Skip to content

Instantly share code, notes, and snippets.

@neutronth

neutronth/letsencrypt-auto-renew

Last active February 19, 2017 12:44
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 3 You must be signed in to fork a gist
  • Save neutronth/ead31677c3db6ec128f5 to your computer and use it in GitHub Desktop.
Save neutronth/ead31677c3db6ec128f5 to your computer and use it in GitHub Desktop.
Download ZIP
Let's Encrypt auto renew script
Raw
letsencrypt-auto-renew
#/bin/sh
OPTS=$(getopt -o cehw: --long config:,expire-limit:,help,webservice: -n "$0" -- "$@")
if [ $? != 0 ]; then
echo "Terminating ..." >&2
exit 1
fi
CONFIG=/etc/letsencrypt/cli.ini
WEBSERVICE=nginx
EXPIRE_LIMIT=7
EXPIRE=
DOMAIN=
CERT_FILE=
CERT_LIVE_PATH=/etc/letsencrypt/live
VALID_DAY=0
OPENSSL=$(which openssl)
if [ -z "$OPENSSL" ]; then
echo "OpenSSL is required, please install" >&2
exit 1
fi
print_help () {
echo "Usage: $0 [Options]"
echo "Options:"
echo " -c, --config <config_file> Configuration file"
echo " default: /etc/letsencrypt/cli.ini"
echo " -e, --expire-limit <day> Expire limit in day to perform the renewal"
echo " default: 7"
echo " -w, --webservice <name> Web service name"
echo " default: nginx"
echo " -h, --help Print this help"
exit 0
}
print_settings () {
printf "Start: %s\n" "$(date)"
printf "Settings ...\n" "$(date)"
printf " - Config File : %s\n" "$CONFIG"
printf " - Domain: %s\n" "$DOMAIN"
printf " - Certificate File: %s\n" "$CERT_FILE"
printf " - Certificate Valid For: %d %s\n" $VALID_DAY $(test $VALID_DAY -gt 1 && echo days || echo day)
printf " - Web Service : %s\n" "$WEBSERVICE"
printf " - Expire Limit: %d %s\n" $EXPIRE_LIMIT $(test $EXPIRE_LIMIT -gt 1 && echo days || echo day)
}
parse_config () {
DOMAIN=$(grep "^\s*domains" $CONFIG | sed 's/,/ /g' | sed 's/^\s*domains\s*=\s*\(.*\)$/\1/')
if [ -z "$DOMAIN" ]; then
echo "No domains specified in $CONFIG" >&2
exit 1
fi
get_certfile
get_expire
}
get_certfile () {
for domain in $DOMAIN; do
if [ -f $CERT_LIVE_PATH/$domain/fullchain.pem ]; then
CERT_FILE=$CERT_LIVE_PATH/$domain/fullchain.pem
break
fi
done
if [ -z "$CERT_FILE" ]; then
echo "No valid certificate files for domain $DOMAIN" >&2
exit 1
fi
}
get_expire () {
EXPIRE=$(date -d"$($OPENSSL x509 -in $CERT_FILE -noout -enddate | cut -d= -f2)" +%s)
VALID_DAY=$((($EXPIRE - $(date +%s)) / 86400))
}
start () {
if [ $VALID_DAY -lt $EXPIRE_LIMIT ]; then
renew
else
echo "The certificate for $DOMAIN is up to date"
fi
}
renew () {
/opt/letsencrypt/letsencrypt-auto -c $CONFIG -a webroot --agree-tos --renew-by-default certonly
systemctl reload ${WEBSERVICE}.service
get_expire
echo "The certificate for $DOMAIN is valid for next $VALID_DAY days"
}
eval set -- "$OPTS"
while true; do
case "$1" in
-c | --config)
CONFIG="$2"; shift 2
if [ ! -f "$CONFIG" ]; then
printf "Config file "%s" does not exist ...\n" $CONFIG >&2
exit 1
fi
parse_config
;;
-e | --expire-limit)
EXPIRE_LIMIT=$2; shift 2
;;
-w | --webservice)
WEBSERVICE="$2"; shift 2
;;
-h | --help)
print_help
;;
*)
break
;;
esac
done
test -z "$CONFIG" && print_help || print_settings
start
exit 0
Raw
rahunas.com.ini
domains = rahunas.com, www.rahunas.com
webroot-path = /path/to/www.rahunas.com/
email = netron@rahunas.com
Raw
setup-daily-cron
#!/bin/sh
SCRIPT_NAME=letsencrypt-daily-check
SCRIPT_PATH=/usr/local/sbin/$SCRIPT_NAME
cat << EOF > $SCRIPT_PATH
#!/bin/sh
/usr/local/sbin/letsencrypt-auto-renew --config /etc/letsencrypt/rahunas.com.ini >> /var/log/letsencrypt/rahunas.com.log 2>&1 &
EOF
chmod +x $SCRIPT_PATH
mkdir -p /var/log/letsencrypt
ln -sf $SCRIPT_PATH /etc/cron.daily/$SCRIPT_NAME
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment