floreo/LE_ocsp.sh

## LE_ocsp.sh
 #!/usr/bin/env bash

 # Generate OCSP file for every pem
 # http://www.jinnko.org/2015/03/ocsp-stapling-with-haproxy.html
 # Set a cron every few hours or dayli

 ## CONFIGURATION ##

 _LE_ROOT_DIR="/root/LE/"
 _LE_CONF_DIR="${_LE_ROOT_DIR}conf/"
 _LE_PEM_DIR="${_LE_ROOT_DIR}pem/"
 _LE_INTERMEDIATE_PEM="${_LE_CONF_DIR}intermediate.pem"

 # Loop through each pem file
 while read _pem
 do
    openssl ocsp -no_nonce -respout ${_pem}.ocsp -issuer ${_LE_INTERMEDIATE_PEM} -verify_other ${_LE_INTERMEDIATE_PEM} -cert ${_pem} -url http://ocsp.int-x3.letsencrypt.org/1 -header "HOST=ocsp.int-x3.letsencrypt.org"
 done < <( ls ${_LE_PEM_DIR}*.pem )

 haproxy -c -f /etc/haproxy/haproxy.cfg &>/dev/null
 if [ $? -eq 0 ] ; then
     service haproxy reload
 fi

 exit 0
	#!/usr/bin/env bash

	# Generate OCSP file for every pem
	# http://www.jinnko.org/2015/03/ocsp-stapling-with-haproxy.html
	# Set a cron every few hours or dayli

	## CONFIGURATION ##

	_LE_ROOT_DIR="/root/LE/"
	_LE_CONF_DIR="${_LE_ROOT_DIR}conf/"
	_LE_PEM_DIR="${_LE_ROOT_DIR}pem/"
	_LE_INTERMEDIATE_PEM="${_LE_CONF_DIR}intermediate.pem"

	# Loop through each pem file
	while read _pem
	do
	openssl ocsp -no_nonce -respout ${_pem}.ocsp -issuer ${_LE_INTERMEDIATE_PEM} -verify_other ${_LE_INTERMEDIATE_PEM} -cert ${_pem} -url http://ocsp.int-x3.letsencrypt.org/1 -header "HOST=ocsp.int-x3.letsencrypt.org"
	done < <( ls ${_LE_PEM_DIR}*.pem )

	haproxy -c -f /etc/haproxy/haproxy.cfg &>/dev/null
	if [ $? -eq 0 ] ; then
	service haproxy reload
	fi

	exit 0