adorobis/renew_certificates.sh

## renew_certificates.sh
#!/bin/bash

LOG_FILE="/root/logfile.txt"
echo "" > ${LOG_FILE}
exec 3>&1 1>>${LOG_FILE} 2>&1

# refresh let's encrypt certificates with godaddy dns challenge

a=$(/root/.acme.sh/acme.sh --issue --dns dns_gd -d subdomain.xxx.yyy --reloadcmd "/root/deploy-freenas/deploy_freenas.py")
echo -e "\nRenewal command finished:" | tee /dev/fd/3
echo $a | tee /dev/fd/3
if [[ $a = *not* ]]; then
	echo "Was not renewed" | tee /dev/fd/3
else
	unset -v latest_key
	unset -v latest_crt

	for file in /etc/certificates/letsencrypt-*.crt; do
	  [[ $file -nt $latest_crt ]] && latest_crt=$file
	done
	echo -e "\nLatest crt file:" | tee /dev/fd/3
	echo $latest_crt | tee /dev/fd/3
	for file in /etc/certificates/letsencrypt-*.key; do
	  [[ $file -nt $latest_key ]] && latest_key=$file
	done
	echo -e "\nLatest key file:" | tee /dev/fd/3
	echo $latest_key | tee /dev/fd/3


	echo -e "\nCertificate files renewed recently" | tee /dev/fd/3
	mkdir /etc/certificates/new
	cp $latest_crt /etc/certificates/new/letsencrypt.crt
	cp $latest_key /etc/certificates/new/letsencrypt.key

	echo -e "\nCopy certificates to plex-plexpass" | tee /dev/fd/3

    # generate pkcs12 file from the certificate files
    openssl pkcs12 -export -in /etc/certificates/new/letsencrypt.crt \
      -inkey /etc/certificates/new/letsencrypt.key \
      -out /mnt/Dane/iocage/jails/plex-plexpass/root/tmp/certificate.pfx -passout 'pass:' | tee /dev/fd/3

    # copy certificates to plexwebtools
    cp /etc/certificates/new/letsencrypt.key \
     /mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.key

    cp /etc/certificates/new/letsencrypt.crt \
     /mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.crt

    # restart plex service
    iocage exec plex-plexpass service plexmediaserver_plexpass restart | tee /dev/fd/3

	echo -e "\nCopy certificates to nc jail" | tee /dev/fd/3
    # copy certificates to nextcloud jail
    cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.key | tee /dev/fd/3
    cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.crt | tee /dev/fd/3

    # restart nextcloud web server
    iocage exec nc service nginx restart | tee /dev/fd/3

    echo -e "\nCopy certificates to router" | tee /dev/fd/3
    #update router certificate
    /root/makerouter.sh | tee /dev/fd/3

	echo -e "\nCopy certificates to NGINX jail" | tee /dev/fd/3
    #copy to NGINX and restart
    cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
    cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
    iocage exec nginx service nginx restart | tee /dev/fd/3


	echo -e "\nCopy certificates to portainer" | tee /dev/fd/3
	#copy to portainer & restart container
    scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/home/docker-data/portainer/certs/key.pem
    scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/home/docker-data/portainer/certs/cert.pem
	ssh -o StrictHostKeyChecking=no -i sshkey.txt root@10.144.1.14 "cd /home/docker-data && docker-compose restart portainer" | tee /dev/fd/3


	echo -e "\nCopy certificates to Debian Webmin and Cockpit services" | tee /dev/fd/3
	scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/etc/cockpit/ws-certs.d/
	scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/etc/cockpit/ws-certs.d/
	ssh -o StrictHostKeyChecking=no -i sshkey.txt root@10.144.1.14 "systemctl restart cockpit.service && systemctl restart webmin.service" | tee /dev/fd/3

    mail -s "Certificate renewal" adorobis@gmail.com  < ${LOG_FILE}
fi
	#!/bin/bash

	LOG_FILE="/root/logfile.txt"
	echo "" > ${LOG_FILE}
	exec 3>&1 1>>${LOG_FILE} 2>&1

	# refresh let's encrypt certificates with godaddy dns challenge

	a=$(/root/.acme.sh/acme.sh --issue --dns dns_gd -d subdomain.xxx.yyy --reloadcmd "/root/deploy-freenas/deploy_freenas.py")
	echo -e "\nRenewal command finished:" \| tee /dev/fd/3
	echo $a \| tee /dev/fd/3
	if [[ $a = not ]]; then
	echo "Was not renewed" \| tee /dev/fd/3
	else
	unset -v latest_key
	unset -v latest_crt

	for file in /etc/certificates/letsencrypt-*.crt; do
	[[ $file -nt $latest_crt ]] && latest_crt=$file
	done
	echo -e "\nLatest crt file:" \| tee /dev/fd/3
	echo $latest_crt \| tee /dev/fd/3
	for file in /etc/certificates/letsencrypt-*.key; do
	[[ $file -nt $latest_key ]] && latest_key=$file
	done
	echo -e "\nLatest key file:" \| tee /dev/fd/3
	echo $latest_key \| tee /dev/fd/3


	echo -e "\nCertificate files renewed recently" \| tee /dev/fd/3
	mkdir /etc/certificates/new
	cp $latest_crt /etc/certificates/new/letsencrypt.crt
	cp $latest_key /etc/certificates/new/letsencrypt.key

	echo -e "\nCopy certificates to plex-plexpass" \| tee /dev/fd/3

	# generate pkcs12 file from the certificate files
	openssl pkcs12 -export -in /etc/certificates/new/letsencrypt.crt \
	-inkey /etc/certificates/new/letsencrypt.key \
	-out /mnt/Dane/iocage/jails/plex-plexpass/root/tmp/certificate.pfx -passout 'pass:' \| tee /dev/fd/3

	# copy certificates to plexwebtools
	cp /etc/certificates/new/letsencrypt.key \
	/mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.key

	cp /etc/certificates/new/letsencrypt.crt \
	/mnt/Dane/iocage/jails/plex-plexpass/root/Plex\ Media\ Server/Plug-ins/WebTools.bundle/Contents/Code/Certificate/WebTools.crt

	# restart plex service
	iocage exec plex-plexpass service plexmediaserver_plexpass restart \| tee /dev/fd/3

	echo -e "\nCopy certificates to nc jail" \| tee /dev/fd/3
	# copy certificates to nextcloud jail
	cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.key \| tee /dev/fd/3
	cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nc/root/etc/ssl/cert.crt \| tee /dev/fd/3

	# restart nextcloud web server
	iocage exec nc service nginx restart \| tee /dev/fd/3

	echo -e "\nCopy certificates to router" \| tee /dev/fd/3
	#update router certificate
	/root/makerouter.sh \| tee /dev/fd/3

	echo -e "\nCopy certificates to NGINX jail" \| tee /dev/fd/3
	#copy to NGINX and restart
	cp /etc/certificates/new/letsencrypt.key /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
	cp /etc/certificates/new/letsencrypt.crt /mnt/Dane/iocage/jails/nginx/root/usr/local/etc/nginx
	iocage exec nginx service nginx restart \| tee /dev/fd/3


	echo -e "\nCopy certificates to portainer" \| tee /dev/fd/3
	#copy to portainer & restart container
	scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/home/docker-data/portainer/certs/key.pem
	scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/home/docker-data/portainer/certs/cert.pem
	ssh -o StrictHostKeyChecking=no -i sshkey.txt root@10.144.1.14 "cd /home/docker-data && docker-compose restart portainer" \| tee /dev/fd/3


	echo -e "\nCopy certificates to Debian Webmin and Cockpit services" \| tee /dev/fd/3
	scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/etc/webmin/
	scp /etc/certificates/new/letsencrypt.key root@10.144.1.14:/etc/cockpit/ws-certs.d/
	scp /etc/certificates/new/letsencrypt.crt root@10.144.1.14:/etc/cockpit/ws-certs.d/
	ssh -o StrictHostKeyChecking=no -i sshkey.txt root@10.144.1.14 "systemctl restart cockpit.service && systemctl restart webmin.service" \| tee /dev/fd/3

	mail -s "Certificate renewal" adorobis@gmail.com < ${LOG_FILE}
	fi