Created
December 21, 2022 19:21
-
-
Save chaddupuis/4fdfc2f9b35d935da1e5d291ad02dffd to your computer and use it in GitHub Desktop.
Lego (acme go client) bash script for renewals (with SAN lists)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Likely in a cron job to handle cert renewals. | |
# The acme go client is here - https://github.com/go-acme/lego | |
lego_bin=/etc/goclient/lego/lego | |
lego_path=/etc/goclient/lego | |
lego_certs="$lego_path/certificates" | |
web_root=/var/www/html | |
our_kid="" | |
our_hmac="" | |
account_email="" | |
key_type=rsa2048 | |
renew_days=30 | |
reload=0 | |
for domain in ` "$lego_bin" --path "$lego_path" list | grep "Certificate Name: " | awk '{print $3}' `; do | |
original=$(date -r "$lego_certs/$domain.crt") | |
#Create list of domain(s) (SAN List If Required) | |
#First domain is the name of the cert - if others they go into the SAN | |
sanlist="--domains $domain " | |
for sanitem in ` "$lego_bin" --path "$lego_path" list |grep -A3 "Certificate Name: $domain"|grep "Domains: " | sed "s/,/ /g" |awk '{for (i=2; i<=NF; i++) print $i}' `; do | |
if [ "$domain" != "$sanitem" ]; then | |
sanlist+="--domains $sanitem " | |
fi | |
done | |
"$lego_bin" \ | |
--server https://acme.sectigo.com/v2/InCommonRSAOV \ | |
--path "$lego_path" \ | |
--email "$account_email" --accept-tos \ | |
$sanlist \ | |
--eab --kid "$our_kid" \ | |
--hmac "$our_hmac" \ | |
--key-type "$key_type" \ | |
--http \ | |
--http.webroot "$web_root" \ | |
--cert.timeout 60 \ | |
renew --days "$renew_days" | |
actual=$(date -r "$lego_certs/$domain.crt") | |
if [ "$original" != "$actual" ]; then | |
reload=1 | |
fi | |
done | |
if [ $reload -eq 1 ]; then | |
echo "reloading httpd" | |
/bin/systemctl reload httpd | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment