Last active
November 14, 2016 03:28
-
-
Save larryprice/512377055d1a165158ed8038124856cf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # Copyright (C) Larry Price 2016 | |
| # GPLv3 | |
| from pexpect import spawnu as spawn, EOF | |
| import subprocess | |
| import sys | |
| import time | |
| def get_days_exp(cert): | |
| d1 = subprocess.Popen(["bash", "-c", "date -d \"`openssl x509 -in " + cert + " -text -noout|grep \"Not After\"|cut -c 25-`\" +%s"], | |
| stdout=subprocess.PIPE) | |
| d1out, d1err = d1.communicate() | |
| d2 = subprocess.Popen(["bash", "-c", "date -d \"now\" +%s"], stdout=subprocess.PIPE) | |
| d2out, d2err = d2.communicate() | |
| return int((int(str(d1out, 'utf-8').strip('\n')) - int(str(d2out, 'utf-8').strip('\n'))) / 86400) | |
| print("Starting manual renewal process.") | |
| cert = "/etc/letsencrypt/live/www.temporarybrewing.com/cert.pem" | |
| exp = get_days_exp(cert) | |
| if exp > 90: | |
| print("Certificate expires in %i days, skipping auto-renew." % exp) | |
| sys.exit(0) | |
| print("Certificate expires in %i days, attempting auto-renew." % exp) | |
| le_path = "fill in" | |
| domain = "fill in" | |
| email = "fill in" | |
| child = spawn("%s certonly --force-renewal --email %s -a manual -d %s --agree-tos --manual-public-ip-logging-ok --dry-run" % (le_path, email, domain)) # run command | |
| child.delaybeforesend = 0 | |
| child.logfile_read = sys.stdout # print child output to stdout for debugging | |
| config_line = None | |
| more_lines = -1 | |
| for line in child: | |
| if line.startswith("http://%s/.well-known/acme-challenge/" % domain): | |
| print("Found new configuration hint line") | |
| more_lines = 2 | |
| elif more_lines is not -1: | |
| more_lines -= 1 | |
| if more_lines == 0: | |
| print("Found new configuration line") | |
| config_line = line | |
| break | |
| print("Manually updating route...") | |
| route_filename = "fill in" | |
| import fileinput | |
| import re | |
| for line in fileinput.FileInput(route_filename, inplace=True): | |
| if '/.well-known/acme-challenge/' in line: | |
| sys.stdout.write(re.sub('\'/\.well-known/acme-challenge/.+\'', '\'/.well-known/acme-challenge/%s\'' % config_line.split('.')[0], line)) | |
| else: | |
| sys.stdout.write(line) | |
| print("Pushing new version to remote exited with '%s'" % "TODO") | |
| time.sleep(1) | |
| child.expect("Press ENTER to continue") # read the first prompt | |
| child.sendline('\n') | |
| child.wait() | |
| print("Ending manual renewal process.") | |
| sys.exit(0) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment