Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Let's encryptから取得した証明書を更新するためのコマンドを証明書が更新可能なタイミングでのみ更新するためのシェルスクリプト。
#!/bin/sh
#
# See https://pandanote.info/?p=3842 for details.
#
PATH=/usr/bin:/bin:/usr/sbin
DRY_RUN=""
LASTCHECK_DIR=/var/run/letsencrypt
LASTCHECK_FILE=${LASTCHECK_DIR}/lastcheck.txt
LOG_DIR=/var/log/letsencrypt
SERVER_OPT=""
if [ "$1" = "-d" ]; then
DRY_RUN="--dry-run"
shift
fi
if [ -n "$1" ]; then
DOMAIN_LIST=`echo $1 | sed -e "s/,/ /"`
else
echo "Usage: $0 <domain list(comma-separated)>"
fi
if [ ! -d "${LASTCHECK_DIR}" ]; then
mkdir -p "${LASTCHECK_DIR}"
fi
if [ ! -d "${LOG_DIR}" ]; then
mkdir -p "${LOG_DIR}"
fi
if [ ! -f "${LASTCHECK_FILE}" ]; then
echo "0" > ${LASTCHECK_FILE}
fi
if [ -f /etc/nginx/nginx.conf ]; then
SERVER_OPT="--nginx"
fi
LASTCHECK_TIME=`cat ${LASTCHECK_FILE}`
CURRENT_TIME=`date +%s`
ELAPSED_TIME=`expr ${CURRENT_TIME} - ${LASTCHECK_TIME}`
LOG_FILE=${LOG_DIR}/letsencrypt_update_`date +%Y%m%d%H%M`.log
if [ ${ELAPSED_TIME} -le 5184000 ]; then
echo "Not yet due to update (elapsed time: ${ELAPSED_TIME})" >& ${LOG_FILE}
exit 1
fi
for i in ${DOMAIN_LIST}
do
certbot certonly ${DRY_RUN} ${SERVER_OPT} -n -d $i --preferred-challenges http-01,dns-01 &>> ${LOG_FILE}
done
rm -f ${LASTCHECK_FILE}
date +%s > ${LASTCHECK_FILE}
cd ${LOG_DIR}
find . -type f -a -mtime +100 -a -name letsencrypt\* -exec rm -f '{}' \;
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment