Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
set -ueo pipefail
TLS_HOME=${TLS_HOME:-"/etc/letsencrypt"}
NGINX_CERTS=${NGINX_CERTS:-"/home/puck/dotfiles/nginx/certs"}
cert_expires() {
declare cert=$1
! openssl x509 -in "$cert" -noout -checkend 604800
}
renew_domain() {
declare domain=$1
local domain_tls="$TLS_HOME/live/$domain"
local cert="$domain_tls/fullchain.pem"
local key="$domain_tls/privkey.pem"
if [ ! -f "$cert" ] || cert_expires "$cert"; then
letsencrypt certonly --renew-by-default --webroot --webroot-path /data/www -d $domain
fi
cp "$cert" "$NGINX_CERTS/$domain.crt"
cp "$key" "$NGINX_CERTS/$domain.key"
}
main () {
local domains="$@"
if [ $# -eq 0 ]; then
domains=$(ls "$NGINX_CERTS/"*.crt | xargs -n 1 basename --suffix ".crt")
fi
for domain in $domains; do
renew_domain $domain;
done;
}
main "$@"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment