Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Let's encryptから取得した証明書を更新するためのコマンドを証明書が更新可能なタイミングでのみ更新するためのシェルスクリプト。
#!/bin/sh
DRY_RUN=""
LASTCHECK_DIR=/var/run/letsencrypt
LASTCHECK_FILE=${LASTCHECK_DIR}/lastcheck.txt
LOG_DIR=/var/log/letsencrypt
if [ "$1" = "-d" ]; then
DRY_RUN="--dry-run"
fi
if [ ! -d "${LASTCHECK_DIR}" ]; then
mkdir -p "${LASTCHECK_DIR}"
fi
if [ ! -d "${LOG_DIR}" ]; then
mkdir -p "${LOG_DIR}"
fi
if [ ! -f "${LASTCHECK_FILE}" ]; then
echo "0" > ${LASTCHECK_FILE}
fi
LASTCHECK_TIME=`cat ${LASTCHECK_FILE}`
CURRENT_TIME=`date +%s`
ELAPSED_TIME=`expr ${CURRENT_TIME} - ${LASTCHECK_TIME}`
LOG_FILE=${LOG_DIR}/letsencrypt_update_`date +%Y%m%d%H%M`.log
if [ ${ELAPSED_TIME} -le 5184000 ]; then
echo "Not yet due to update (elapsed time: ${ELAPSED_TIME})" >& ${LOG_FILE}
exit 1
fi
certbot renew ${DRY_RUN} --preferred-challenges http-01,dns-01 >& ${LOG_FILE}
if [ $? = 0 ]; then
rm -f ${LASTCHECK_FILE}
date +%s > ${LASTCHECK_FILE}
cd ${LOG_DIR}
find . -type f -a -mtime +100 -a -name letsencrypt_\* -exec rm -f '{}' \;
exit 0
fi
exit 1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.