Skip to content

Instantly share code, notes, and snippets.

@lyoshenka
Created February 23, 2016 22:06
Show Gist options
  • Save lyoshenka/2a4c8140f74837667396 to your computer and use it in GitHub Desktop.
Save lyoshenka/2a4c8140f74837667396 to your computer and use it in GitHub Desktop.
Let's Encrypt wrapper. Will create/renew a cert for a single domain, or renew all your certs if they will expire within a given window
#!/bin/bash
if [ -z "${1:-}" ]; then
echo "usage: $0 [DOMAIN|renewall]"
exit 1
fi
# ensure running as root
if [ "$(id -u)" != "0" ]; then
#exec sudo "$0" "$@"
echo "Run this with sudo"
exit 1
fi
EXEC="/home/grin/letsencrypt/letsencrypt-auto -v"
CMD="$EXEC certonly --standalone --agree-tos --renew-by-default -d"
DAY_SECONDS=86400
DAYS=14
RENEW_WINDOW=$(( DAYS * DAY_SECONDS ))
NGINX_STOPPED=0
function stop_nginx() {
if [ $NGINX_STOPPED -eq 0 ]; then
NGINX_STOPPED=1
service nginx stop
fi
}
function finish {
if [ $NGINX_STOPPED -eq 1 ]; then
service nginx start
fi
}
trap finish EXIT
if [ "$1" == "renewall" ]; then
for DIR in /etc/letsencrypt/live/*; do
DOMAIN=$(basename "$DIR")
if openssl x509 -checkend "$RENEW_WINDOW" -noout -in "$DIR/cert.pem"; then
echo "$DOMAIN good"
else
echo "Renewing $DOMAIN"
stop_nginx
$CMD "$DOMAIN"
fi
done
else
stop_nginx
$CMD "$1"
fi
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment