| sed "s/^\sdomains\s=\s//" \| sed 's/(\s)\\|,.$//'`
	certPath=/etc/letsencrypt/live/$(ls -1 /etc/letsencrypt/live \| grep $domain \| sort -r \| head -n 1)
	cert_file=$certPath/fullchain.pem

	if [ ! -f $cert_file ]; then
	echo "[ERROR] certificate file not found for domain $domain."
	continue
	fi

	exp=$(date -d "`openssl x509 -in $cert_file -text -noout\|grep "Not After"\|cut -c 25-`" +%s)
	datenow=$(date -d "now" +%s)
	days_exp=$(echo \( $exp - $datenow \) / 86400 \|bc)

	echo "Checking expiration date for $domain..."

	if [ "$days_exp" -gt "$exp_limit" ] ; then
	echo "The certificate is up to date, no need for renewal ($days_exp days left)."
	else
	echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
	$le_path/letsencrypt-auto certonly -a webroot --text --non-interactive --agree-tos --renew-by-default --config $config_file
	echo "Reloading $web_service"
	/usr/sbin/service $web_service reload

	if [ $config_file == "/root/le-renew-webroot.ini" ]; then
	echo "Zimbra SSL Import"
	cd /root/
	cp -L $certPath/privkey.pem /opt/zimbra/ssl/zimbra/commercial/commercial.key
	cat le-zimbra-hack >> $(realpath $certPath/chain.pem)
	/opt/zimbra/bin/zmcertmgr deploycrt comm $certPath/cert.pem $certPath/chain.pem
	su - zimbra -c "/opt/zimbra/bin/zmcontrol restart"
	fi

	echo "Renewal process finished for domain $domain"
	fi

	done
	exit 0