Created
February 23, 2016 22:06
-
-
Save lyoshenka/2a4c8140f74837667396 to your computer and use it in GitHub Desktop.
Let's Encrypt wrapper. Will create/renew a cert for a single domain, or renew all your certs if they will expire within a given window
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
if [ -z "${1:-}" ]; then | |
echo "usage: $0 [DOMAIN|renewall]" | |
exit 1 | |
fi | |
# ensure running as root | |
if [ "$(id -u)" != "0" ]; then | |
#exec sudo "$0" "$@" | |
echo "Run this with sudo" | |
exit 1 | |
fi | |
EXEC="/home/grin/letsencrypt/letsencrypt-auto -v" | |
CMD="$EXEC certonly --standalone --agree-tos --renew-by-default -d" | |
DAY_SECONDS=86400 | |
DAYS=14 | |
RENEW_WINDOW=$(( DAYS * DAY_SECONDS )) | |
NGINX_STOPPED=0 | |
function stop_nginx() { | |
if [ $NGINX_STOPPED -eq 0 ]; then | |
NGINX_STOPPED=1 | |
service nginx stop | |
fi | |
} | |
function finish { | |
if [ $NGINX_STOPPED -eq 1 ]; then | |
service nginx start | |
fi | |
} | |
trap finish EXIT | |
if [ "$1" == "renewall" ]; then | |
for DIR in /etc/letsencrypt/live/*; do | |
DOMAIN=$(basename "$DIR") | |
if openssl x509 -checkend "$RENEW_WINDOW" -noout -in "$DIR/cert.pem"; then | |
echo "$DOMAIN good" | |
else | |
echo "Renewing $DOMAIN" | |
stop_nginx | |
$CMD "$DOMAIN" | |
fi | |
done | |
else | |
stop_nginx | |
$CMD "$1" | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment