acme.sh hook script for AWS ELB

update_elb.sh

#!/bin/bash

set -e

# FOR DEBUG
# print all env var
env

ELB_LISTENER_ARN=arn:......
ACME_PATH=~/.acme.sh
DOMAIN=yourdomain.org

# Upload cert to IAM
NEW_CERT_ARN=$(aws iam upload-server-certificate \
    --server-certificate-name $DOMAIN@`date +%d_%m_%y_%H.%M.%S` \
    --certificate-body file://$ACME_PATH/$DOMAIN/$DOMAIN.cer \
    --private-key file://$ACME_PATH/$DOMAIN/$DOMAIN.key \
    --certificate-chain file://$ACME_PATH/$DOMAIN/ca.cer \
    --output json | jq ".ServerCertificateMetadata.Arn"
)

echo "NEW CERT ARN: $NEW_CERT_ARN"

# Delete OLD cert
OLD_CERT_ARN=$(aws elbv2 describe-listener-certificates --listener-arn $ELB_LISTENER_ARN | jq ".Certificates[].CertificateArn")

echo "WAITING NEW CERT TO ACTIVE"
sleep 20

# Set Listener Cert
aws elbv2 add-listener-certificates \
    --listener-arn $ELB_LISTENER_ARN \
    --certificates CertificateArn=$NEW_CERT_ARN,IsDefault=true

# Sleep for 30 seconds
echo "WAITING 30 SECONDS BEFORE DELETING OLD CERT"
sleep 10

for cert_arn in $OLD_CERT_ARN
do
    echo "DELETE CERTIFICATE $cert_arn"
    aws elbv2 remove-listener-certificates \
        --listener-arn $ELB_LISTENER_ARN \
        --certificates CertificateArn=$cert_arn
done

echo "DONE!!"