mlebkowski/letsencrypt-renew.sh

## letsencrypt-renew.sh
#!/bin/bash

set -ueo pipefail

TLS_HOME=${TLS_HOME:-"/etc/letsencrypt"}
NGINX_CERTS=${NGINX_CERTS:-"/home/puck/dotfiles/nginx/certs"}

cert_expires() {
	declare cert=$1

	! openssl x509 -in "$cert" -noout -checkend 604800
}

renew_domain() {
	declare domain=$1
	local domain_tls="$TLS_HOME/live/$domain"
	local cert="$domain_tls/fullchain.pem"
	local key="$domain_tls/privkey.pem"

	if [ ! -f "$cert" ] || cert_expires "$cert"; then
		letsencrypt certonly --renew-by-default --webroot --webroot-path /data/www -d $domain
	fi

	cp "$cert" "$NGINX_CERTS/$domain.crt"
	cp "$key" "$NGINX_CERTS/$domain.key"

}

main () {

	local domains="$@"

	if [ $# -eq 0 ]; then
		domains=$(ls "$NGINX_CERTS/"*.crt | xargs -n 1 basename --suffix ".crt")
	fi

	for domain in $domains; do
		renew_domain $domain;
	done;
}

main "$@"
	#!/bin/bash

	set -ueo pipefail

	TLS_HOME=${TLS_HOME:-"/etc/letsencrypt"}
	NGINX_CERTS=${NGINX_CERTS:-"/home/puck/dotfiles/nginx/certs"}

	cert_expires() {
	declare cert=$1

	! openssl x509 -in "$cert" -noout -checkend 604800
	}

	renew_domain() {
	declare domain=$1
	local domain_tls="$TLS_HOME/live/$domain"
	local cert="$domain_tls/fullchain.pem"
	local key="$domain_tls/privkey.pem"

	if [ ! -f "$cert" ] \|\| cert_expires "$cert"; then
	letsencrypt certonly --renew-by-default --webroot --webroot-path /data/www -d $domain
	fi

	cp "$cert" "$NGINX_CERTS/$domain.crt"
	cp "$key" "$NGINX_CERTS/$domain.key"

	}

	main () {

	local domains="$@"

	if [ $# -eq 0 ]; then
	domains=$(ls "$NGINX_CERTS/"*.crt \| xargs -n 1 basename --suffix ".crt")
	fi

	for domain in $domains; do
	renew_domain $domain;
	done;
	}

	main "$@"