renew-letsencrypt.sh

#!/bin/bash
if [ ! -d /etc/letsencrypt/live ]; then
	echo "No letsencrypt directory found"
	exit 1
fi

function issueCert {
	/root/.local/share/letsencrypt/bin/letsencrypt certonly $1
	return $?
}

minimumTimeLeft=$((30*24*60*60)) # 30 days
shouldReload=0

while IFS= read -r -d '' cert; do
	if ! openssl x509 -noout -checkend "${minimumTimeLeft}" -in "${cert}"; then
		subject="$(openssl x509 -noout -subject -in "${cert}" | grep -o -E 'CN=[^ ,]+' | tr -d 'CN=')"
		subjectaltnames="$(openssl x509 -noout -text -in "${cert}" | sed -n '/X509v3 Subject Alternative Name/{n;p}' | sed 's/\s//g' | tr -d 'DNS:' | sed 's/,/ /g')"
		domains="-d ${subject}"
		for name in ${subjectaltnames}; do
			if [ "${name}" != "${subject}" ]; then
				domains="${domains} -d ${name}"
			fi
		done
		if issueCert "${domains}"; then
			echo "Renewed certificate for ${subject}"
			shouldReload=1
		else
			echo "Failed to renew certificate for ${subject}"
		fi
	fi
done < <(find /etc/letsencrypt/live -name cert.pem -print0)

if [ $shouldReload -eq 1 ]; then
	systemctl reload nginx
	echo "Reloaded nginx"
fi