LetsEncrypt - create or renew certificates on startup and once per day - can be used as nginx docker entrypoint

letsencrypt-create-or-renew.sh

#!/bin/bash

# LetsEncrypt - create or renew certificates on startup and once per day 
# can be used as nginx docker entrypoint, or standalone via cron
#
# Ex:
#  letsencrypt-create-or-renew.sh /usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
#
# If used in Dockerfile, I suggest the following:
#  ENTRYPOINT ["/tini", "--", "/letsencrypt-create-or-renew.sh"]
#  CMD ["/usr/local/nginx/sbin/nginx", "-c", "/etc/nginx/nginx.conf"]
#


# Configuration for your domains

DOMAINS="foo.bar.com \
         baz.bar.com"

MYEMAIL="me@bar.com"

# -----

function RENEW {
  # Check for certs needing renewal
  certbot renew
}

function GENERATE {
  # This can only be done if nginx is noty yet runing
  for domain in ${DOMAINS}
  do
    echo "Checking cert for: $domain"
    if [ ! -e /etc/letsencrypt/live/$domain/fullchain.pem ]; then
      # No existing cert - create it now
      echo "Generating new cert for $domain"
      certbot certonly --standalone --text --non-interactive --agree-tos --email ${MYEMAIL} -d $domain
    fi
  done
}

##
# Check for certificate generation and renewal on startup,
#  then check for renewal once per day after that
# 

GENERATE

# Run the nginx server for 1 day,
# stop it to check for certificate renewal,
# then start it again
while /bin/true; do
  RENEW
  timeout 1d ${@}
  ST=$?
  if [[ ${ST} -ne 0 ]] && [[ ${ST} -ne 124 ]]; then
    exit ${ST}
  fi
done